Play interactive tour

Edit tour

Analysis Report NEW_INVOICE.exe

Overview

General Information

Joe Sandbox Version:	28.0.0 Lapis Lazuli
Analysis ID:	1048170
Start date:	24.01.2020
Start time:	13:24:47
Joe Sandbox Product:	Cloud
Overall analysis duration:	0h 12m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	NEW_INVOICE.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 7 (Office 2010 SP2, Java 1.8.0_40 1.8.0_191, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43)
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@14/10@2/1
EGA Information:	Successful, ratio: 50%
HDC Information:	Failed
HCA Information:	Successful, ratio: 95% Number of executed functions: 453 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe Adjusted system time to: 20/1/2020
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe, mscorsvw.exe Excluded IPs from analysis (whitelisted): 192.35.177.64, 8.253.207.121, 8.248.123.254, 67.26.139.254, 8.248.141.254, 8.253.204.121, 13.107.4.50, 8.238.21.254, 67.26.111.254, 67.26.109.254, 8.238.20.254, 8.238.23.254 Excluded domains from analysis (whitelisted): au.au-msedge.net, audownload.windowsupdate.nsatc.net, apps.digsigtrust.com, ctldl.windowsupdate.com, c-0001.c-msedge.net, au.c-0001.c-msedge.net, auto.au.download.windowsupdate.com.c.footprint.net, apps.identrust.com Execution Graph export aborted for target SjKMY.exe, PID 2900 because it is empty Execution Graph export aborted for target SjKMY.exe, PID 3300 because it is empty Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found.

Detection

Strategy	Score	Range	Reporting	Whitelisted	Threat	Detection
Threshold	100	0 - 100	Report FP / FN	false	AgentTesla

Confidence

Strategy	Score	Range	Further Analysis Required?	Confidence
Threshold	5	0 - 5	false

Classification

Analysis Advice

Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation221	Registry Run Keys / Startup Folder1	Access Token Manipulation1	Software Packing3	Credential Dumping2	Account Discovery1	Remote File Copy1	Data from Local System2	Data Encrypted1	Commonly Used Port1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Replication Through Removable Media	Command-Line Interface3	Hidden Files and Directories1	Process Injection212	Disabling Security Tools1	Input Capture11	Security Software Discovery231	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Remote File Copy1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
External Remote Services	Scheduled Task1	Scheduled Task1	Scheduled Task1	Obfuscated Files or Information2	Credentials in Registry1	File and Directory Discovery2	Windows Remote Management	Input Capture11	Automated Exfiltration	Standard Cryptographic Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Drive-by Compromise	Scheduled Task	System Firmware	DLL Search Order Hijacking	Masquerading1	Credentials in Files	System Information Discovery114	Logon Scripts	Clipboard Data1	Data Encrypted	Standard Non-Application Layer Protocol1	SIM Card Swap		Premium SMS Toll Fraud
Exploit Public-Facing Application	Command-Line Interface	Shortcut Modification	File System Permissions Weakness	Hidden Files and Directories1	Account Manipulation	Query Registry1	Shared Webroot	Data Staged	Scheduled Transfer	Standard Application Layer Protocol1	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Spearphishing Link	Graphical User Interface	Modify Existing Service	New Service	Virtualization/Sandbox Evasion14	Brute Force	Virtualization/Sandbox Evasion14	Third-party Software	Screen Capture	Data Transfer Size Limits	Commonly Used Port	Jamming or Denial of Service		Abuse Accessibility Features
Spearphishing Attachment	Scripting	Path Interception	Scheduled Task	Access Token Manipulation1	Two-Factor Authentication Interception	Process Discovery2	Pass the Hash	Email Collection	Exfiltration Over Command and Control Channel	Uncommonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Spearphishing via Service	Third-party Software	Logon Scripts	Process Injection	Process Injection212	Bash History	System Owner/User Discovery1	Remote Desktop Protocol	Clipboard Data	Exfiltration Over Alternative Protocol	Standard Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Supply Chain Compromise	Rundll32	DLL Search Order Hijacking	Service Registry Permissions Weakness	Process Injection	Input Prompt	Remote System Discovery1	Windows Admin Shares	Automated Collection	Exfiltration Over Physical Medium	Multilayer Encryption	Rogue Cellular Base Station		Data Destruction

Signature Overview

Click to jump to signature section

AV Detection:

Antivirus detection for dropped file

Show sources

Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Avira: detection malicious, Label: TR/Dropper.MSIL.ugaix
Source: C:\Users\user\AppData\Roaming\lNzSaUcIhlGHF.exe	Avira: detection malicious, Label: TR/Dropper.MSIL.ugaix

Antivirus detection for sample

Show sources

Source: NEW_INVOICE.exe

Avira: detection malicious, Label: TR/Dropper.MSIL.ugaix

Found malware configuration

Show sources

Source: SjKMY.exe.2900.13.memstr

Malware Configuration Extractor: Agenttesla {"To: ": "rameshwar.raut@eminentleague.com", "ByHost:": "mail.eminentleague.com:587", "From: ": "rameshwar.raut@eminentleague.com"}

Multi AV Scanner detection for submitted file

Show sources

Source: NEW_INVOICE.exe

Virustotal: Detection: 73%

Perma Link

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\lNzSaUcIhlGHF.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Show sources

Source: NEW_INVOICE.exe

Joe Sandbox ML: detected

Antivirus or Machine Learning detection for unpacked file

Show sources

Source: 13.2.SjKMY.exe.270000.0.unpack	Avira: Label: TR/Dropper.MSIL.ugaix
Source: 7.0.NEW_INVOICE.exe.1230000.0.unpack	Avira: Label: TR/Dropper.MSIL.ugaix
Source: 8.0.SjKMY.exe.270000.0.unpack	Avira: Label: TR/Dropper.MSIL.ugaix
Source: 13.0.SjKMY.exe.270000.0.unpack	Avira: Label: TR/Dropper.MSIL.ugaix
Source: 13.2.SjKMY.exe.400000.2.unpack	Avira: Label: TR/Dropper.Gen
Source: 1.0.NEW_INVOICE.exe.1230000.0.unpack	Avira: Label: TR/Dropper.MSIL.ugaix
Source: 7.2.NEW_INVOICE.exe.1230000.6.unpack	Avira: Label: TR/Dropper.MSIL.ugaix
Source: 7.2.NEW_INVOICE.exe.400000.0.unpack	Avira: Label: TR/Dropper.Gen

Spreading:

Enumerates the file system

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Networking:

Internet Provider seen in connection with other malware

Show sources

Source: Joe Sandbox View

ASN Name: unknown unknown

Contains functionality to download additional files from the internet

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

Code function: 7_2_0027A09A recv,

7_2_0027A09A

Found strings which match to known social media urls

Show sources

Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp

String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Performs DNS lookups

Show sources

Source: unknown

DNS traffic detected: queries for: mail.eminentleague.com

Urls found in memory or binary data

Show sources

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A.7.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: NEW_INVOICE.exe, 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: NEW_INVOICE.exe, 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://cert.int-x3.letsencrypt.org/0
Source: NEW_INVOICE.exe, 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://cps.letsencrypt.org0
Source: NEW_INVOICE.exe, 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: NEW_INVOICE.exe, 00000007.00000002.595738085.04D40000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.602446126.04CD0000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: NEW_INVOICE.exe, 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: SjKMY.exe, 0000000D.00000002.602446126.04CD0000.00000004.00000001.sdmp	String found in binary or memory: http://crl.useZ
Source: NEW_INVOICE.exe, 00000007.00000002.592342373.002C9000.00000004.00000020.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: NEW_INVOICE.exe, 00000007.00000002.592342373.002C9000.00000004.00000020.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: NEW_INVOICE.exe, 00000007.00000002.595764095.04D6A000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab8
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabv
Source: NEW_INVOICE.exe, 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://isrg.trustid.ocsp.identrust.com0;
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.comodoca.com0%
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.comodoca.com0-
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.comodoca.com0/
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.comodoca.com05
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.entrust.net0D
Source: SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.int-x3.letsencrypt.orT
Source: NEW_INVOICE.exe, 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.int-x3.letsencrypt.org0/
Source: NEW_INVOICE.exe	String found in binary or memory: http://pi.hole/admin/
Source: NEW_INVOICE.exe	String found in binary or memory: http://pi.hole/admin/5ManHole
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: SjKMY.exe, 0000000D.00000002.602446126.04CD0000.00000004.00000001.sdmp	String found in binary or memory: http://www.usertrust.
Source: SjKMY.exe, SjKMY.exe, 0000000D.00000000.468616532.00272000.00000020.00020000.sdmp, NEW_INVOICE.exe	String found in binary or memory: https://paypal.me/justinboughton
Source: NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	String found in binary or memory: https://secure.comodo.com/CPS0
Source: SjKMY.exe, 0000000D.00000002.600936606.01B80000.00000004.00000001.sdmp	String found in binary or memory: https://v6745Ki5eOlpwSJ6UFt.org
Source: SjKMY.exe, 0000000D.00000002.600936606.01B80000.00000004.00000001.sdmp	String found in binary or memory: https://v6745Ki5eOlpwSJ6UFt.orgH
Source: SjKMY.exe, NEW_INVOICE.exe	String found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Installs a global keyboard hook

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\NEW_INVOICE.exe

Jump to behavior

Creates a window with clipboard capturing capabilities

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

E-Banking Fraud:

Drops certificate files (DER)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Jump to dropped file

System Summary:

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample

Static PE information: Filename: NEW_INVOICE.exe

Contains functionality to call native functions

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00ED0472 NtQuerySystemInformation,		7_2_00ED0472
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00ED0441 NtQuerySystemInformation,		7_2_00ED0441

Detected potential crypto function

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_0078335F	1_2_0078335F
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_00780A50	1_2_00780A50
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_007853F8	1_2_007853F8
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_007878D0	1_2_007878D0
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_007849D0	1_2_007849D0
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_00780A3F	1_2_00780A3F
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_007878C1	1_2_007878C1
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00383C7D	7_2_00383C7D
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF18E8	7_2_00EF18E8
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFB8F0	7_2_00EFB8F0
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF6878	7_2_00EF6878
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFBC40	7_2_00EFBC40
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2834	7_2_00EF2834
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFE1D8	7_2_00EFE1D8
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF8920	7_2_00EF8920
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFC930	7_2_00EFC930
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3AF0	7_2_00EF3AF0
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF02F0	7_2_00EF02F0
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF96B8	7_2_00EF96B8
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFA680	7_2_00EFA680
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFC270	7_2_00EFC270
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF9F80	7_2_00EF9F80
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF5365	7_2_00EF5365
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFB8E0	7_2_00EFB8E0
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF88F2	7_2_00EF88F2
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF28DC	7_2_00EF28DC
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF58D2	7_2_00EF58D2
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2CA5	7_2_00EF2CA5
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF28A3	7_2_00EF28A3
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF34BB	7_2_00EF34BB
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF8088	7_2_00EF8088
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3494	7_2_00EF3494
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2C7E	7_2_00EF2C7E
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF345B	7_2_00EF345B
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2858	7_2_00EF2858
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF5455	7_2_00EF5455
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3029	7_2_00EF3029
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2C3C	7_2_00EF2C3C
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFBC31	7_2_00EFBC31
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF1000	7_2_00EF1000
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3416	7_2_00EF3416
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2C15	7_2_00EF2C15
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF29ED	7_2_00EF29ED
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF35E7	7_2_00EF35E7
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2DFE	7_2_00EF2DFE
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF31DF	7_2_00EF31DF
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFB1BF	7_2_00EFB1BF
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2DB3	7_2_00EF2DB3
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2D89	7_2_00EF2D89
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF359C	7_2_00EF359C
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3194	7_2_00EF3194
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2990	7_2_00EF2990
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF316D	7_2_00EF316D
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF7D64	7_2_00EF7D64
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2D62	7_2_00EF2D62
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3575	7_2_00EF3575
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFB140	7_2_00EFB140
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2957	7_2_00EF2957
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF312E	7_2_00EF312E
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2D29	7_2_00EF2D29
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF353C	7_2_00EF353C
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2903	7_2_00EF2903
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2D02	7_2_00EF2D02
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF32EA	7_2_00EF32EA
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2EE2	7_2_00EF2EE2
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2AFB	7_2_00EF2AFB
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF56F8	7_2_00EF56F8
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF36DD	7_2_00EF36DD
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2AD4	7_2_00EF2AD4
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF96A9	7_2_00EF96A9
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF328D	7_2_00EF328D
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2A89	7_2_00EF2A89
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFAE86	7_2_00EFAE86
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3680	7_2_00EF3680
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3266	7_2_00EF3266
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFA671	7_2_00EFA671
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2E4F	7_2_00EF2E4F
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2A4A	7_2_00EF2A4A
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2E25	7_2_00EF2E25
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF323F	7_2_00EF323F
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3635	7_2_00EF3635
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF360E	7_2_00EF360E
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3206	7_2_00EF3206
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2BEE	7_2_00EF2BEE
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF73EC	7_2_00EF73EC
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2FF0	7_2_00EF2FF0
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF33CB	7_2_00EF33CB
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2FC3	7_2_00EF2FC3
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFABD5	7_2_00EFABD5
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF37BB	7_2_00EF37BB
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3798	7_2_00EF3798
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF8360	7_2_00EF8360
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2B49	7_2_00EF2B49
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF335C	7_2_00EF335C
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3755	7_2_00EF3755
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2F54	7_2_00EF2F54
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF9F51	7_2_00EF9F51
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF372E	7_2_00EF372E
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2B22	7_2_00EF2B22
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3707	7_2_00EF3707
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF2F1B	7_2_00EF2F1B
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF3311	7_2_00EF3311
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF0B10	7_2_00EF0B10
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F004E8	7_2_00F004E8
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F03EB0	7_2_00F03EB0
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F01A0A	7_2_00F01A0A
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F004D9	7_2_00F004D9
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F024BF	7_2_00F024BF
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F006FA	7_2_00F006FA
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F01A0A	7_2_00F01A0A
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F01ED2	7_2_00F01ED2
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F006A6	7_2_00F006A6
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F00652	7_2_00F00652
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F007A2	7_2_00F007A2
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F03388	7_2_00F03388
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F03F68	7_2_00F03F68
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F0074E	7_2_00F0074E
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F2E158	7_2_00F2E158
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F2F588	7_2_00F2F588
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F2EBF4	7_2_00F2EBF4
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F2F578	7_2_00F2F578
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00F2EC66	7_2_00F2EC66
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_0109037A	7_2_0109037A
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_01090070	7_2_01090070
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_01091788	7_2_01091788
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_01090011	7_2_01090011
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_01090D90	7_2_01090D90
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_01091761	7_2_01091761
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 8_2_00713360	8_2_00713360
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 8_2_00710A50	8_2_00710A50
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 8_2_00717540	8_2_00717540
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 8_2_007153F8	8_2_007153F8
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 8_2_007149D0	8_2_007149D0
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 8_2_00717530	8_2_00717530
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 8_2_00710A3F	8_2_00710A3F
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_00233C7D	13_2_00233C7D
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AC930	13_2_015AC930
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A8920	13_2_015A8920
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AE1D8	13_2_015AE1D8
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A25B8	13_2_015A25B8
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015ABC40	13_2_015ABC40
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A6878	13_2_015A6878
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AB8F0	13_2_015AB8F0
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A18E8	13_2_015A18E8
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A536C	13_2_015A536C
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A27E8	13_2_015A27E8
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A9F80	13_2_015A9F80
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AC270	13_2_015AC270
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3AF0	13_2_015A3AF0
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A02F0	13_2_015A02F0
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AA680	13_2_015AA680
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A96B8	13_2_015A96B8
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2957	13_2_015A2957
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AB140	13_2_015AB140
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3575	13_2_015A3575
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A316D	13_2_015A316D
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2D62	13_2_015A2D62
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A7D64	13_2_015A7D64
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A8910	13_2_015A8910
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2D02	13_2_015A2D02
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2903	13_2_015A2903
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A353C	13_2_015A353C
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2D29	13_2_015A2D29
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A312E	13_2_015A312E
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AC920	13_2_015AC920
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A31DF	13_2_015A31DF
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AE1C8	13_2_015AE1C8
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2DFE	13_2_015A2DFE
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A29ED	13_2_015A29ED
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A35E7	13_2_015A35E7
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A359C	13_2_015A359C
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2990	13_2_015A2990
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3194	13_2_015A3194
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2D89	13_2_015A2D89
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AB1BF	13_2_015AB1BF
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2DB3	13_2_015A2DB3
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A345B	13_2_015A345B
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2858	13_2_015A2858
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A5455	13_2_015A5455
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2C7E	13_2_015A2C7E
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AE810	13_2_015AE810
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3416	13_2_015A3416
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2C15	13_2_015A2C15
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2C3C	13_2_015A2C3C
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015ABC31	13_2_015ABC31
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2834	13_2_015A2834
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3029	13_2_015A3029
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A4421	13_2_015A4421
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A28DC	13_2_015A28DC
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A58D2	13_2_015A58D2
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A5CF0	13_2_015A5CF0
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A5CE0	13_2_015A5CE0
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AB8E0	13_2_015AB8E0
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3494	13_2_015A3494
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A8088	13_2_015A8088
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A34BB	13_2_015A34BB
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A28A3	13_2_015A28A3
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2CA5	13_2_015A2CA5
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A335C	13_2_015A335C
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A9F51	13_2_015A9F51
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A6356	13_2_015A6356
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2F54	13_2_015A2F54
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3755	13_2_015A3755
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2B49	13_2_015A2B49
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A8360	13_2_015A8360
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2F1B	13_2_015A2F1B
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A0B10	13_2_015A0B10
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3311	13_2_015A3311
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3707	13_2_015A3707
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A372E	13_2_015A372E
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2B22	13_2_015A2B22
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AABD5	13_2_015AABD5
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A33CB	13_2_015A33CB
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2FC3	13_2_015A2FC3
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2FF0	13_2_015A2FF0
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2BEE	13_2_015A2BEE
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A73EC	13_2_015A73EC
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3798	13_2_015A3798
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A37BB	13_2_015A37BB
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2A4A	13_2_015A2A4A
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015ADA48	13_2_015ADA48
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2E4F	13_2_015A2E4F
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AA671	13_2_015AA671
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3266	13_2_015A3266
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A360E	13_2_015A360E
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3206	13_2_015A3206
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A323F	13_2_015A323F
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3635	13_2_015A3635
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2E25	13_2_015A2E25
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A36DD	13_2_015A36DD
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2AD4	13_2_015A2AD4
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2AFB	13_2_015A2AFB
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A56F8	13_2_015A56F8
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A32EA	13_2_015A32EA
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2EE2	13_2_015A2EE2
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A2A89	13_2_015A2A89
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A328D	13_2_015A328D
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A3680	13_2_015A3680
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015AAE86	13_2_015AAE86
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015A96A9	13_2_015A96A9
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C04E8	13_2_015C04E8
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C1A0A	13_2_015C1A0A
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C3EB0	13_2_015C3EB0
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C04D9	13_2_015C04D9
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C24BF	13_2_015C24BF
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C074E	13_2_015C074E
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C3F68	13_2_015C3F68
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C3388	13_2_015C3388
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C07A2	13_2_015C07A2
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C0652	13_2_015C0652
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C1ED2	13_2_015C1ED2
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C1A0A	13_2_015C1A0A
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C06FA	13_2_015C06FA
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_015C06A6	13_2_015C06A6
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_01780379	13_2_01780379
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_01780070	13_2_01780070
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_01781230	13_2_01781230
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_01780D60	13_2_01780D60
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_01780D50	13_2_01780D50
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_01780012	13_2_01780012
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_01781240	13_2_01781240
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_017AE158	13_2_017AE158
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_017AF588	13_2_017AF588
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_017AF578	13_2_017AF578
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_017AEBF4	13_2_017AEBF4
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Code function: 13_2_017AEC66	13_2_017AEC66

Sample file is different than original file name gathered from version info

Show sources

Source: NEW_INVOICE.exe, 00000001.00000002.320768514.012BA000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameManHole.exe0 vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000001.00000002.320571277.01220000.00000008.00000001.sdmp	Binary or memory string: originalfilename vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000001.00000002.320571277.01220000.00000008.00000001.sdmp	Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000001.00000002.321842021.03F40000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameCyaX.dll0 vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000001.00000002.318507957.007D0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSoftware Updates.dllB vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000001.00000002.320873231.01F1B000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameetyhsYVkzJvsTBHqhWuvbBmDtVNgNDqwJlorOeh.exe4 vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000001.00000002.318657678.00890000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemscorrc.dllT vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000001.00000002.317791403.00313000.00000004.00000020.sdmp	Binary or memory string: OriginalFilenamemscorwks.dllT vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000001.00000002.320481184.01150000.00000008.00000001.sdmp	Binary or memory string: OriginalFilenameSETUPAPI.DLL.MUIj% vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000001.00000002.320508341.011A0000.00000002.00000001.sdmp	Binary or memory string: System.OriginalFileName vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000007.00000002.594558286.012BA000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameManHole.exe0 vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000007.00000002.595383481.03EC0000.00000008.00000001.sdmp	Binary or memory string: OriginalFilenamewinhttp.dll.muij% vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000007.00000002.594263316.01050000.00000008.00000001.sdmp	Binary or memory string: OriginalFilenamewshom.ocx.mui vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000007.00000002.594317226.010A0000.00000008.00000001.sdmp	Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000007.00000002.592179329.002A3000.00000004.00000020.sdmp	Binary or memory string: OriginalFilenamemscorwks.dllT vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000007.00000002.592342373.002C9000.00000004.00000020.sdmp	Binary or memory string: OriginalFilename#\?n vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000007.00000002.594342998.011B0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemscorrc.dllT vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000007.00000002.592774692.0044A000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenameetyhsYVkzJvsTBHqhWuvbBmDtVNgNDqwJlorOeh.exe4 vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000007.00000002.594175188.00F10000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamewshom.ocx vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000007.00000002.595455160.04180000.00000008.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbasej% vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe, 00000007.00000002.593072146.007E0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamewbemdisp.tlbj% vs NEW_INVOICE.exe
Source: NEW_INVOICE.exe	Binary or memory string: OriginalFilenameManHole.exe0 vs NEW_INVOICE.exe

Yara signature match

Show sources

Source: 00000001.00000002.321842021.03F40000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ConventionEngine_Term_Desktop sample_md5 = 71cdba3859ca8bd03c1e996a790c04f9, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 00000001.00000002.321842021.03F40000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ConventionEngine_Term_Users sample_md5 = 09e4e6fa85b802c46bc121fcaecc5666, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 00000008.00000002.474216706.03ED0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ConventionEngine_Term_Desktop sample_md5 = 71cdba3859ca8bd03c1e996a790c04f9, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 00000008.00000002.474216706.03ED0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: ConventionEngine_Term_Users sample_md5 = 09e4e6fa85b802c46bc121fcaecc5666, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 8.2.SjKMY.exe.3ed0000.6.raw.unpack, type: UNPACKEDPE	Matched rule: ConventionEngine_Term_Desktop sample_md5 = 71cdba3859ca8bd03c1e996a790c04f9, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 8.2.SjKMY.exe.3ed0000.6.raw.unpack, type: UNPACKEDPE	Matched rule: ConventionEngine_Term_Users sample_md5 = 09e4e6fa85b802c46bc121fcaecc5666, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 8.2.SjKMY.exe.3ed0000.6.unpack, type: UNPACKEDPE	Matched rule: ConventionEngine_Term_Desktop sample_md5 = 71cdba3859ca8bd03c1e996a790c04f9, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 8.2.SjKMY.exe.3ed0000.6.unpack, type: UNPACKEDPE	Matched rule: ConventionEngine_Term_Users sample_md5 = 09e4e6fa85b802c46bc121fcaecc5666, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 1.2.NEW_INVOICE.exe.3f40000.6.raw.unpack, type: UNPACKEDPE	Matched rule: ConventionEngine_Term_Desktop sample_md5 = 71cdba3859ca8bd03c1e996a790c04f9, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 1.2.NEW_INVOICE.exe.3f40000.6.raw.unpack, type: UNPACKEDPE	Matched rule: ConventionEngine_Term_Users sample_md5 = 09e4e6fa85b802c46bc121fcaecc5666, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 1.2.NEW_INVOICE.exe.3f40000.6.unpack, type: UNPACKEDPE	Matched rule: ConventionEngine_Term_Desktop sample_md5 = 71cdba3859ca8bd03c1e996a790c04f9, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 1.2.NEW_INVOICE.exe.3f40000.6.unpack, type: UNPACKEDPE	Matched rule: ConventionEngine_Term_Users sample_md5 = 09e4e6fa85b802c46bc121fcaecc5666, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 8.2.SjKMY.exe.3e80000.5.unpack, type: UNPACKEDPE	Matched rule: ConventionEngine_Term_Desktop sample_md5 = 71cdba3859ca8bd03c1e996a790c04f9, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html
Source: 8.2.SjKMY.exe.3e80000.5.unpack, type: UNPACKEDPE	Matched rule: ConventionEngine_Term_Users sample_md5 = 09e4e6fa85b802c46bc121fcaecc5666, author = @stvemillertime, description = Searching for PE files with PDB path keywords, terms or anomalies., ref_blog = https://www.fireeye.com/blog/threat-research/2019/08/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware.html

PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)

Show sources

Source: NEW_INVOICE.exe	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: lNzSaUcIhlGHF.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: SjKMY.exe.7.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Classification label

Show sources

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@14/10@2/1

Contains functionality to adjust token privileges (e.g. debug / backup)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00ED02F6 AdjustTokenPrivileges,		7_2_00ED02F6
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00ED02BF AdjustTokenPrivileges,		7_2_00ED02BF

Creates files inside the user directory

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

File created: C:\Users\user\AppData\Roaming\lNzSaUcIhlGHF.exe

Jump to behavior

Creates mutexes

Show sources

Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe

Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Creates temporary files

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

File created: C:\Users\user\AppData\Local\Temp\tmpB1D8.tmp

Jump to behavior

Found command line output

Show sources

Source: C:\Windows\System32\schtasks.exe	Console Write: ........a.{u..0.........,...X...Qv..........................`.....#.......%.....<...............P...........W.......G..u	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Console Write: ........a.{u..0.....E.R.R.O.R.:. .............................zu..............zu......,...w.@...G..u..................-.	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Console Write: ........a.{u..0.............$.....................................$...................-.......6.t.......j...j..u..G.....	Jump to behavior

PE file has an executable .text section and no other executable section

Show sources

Source: NEW_INVOICE.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Parts of this applications are using the .NET runtime (Probably coded in C#)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Queries process information (via WMI, Win32_Process)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	WMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	WMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	WMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	WMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor

Reads ini files

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Reads software policies

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Reads the hosts file

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Sample is known by Antivirus

Show sources

Source: NEW_INVOICE.exe

Virustotal: Detection: 73%

Sample might require command line arguments

Show sources

Source: NEW_INVOICE.exe	String found in binary or memory: Get your Auth key from /etc/pihole/setupVars.conf on your Pi. You want the WEBPASSWORD hash displayed in that file. You will be unable to start/stop your Pi-Hole without this. This information is only stored locally, and if you change your password, you will n
Source: NEW_INVOICE.exe	String found in binary or memory: Get your Auth key from /etc/pihole/setupVars.conf on your Pi. You want the WEBPASSWORD hash displayed in that file. You will be unable to start/stop your Pi-Hole without this. This information is only stored locally, and if you change your password, you will n
Source: NEW_INVOICE.exe	String found in binary or memory: Get your Auth key from /etc/pihole/setupVars.conf on your Pi. You want the WEBPASSWORD hash displayed in that file. You will be unable to start/stop your Pi-Hole without this. This information is only stored locally, and if you change your password, you will n
Source: NEW_INVOICE.exe	String found in binary or memory: Get your Auth key from /etc/pihole/setupVars.conf on your Pi. You want the WEBPASSWORD hash displayed in that file. You will be unable to start/stop your Pi-Hole without this. This information is only stored locally, and if you change your password, you will n
Source: SjKMY.exe	String found in binary or memory: Get your Auth key from /etc/pihole/setupVars.conf on your Pi. You want the WEBPASSWORD hash displayed in that file. You will be unable to start/stop your Pi-Hole without this. This information is only stored locally, and if you change your password, you will n
Source: SjKMY.exe	String found in binary or memory: Get your Auth key from /etc/pihole/setupVars.conf on your Pi. You want the WEBPASSWORD hash displayed in that file. You will be unable to start/stop your Pi-Hole without this. This information is only stored locally, and if you change your password, you will n
Source: SjKMY.exe	String found in binary or memory: Get your Auth key from /etc/pihole/setupVars.conf on your Pi. You want the WEBPASSWORD hash displayed in that file. You will be unable to start/stop your Pi-Hole without this. This information is only stored locally, and if you change your password, you will n
Source: SjKMY.exe	String found in binary or memory: Get your Auth key from /etc/pihole/setupVars.conf on your Pi. You want the WEBPASSWORD hash displayed in that file. You will be unable to start/stop your Pi-Hole without this. This information is only stored locally, and if you change your password, you will n
Source: NEW_INVOICE.exe	String found in binary or memory: Get your Auth key from /etc/pihole/setupVars.conf on your Pi. You want the WEBPASSWORD hash displayed in that file. You will be unable to start/stop your Pi-Hole without this. This information is only stored locally, and if you change your password, you will need to update this setting.
Source: NEW_INVOICE.exe	String found in binary or memory: Get your Auth key from /etc/pihole/setupVars.conf on your Pi. You want the WEBPASSWORD hash displayed in that file. You will be unable to start/stop your Pi-Hole without this. This information is only stored locally, and if you change your password, you will need to update this setting.

Sample reads its own file content

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

File read: C:\Users\user\Desktop\NEW_INVOICE.exe

Jump to behavior

Spawns processes

Show sources

Source: unknown	Process created: C:\Users\user\Desktop\NEW_INVOICE.exe 'C:\Users\user\Desktop\NEW_INVOICE.exe'
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'powershell' Get-MpPreference -verbose
Source: unknown	Process created: C:\Windows\System32\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lNzSaUcIhlGHF' /XML 'C:\Users\user\AppData\Local\Temp\tmpB1D8.tmp'
Source: unknown	Process created: C:\Users\user\Desktop\NEW_INVOICE.exe C:\Users\user\Desktop\NEW_INVOICE.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe 'C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe'
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'powershell' Get-MpPreference -verbose
Source: unknown	Process created: C:\Windows\System32\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lNzSaUcIhlGHF' /XML 'C:\Users\user\AppData\Local\Temp\tmpB28F.tmp'
Source: unknown	Process created: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'powershell' Get-MpPreference -verbose	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process created: C:\Windows\System32\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lNzSaUcIhlGHF' /XML 'C:\Users\user\AppData\Local\Temp\tmpB1D8.tmp'	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process created: C:\Users\user\Desktop\NEW_INVOICE.exe C:\Users\user\Desktop\NEW_INVOICE.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'powershell' Get-MpPreference -verbose	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process created: C:\Windows\System32\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lNzSaUcIhlGHF' /XML 'C:\Users\user\AppData\Local\Temp\tmpB28F.tmp'	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process created: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Jump to behavior

Uses an in-process (OLE) Automation server

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Uses Microsoft Silverlight

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Checks if Microsoft Office is installed

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

PE file contains a COM descriptor data directory

Show sources

Source: NEW_INVOICE.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Uses new MSVCR Dlls

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll

Jump to behavior

Contains modern PE file flags such as dynamic base (ASLR) or NX

Show sources

Source: NEW_INVOICE.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Binary contains paths to debug symbols

Show sources

Source:	Binary string: C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb source: NEW_INVOICE.exe, 00000001.00000002.321842021.03F40000.00000004.00000001.sdmp, SjKMY.exe, 00000008.00000002.472784341.0196B000.00000004.00000001.sdmp
Source:	Binary string: mscorrc.pdb source: NEW_INVOICE.exe, 00000001.00000002.318657678.00890000.00000002.00000001.sdmp, NEW_INVOICE.exe, 00000007.00000002.594342998.011B0000.00000002.00000001.sdmp, SjKMY.exe, 00000008.00000002.474032664.03E20000.00000002.00000001.sdmp, SjKMY.exe, 0000000D.00000002.601889277.03B80000.00000002.00000001.sdmp

Data Obfuscation:

Uses code obfuscation techniques (call, push, ret)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_0123793A push cs; retn 000Eh	1_2_012379BC
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_01237F0D push cs; ret	1_2_01237FC4
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_01237877 push cs; retn 000Eh	1_2_012379BC
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_01235BBC push cs; ret	1_2_01235BC8
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_012358F0 push cs; ret	1_2_01235B48
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_012379FB push cs; ret	1_2_01237A84
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_01237FC5 push cs; ret	1_2_01238084
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_012379C4 push cs; ret	1_2_01237A84
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_01235CC9 push cs; ret	1_2_01235D48
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_00287839 push eax; retn 0028h	1_2_002878A5
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_00287839 push eax; retn 0028h	1_2_002878C1
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_002880A5 push esp; ret	1_2_002880DD
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_002878E9 pushad ; retn 0028h	1_2_00287901
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_002878C8 pushad ; retn 0028h	1_2_002878E5
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_002878C8 pushad ; retn 0028h	1_2_00287901
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_0123793A push cs; retn 000Eh	7_2_012379BC
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_01237F0D push cs; ret	7_2_01237FC4
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_01237877 push cs; retn 000Eh	7_2_012379BC
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_01235BBC push cs; ret	7_2_01235BC8
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_012358F0 push cs; ret	7_2_01235B48
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_012379FB push cs; ret	7_2_01237A84
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_01237FC5 push cs; ret	7_2_01238084
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_012379C4 push cs; ret	7_2_01237A84
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_01235CC9 push cs; ret	7_2_01235D48
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_0038907D pushad ; retn 0038h	7_2_0038908D
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_003890E0 push esp; retn 0038h	7_2_003890FD
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_0038915C push esp; retn 0038h	7_2_00389169
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00389692 push ecx; ret	7_2_00389695
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00384FA1 push 50390002h; iretd	7_2_00384FA9
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EF7191 push esi; ret	7_2_00EF71A7
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 7_2_00EFD24F push es; retf	7_2_00EFD260

Binary may include packed or encrypted code

Show sources

Source: initial sample	Static PE information: section name: .text entropy: 7.40004234633
Source: initial sample	Static PE information: section name: .text entropy: 7.40004234633
Source: initial sample	Static PE information: section name: .text entropy: 7.40004234633

.NET source code contains many randomly named methods

Show sources

Source: NEW_INVOICE.exe, ManHole/gRDP.cs	High entropy of concatenated method names: '.ctor', 'ceccTWDomyAWGsbYfaKNUOUfueBaYuYSrywN', 'GekvLxQJPFLCrLTiSxihEEWEzmBnPpbZAH', 'SpELbVgRRdJsmFrzcwimhBsdJIKQIfOkg', 'yJpCyqDZZjbNHbWolbRrFuDBheHtFCjEnVzV', 'LvjwzTcIDfqajkgHtgmBrsUepIuVqXmKr', 'TgXuEOoAyaewYFcImbavxLUHfJAnbIKDiuSr', 'wEZPhmvhcOAUyLABPdvkgLmelgJCTyiXYss', 'gJFoocbSbqcdGJUUwWOhirJkqOmPhQGwZU', 'JuewCwwyBnyzCXtaNconXFvCsxlozmAVdD'
Source: NEW_INVOICE.exe, ManHole/cyvBzJ.cs	High entropy of concatenated method names: '.ctor', 'NeNPrejckhVXOJSsvlxqNXXNZBBXzWjrHV', 'PyGRJqLdImArgEHriNGtrxeHNLtAIiEdALjL', 'ujoZtSfZJdGfitbOxEbgrBTVXoRmCblxsCV', 'HJXNkiiNDrJRRPLKiceHiAsNCoDVlLxwa', 'RqHeYaNpuGtYCeozpYLOGzvewlRhXZoLk', 'XloCXDOxKtkWsEWVDSlNpgaEDqfUPgsUs', 'wlioHZoYoToZnwAELAjBEJChvnGXkXbdabTk', 'ueJjyxQcfzzoEzcxpJspcKSjydffuCOwczvJ', 'yYlBnrelsxXghmsKufgkAlDpVTQaBrLXHOsn'
Source: lNzSaUcIhlGHF.exe.1.dr, ManHole/gRDP.cs	High entropy of concatenated method names: '.ctor', 'ceccTWDomyAWGsbYfaKNUOUfueBaYuYSrywN', 'GekvLxQJPFLCrLTiSxihEEWEzmBnPpbZAH', 'SpELbVgRRdJsmFrzcwimhBsdJIKQIfOkg', 'yJpCyqDZZjbNHbWolbRrFuDBheHtFCjEnVzV', 'LvjwzTcIDfqajkgHtgmBrsUepIuVqXmKr', 'TgXuEOoAyaewYFcImbavxLUHfJAnbIKDiuSr', 'wEZPhmvhcOAUyLABPdvkgLmelgJCTyiXYss', 'gJFoocbSbqcdGJUUwWOhirJkqOmPhQGwZU', 'JuewCwwyBnyzCXtaNconXFvCsxlozmAVdD'
Source: lNzSaUcIhlGHF.exe.1.dr, ManHole/cyvBzJ.cs	High entropy of concatenated method names: '.ctor', 'NeNPrejckhVXOJSsvlxqNXXNZBBXzWjrHV', 'PyGRJqLdImArgEHriNGtrxeHNLtAIiEdALjL', 'ujoZtSfZJdGfitbOxEbgrBTVXoRmCblxsCV', 'HJXNkiiNDrJRRPLKiceHiAsNCoDVlLxwa', 'RqHeYaNpuGtYCeozpYLOGzvewlRhXZoLk', 'XloCXDOxKtkWsEWVDSlNpgaEDqfUPgsUs', 'wlioHZoYoToZnwAELAjBEJChvnGXkXbdabTk', 'ueJjyxQcfzzoEzcxpJspcKSjydffuCOwczvJ', 'yYlBnrelsxXghmsKufgkAlDpVTQaBrLXHOsn'
Source: 1.0.NEW_INVOICE.exe.1230000.0.unpack, ManHole/gRDP.cs	High entropy of concatenated method names: '.ctor', 'ceccTWDomyAWGsbYfaKNUOUfueBaYuYSrywN', 'GekvLxQJPFLCrLTiSxihEEWEzmBnPpbZAH', 'SpELbVgRRdJsmFrzcwimhBsdJIKQIfOkg', 'yJpCyqDZZjbNHbWolbRrFuDBheHtFCjEnVzV', 'LvjwzTcIDfqajkgHtgmBrsUepIuVqXmKr', 'TgXuEOoAyaewYFcImbavxLUHfJAnbIKDiuSr', 'wEZPhmvhcOAUyLABPdvkgLmelgJCTyiXYss', 'gJFoocbSbqcdGJUUwWOhirJkqOmPhQGwZU', 'JuewCwwyBnyzCXtaNconXFvCsxlozmAVdD'
Source: 1.0.NEW_INVOICE.exe.1230000.0.unpack, ManHole/cyvBzJ.cs	High entropy of concatenated method names: '.ctor', 'NeNPrejckhVXOJSsvlxqNXXNZBBXzWjrHV', 'PyGRJqLdImArgEHriNGtrxeHNLtAIiEdALjL', 'ujoZtSfZJdGfitbOxEbgrBTVXoRmCblxsCV', 'HJXNkiiNDrJRRPLKiceHiAsNCoDVlLxwa', 'RqHeYaNpuGtYCeozpYLOGzvewlRhXZoLk', 'XloCXDOxKtkWsEWVDSlNpgaEDqfUPgsUs', 'wlioHZoYoToZnwAELAjBEJChvnGXkXbdabTk', 'ueJjyxQcfzzoEzcxpJspcKSjydffuCOwczvJ', 'yYlBnrelsxXghmsKufgkAlDpVTQaBrLXHOsn'
Source: 1.2.NEW_INVOICE.exe.1230000.5.unpack, ManHole/gRDP.cs	High entropy of concatenated method names: '.ctor', 'ceccTWDomyAWGsbYfaKNUOUfueBaYuYSrywN', 'GekvLxQJPFLCrLTiSxihEEWEzmBnPpbZAH', 'SpELbVgRRdJsmFrzcwimhBsdJIKQIfOkg', 'yJpCyqDZZjbNHbWolbRrFuDBheHtFCjEnVzV', 'LvjwzTcIDfqajkgHtgmBrsUepIuVqXmKr', 'TgXuEOoAyaewYFcImbavxLUHfJAnbIKDiuSr', 'wEZPhmvhcOAUyLABPdvkgLmelgJCTyiXYss', 'gJFoocbSbqcdGJUUwWOhirJkqOmPhQGwZU', 'JuewCwwyBnyzCXtaNconXFvCsxlozmAVdD'
Source: 1.2.NEW_INVOICE.exe.1230000.5.unpack, ManHole/cyvBzJ.cs	High entropy of concatenated method names: '.ctor', 'NeNPrejckhVXOJSsvlxqNXXNZBBXzWjrHV', 'PyGRJqLdImArgEHriNGtrxeHNLtAIiEdALjL', 'ujoZtSfZJdGfitbOxEbgrBTVXoRmCblxsCV', 'HJXNkiiNDrJRRPLKiceHiAsNCoDVlLxwa', 'RqHeYaNpuGtYCeozpYLOGzvewlRhXZoLk', 'XloCXDOxKtkWsEWVDSlNpgaEDqfUPgsUs', 'wlioHZoYoToZnwAELAjBEJChvnGXkXbdabTk', 'ueJjyxQcfzzoEzcxpJspcKSjydffuCOwczvJ', 'yYlBnrelsxXghmsKufgkAlDpVTQaBrLXHOsn'
Source: SjKMY.exe.7.dr, ManHole/gRDP.cs	High entropy of concatenated method names: '.ctor', 'ceccTWDomyAWGsbYfaKNUOUfueBaYuYSrywN', 'GekvLxQJPFLCrLTiSxihEEWEzmBnPpbZAH', 'SpELbVgRRdJsmFrzcwimhBsdJIKQIfOkg', 'yJpCyqDZZjbNHbWolbRrFuDBheHtFCjEnVzV', 'LvjwzTcIDfqajkgHtgmBrsUepIuVqXmKr', 'TgXuEOoAyaewYFcImbavxLUHfJAnbIKDiuSr', 'wEZPhmvhcOAUyLABPdvkgLmelgJCTyiXYss', 'gJFoocbSbqcdGJUUwWOhirJkqOmPhQGwZU', 'JuewCwwyBnyzCXtaNconXFvCsxlozmAVdD'
Source: SjKMY.exe.7.dr, ManHole/cyvBzJ.cs	High entropy of concatenated method names: '.ctor', 'NeNPrejckhVXOJSsvlxqNXXNZBBXzWjrHV', 'PyGRJqLdImArgEHriNGtrxeHNLtAIiEdALjL', 'ujoZtSfZJdGfitbOxEbgrBTVXoRmCblxsCV', 'HJXNkiiNDrJRRPLKiceHiAsNCoDVlLxwa', 'RqHeYaNpuGtYCeozpYLOGzvewlRhXZoLk', 'XloCXDOxKtkWsEWVDSlNpgaEDqfUPgsUs', 'wlioHZoYoToZnwAELAjBEJChvnGXkXbdabTk', 'ueJjyxQcfzzoEzcxpJspcKSjydffuCOwczvJ', 'yYlBnrelsxXghmsKufgkAlDpVTQaBrLXHOsn'
Source: 7.0.NEW_INVOICE.exe.1230000.0.unpack, ManHole/gRDP.cs	High entropy of concatenated method names: '.ctor', 'ceccTWDomyAWGsbYfaKNUOUfueBaYuYSrywN', 'GekvLxQJPFLCrLTiSxihEEWEzmBnPpbZAH', 'SpELbVgRRdJsmFrzcwimhBsdJIKQIfOkg', 'yJpCyqDZZjbNHbWolbRrFuDBheHtFCjEnVzV', 'LvjwzTcIDfqajkgHtgmBrsUepIuVqXmKr', 'TgXuEOoAyaewYFcImbavxLUHfJAnbIKDiuSr', 'wEZPhmvhcOAUyLABPdvkgLmelgJCTyiXYss', 'gJFoocbSbqcdGJUUwWOhirJkqOmPhQGwZU', 'JuewCwwyBnyzCXtaNconXFvCsxlozmAVdD'
Source: 7.0.NEW_INVOICE.exe.1230000.0.unpack, ManHole/cyvBzJ.cs	High entropy of concatenated method names: '.ctor', 'NeNPrejckhVXOJSsvlxqNXXNZBBXzWjrHV', 'PyGRJqLdImArgEHriNGtrxeHNLtAIiEdALjL', 'ujoZtSfZJdGfitbOxEbgrBTVXoRmCblxsCV', 'HJXNkiiNDrJRRPLKiceHiAsNCoDVlLxwa', 'RqHeYaNpuGtYCeozpYLOGzvewlRhXZoLk', 'XloCXDOxKtkWsEWVDSlNpgaEDqfUPgsUs', 'wlioHZoYoToZnwAELAjBEJChvnGXkXbdabTk', 'ueJjyxQcfzzoEzcxpJspcKSjydffuCOwczvJ', 'yYlBnrelsxXghmsKufgkAlDpVTQaBrLXHOsn'
Source: 7.2.NEW_INVOICE.exe.1230000.6.unpack, ManHole/gRDP.cs	High entropy of concatenated method names: '.ctor', 'ceccTWDomyAWGsbYfaKNUOUfueBaYuYSrywN', 'GekvLxQJPFLCrLTiSxihEEWEzmBnPpbZAH', 'SpELbVgRRdJsmFrzcwimhBsdJIKQIfOkg', 'yJpCyqDZZjbNHbWolbRrFuDBheHtFCjEnVzV', 'LvjwzTcIDfqajkgHtgmBrsUepIuVqXmKr', 'TgXuEOoAyaewYFcImbavxLUHfJAnbIKDiuSr', 'wEZPhmvhcOAUyLABPdvkgLmelgJCTyiXYss', 'gJFoocbSbqcdGJUUwWOhirJkqOmPhQGwZU', 'JuewCwwyBnyzCXtaNconXFvCsxlozmAVdD'
Source: 7.2.NEW_INVOICE.exe.1230000.6.unpack, ManHole/cyvBzJ.cs	High entropy of concatenated method names: '.ctor', 'NeNPrejckhVXOJSsvlxqNXXNZBBXzWjrHV', 'PyGRJqLdImArgEHriNGtrxeHNLtAIiEdALjL', 'ujoZtSfZJdGfitbOxEbgrBTVXoRmCblxsCV', 'HJXNkiiNDrJRRPLKiceHiAsNCoDVlLxwa', 'RqHeYaNpuGtYCeozpYLOGzvewlRhXZoLk', 'XloCXDOxKtkWsEWVDSlNpgaEDqfUPgsUs', 'wlioHZoYoToZnwAELAjBEJChvnGXkXbdabTk', 'ueJjyxQcfzzoEzcxpJspcKSjydffuCOwczvJ', 'yYlBnrelsxXghmsKufgkAlDpVTQaBrLXHOsn'
Source: 8.2.SjKMY.exe.270000.0.unpack, ManHole/gRDP.cs	High entropy of concatenated method names: '.ctor', 'ceccTWDomyAWGsbYfaKNUOUfueBaYuYSrywN', 'GekvLxQJPFLCrLTiSxihEEWEzmBnPpbZAH', 'SpELbVgRRdJsmFrzcwimhBsdJIKQIfOkg', 'yJpCyqDZZjbNHbWolbRrFuDBheHtFCjEnVzV', 'LvjwzTcIDfqajkgHtgmBrsUepIuVqXmKr', 'TgXuEOoAyaewYFcImbavxLUHfJAnbIKDiuSr', 'wEZPhmvhcOAUyLABPdvkgLmelgJCTyiXYss', 'gJFoocbSbqcdGJUUwWOhirJkqOmPhQGwZU', 'JuewCwwyBnyzCXtaNconXFvCsxlozmAVdD'
Source: 8.2.SjKMY.exe.270000.0.unpack, ManHole/cyvBzJ.cs	High entropy of concatenated method names: '.ctor', 'NeNPrejckhVXOJSsvlxqNXXNZBBXzWjrHV', 'PyGRJqLdImArgEHriNGtrxeHNLtAIiEdALjL', 'ujoZtSfZJdGfitbOxEbgrBTVXoRmCblxsCV', 'HJXNkiiNDrJRRPLKiceHiAsNCoDVlLxwa', 'RqHeYaNpuGtYCeozpYLOGzvewlRhXZoLk', 'XloCXDOxKtkWsEWVDSlNpgaEDqfUPgsUs', 'wlioHZoYoToZnwAELAjBEJChvnGXkXbdabTk', 'ueJjyxQcfzzoEzcxpJspcKSjydffuCOwczvJ', 'yYlBnrelsxXghmsKufgkAlDpVTQaBrLXHOsn'
Source: 8.0.SjKMY.exe.270000.0.unpack, ManHole/gRDP.cs	High entropy of concatenated method names: '.ctor', 'ceccTWDomyAWGsbYfaKNUOUfueBaYuYSrywN', 'GekvLxQJPFLCrLTiSxihEEWEzmBnPpbZAH', 'SpELbVgRRdJsmFrzcwimhBsdJIKQIfOkg', 'yJpCyqDZZjbNHbWolbRrFuDBheHtFCjEnVzV', 'LvjwzTcIDfqajkgHtgmBrsUepIuVqXmKr', 'TgXuEOoAyaewYFcImbavxLUHfJAnbIKDiuSr', 'wEZPhmvhcOAUyLABPdvkgLmelgJCTyiXYss', 'gJFoocbSbqcdGJUUwWOhirJkqOmPhQGwZU', 'JuewCwwyBnyzCXtaNconXFvCsxlozmAVdD'
Source: 8.0.SjKMY.exe.270000.0.unpack, ManHole/cyvBzJ.cs	High entropy of concatenated method names: '.ctor', 'NeNPrejckhVXOJSsvlxqNXXNZBBXzWjrHV', 'PyGRJqLdImArgEHriNGtrxeHNLtAIiEdALjL', 'ujoZtSfZJdGfitbOxEbgrBTVXoRmCblxsCV', 'HJXNkiiNDrJRRPLKiceHiAsNCoDVlLxwa', 'RqHeYaNpuGtYCeozpYLOGzvewlRhXZoLk', 'XloCXDOxKtkWsEWVDSlNpgaEDqfUPgsUs', 'wlioHZoYoToZnwAELAjBEJChvnGXkXbdabTk', 'ueJjyxQcfzzoEzcxpJspcKSjydffuCOwczvJ', 'yYlBnrelsxXghmsKufgkAlDpVTQaBrLXHOsn'
Source: 13.2.SjKMY.exe.270000.0.unpack, ManHole/gRDP.cs	High entropy of concatenated method names: '.ctor', 'ceccTWDomyAWGsbYfaKNUOUfueBaYuYSrywN', 'GekvLxQJPFLCrLTiSxihEEWEzmBnPpbZAH', 'SpELbVgRRdJsmFrzcwimhBsdJIKQIfOkg', 'yJpCyqDZZjbNHbWolbRrFuDBheHtFCjEnVzV', 'LvjwzTcIDfqajkgHtgmBrsUepIuVqXmKr', 'TgXuEOoAyaewYFcImbavxLUHfJAnbIKDiuSr', 'wEZPhmvhcOAUyLABPdvkgLmelgJCTyiXYss', 'gJFoocbSbqcdGJUUwWOhirJkqOmPhQGwZU', 'JuewCwwyBnyzCXtaNconXFvCsxlozmAVdD'
Source: 13.2.SjKMY.exe.270000.0.unpack, ManHole/cyvBzJ.cs	High entropy of concatenated method names: '.ctor', 'NeNPrejckhVXOJSsvlxqNXXNZBBXzWjrHV', 'PyGRJqLdImArgEHriNGtrxeHNLtAIiEdALjL', 'ujoZtSfZJdGfitbOxEbgrBTVXoRmCblxsCV', 'HJXNkiiNDrJRRPLKiceHiAsNCoDVlLxwa', 'RqHeYaNpuGtYCeozpYLOGzvewlRhXZoLk', 'XloCXDOxKtkWsEWVDSlNpgaEDqfUPgsUs', 'wlioHZoYoToZnwAELAjBEJChvnGXkXbdabTk', 'ueJjyxQcfzzoEzcxpJspcKSjydffuCOwczvJ', 'yYlBnrelsxXghmsKufgkAlDpVTQaBrLXHOsn'

Persistence and Installation Behavior:

Drops PE files

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	File created: C:\Users\user\AppData\Roaming\lNzSaUcIhlGHF.exe			Jump to dropped file
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	File created: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe			Jump to dropped file

Boot Survival:

Uses schtasks.exe or at.exe to add and modify task schedules

Show sources

Source: unknown

Process created: C:\Windows\System32\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lNzSaUcIhlGHF' /XML 'C:\Users\user\AppData\Local\Temp\tmpB1D8.tmp'

Creates an autostart registry key

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MNltZVno			Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MNltZVno			Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	File opened: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	File opened: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe:Zone.Identifier read attributes \| delete			Jump to behavior

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Jump to behavior

Disables application error messsages (SetErrorMode)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Yara detected AntiVM_3

Show sources

Source: Yara match	File source: Process Memory Space: SjKMY.exe PID: 3300, type: MEMORY
Source: Yara match	File source: Process Memory Space: NEW_INVOICE.exe PID: 3540, type: MEMORY

Yara detected Cassandra Crypter

Show sources

Source: Yara match	File source: 00000008.00000002.472784341.0196B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.321842021.03F40000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.320873231.01F1B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.474216706.03ED0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SjKMY.exe PID: 3300, type: MEMORY
Source: Yara match	File source: Process Memory Space: NEW_INVOICE.exe PID: 3540, type: MEMORY
Source: Yara match	File source: 8.2.SjKMY.exe.3ed0000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.NEW_INVOICE.exe.3f40000.6.raw.unpack, type: UNPACKEDPE

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	WMI Queries: IWbemServices::CreateInstanceEnum - Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	WMI Queries: IWbemServices::CreateInstanceEnum - Win32_BaseBoard

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	WMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	WMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_VideoController

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: NEW_INVOICE.exe, 00000001.00000002.320855805.01F0F000.00000004.00000001.sdmp, SjKMY.exe, 00000008.00000002.472767399.0195F000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: NEW_INVOICE.exe, 00000001.00000002.320855805.01F0F000.00000004.00000001.sdmp, SjKMY.exe, 00000008.00000002.472767399.0195F000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL

Contains capabilities to detect virtual machines

Show sources

Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: Identifier	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum name: 0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains long sleeps (>= 3 min)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Thread delayed: delay time: 1200000	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe TID: 3740	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe TID: 3516	Thread sleep time: -50397s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe TID: 3680	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe TID: 3680	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe TID: 3616	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3876	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe TID: 4000	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe TID: 3964	Thread sleep time: -32000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe TID: 2932	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe TID: 4080	Thread sleep time: -32000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe TID: 4060	Thread sleep time: -420000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe TID: 4048	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe TID: 3268	Thread sleep time: -46960s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe TID: 4060	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe TID: 2236	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2080	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe TID: 2856	Thread sleep time: -540000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe TID: 2288	Thread sleep count: 33 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe TID: 2288	Thread sleep time: -33000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe TID: 2652	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe TID: 2652	Thread sleep time: -1200000s >= -30000s	Jump to behavior

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	WMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	WMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	WMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	WMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Last function: Thread delayed

Enumerates the file system

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Show sources

Source: SjKMY.exe, 00000008.00000002.472767399.0195F000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: SjKMY.exe, 00000008.00000002.472767399.0195F000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: SjKMY.exe, 00000008.00000002.472767399.0195F000.00000004.00000001.sdmp	Binary or memory string: l&%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: SjKMY.exe, 00000008.00000002.472767399.0195F000.00000004.00000001.sdmp	Binary or memory string: l#"SOFTWARE\VMware, Inc.\VMware Tools
Source: SjKMY.exe, 00000008.00000002.472767399.0195F000.00000004.00000001.sdmp	Binary or memory string: lA"SOFTWARE\VMware, Inc.\VMware Tools
Source: SjKMY.exe, 00000008.00000002.472767399.0195F000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: NEW_INVOICE.exe, 00000001.00000002.320971840.02EC0000.00000004.00000001.sdmp, NEW_INVOICE.exe, 00000007.00000002.592714992.00402000.00000040.00000001.sdmp, SjKMY.exe, 00000008.00000002.472861212.02910000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599326080.00402000.00000040.00000001.sdmp	Binary or memory string: m_ThreadStaticValueget_GetInstancehpgohckwckjckzckrckucklckbckmckecknckpctvctyctxctsctqctwctjctzctrctuctlctbctmctectnctpcvycvxcvscvqcvwcvjcvzcvrMutexSystem.ThreadingcvucvlcvbcvmcvecvncvpcyxcyscyqcywcyjcyzgokGetLastInputInfouser32.dllgotgovgoygoxgoqgasgawgajgdfgdqSystem.DrawingImageCodecInfoSystem.Drawing.ImagingImageFormatgdwgdugdlgdbgdmgdegfhgfsElapsedEventArgsSystem.TimersgfqgfwghlghbghmgheghpgktgkvgkwgkugklgkmgkegkngkpgtygtxgtsgtwgtjgtzgvxgvsgvqgvrgwpMemoryStreamgjzgjrgjugjlgzpDeleteFilekernel32grugrlgrbgrmgregulGetModuleFileNameAgubgumguegunMoveFileExWgupglbglmglegbegbngbpgmngmpcodcofcohget_CHset_CHWithEventsValuecomcoeget_kbHookset_kbHookcadGetForegroundWindowcafStringBuilderSystem.TextGetWindowTextcahcakcatcavGetWindowTextLengthcaycaxGetKeyboardStatecascaqMapVirtualKeycawcajcazEnumProcessModulespsapi.dllcarcaucalcabcamGetModuleFileNameExcaecancapcdfcdhGetWindowThreadProcessIdcdkcdtcdvGetKeyboardLayoutuser32cdycdxToUnicodeExcdscdqcdwcdjcdzcdrcducdlcdbcfscfucfechkchxchzSystem.Windows.FormsKeyschrchbchmcyrcyukqcbSizedwTimekwEnumvalue__OperatingSystemNameProcessorNameAmountOfMemorykjxexnPasswordget_PasswordHashget_Passwordset_PasswordValuekzkrtytxtstmtetnvrvuyqywyjypxsxqxpsqswzmzeThreadExeNamesjszqljrjuzpNativeWindowuplbruSetClipboardViewerrlrbChangeClipboardChainrmrernSendMessagerpulubumadd_Changedobjremove_ChangedueunWndProcMessageFinalizelmznMulticastDelegateTargetObjectTargetMethodBeginInvokeIAsyncResultAsyncCallbacksenderDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultInvokebngcegcnWH_KEYBOARD_LLHC_ACTIONWM_KEYDOWNWM_KEYUPWM_SYSKEYDOWNWM_SYSKEYUPgcpgoabpSetWindowsHookExUser32.dllmemnmpenepCallNextHookExnpgcogcagcdgcfUnhookWindowsHookExgchadd_KeyDownremove_KeyDownadd_KeyUpremove_KeyUpgckgctgcvgcygcugodgoflevkCodescanCodeflagstimedwExtraInfolnLLKHF_EXTENDEDLLKHF_INJECTEDLLKHF_ALTDOWNLLKHF_UPlpKeybmbenCodewParamlParamcylcwncwpcjzcjrcjucybcyecxbcxecsmcsecsncspcqlcqbcwzcwrcjlcjbcjnczecrpMD5System.Security.Cryptographyculcubclmcleclnclpcbmget_UserNameset_UserNameget_URLset_URLget_Browserset_Browsercbecbncbpcmecmn
Source: SjKMY.exe, 00000008.00000002.472767399.0195F000.00000004.00000001.sdmp	Binary or memory string: l87HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools\.

Queries a list of all running processes

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Enables debug privileges

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process token adjusted: Debug	Jump to behavior

Creates guard pages, often used to prevent reverse engineering and debugging

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Memory written: C:\Users\user\Desktop\NEW_INVOICE.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Memory written: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe base: 400000 value starts with: 4D5A			Jump to behavior

Modifies the context of a thread in another process (thread injection)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Thread register set: target process: 3968			Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Thread register set: target process: 2900			Jump to behavior

Creates a process in suspended mode (likely to inject code)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'powershell' Get-MpPreference -verbose			Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'powershell' Get-MpPreference -verbose			Jump to behavior

May try to detect the Windows Explorer process (often used for injection)

Show sources

Source: NEW_INVOICE.exe, 00000007.00000002.594575102.012C0000.00000002.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599729471.00860000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: NEW_INVOICE.exe, 00000007.00000002.594575102.012C0000.00000002.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599729471.00860000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: NEW_INVOICE.exe, 00000007.00000002.594575102.012C0000.00000002.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599729471.00860000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Show sources

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\hh.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\hh.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior

Contains functionality to query the account / user name

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

Code function: 1_2_007C2C06 GetUserNameA,

1_2_007C2C06

Queries the cryptographic machine GUID

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	WMI Queries: IWbemServices::ExecQuery - SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	WMI Queries: IWbemServices::ExecQuery - SELECT * FROM AntivirusProduct

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.600936606.01B80000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SjKMY.exe PID: 2900, type: MEMORY
Source: Yara match	File source: Process Memory Space: NEW_INVOICE.exe PID: 3968, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions			Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml			Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\			Jump to behavior

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Yara detected Credential Stealer

Show sources

Source: Yara match	File source: 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.600936606.01B80000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SjKMY.exe PID: 2900, type: MEMORY
Source: Yara match	File source: Process Memory Space: NEW_INVOICE.exe PID: 3968, type: MEMORY

Remote Access Functionality:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.600936606.01B80000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SjKMY.exe PID: 2900, type: MEMORY
Source: Yara match	File source: Process Memory Space: NEW_INVOICE.exe PID: 3968, type: MEMORY

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Show sources

Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_007C0DBA bind,	1_2_007C0DBA
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_007C09AA listen,	1_2_007C09AA
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_007C096C listen,	1_2_007C096C
Source: C:\Users\user\Desktop\NEW_INVOICE.exe	Code function: 1_2_007C0D87 bind,	1_2_007C0D87

Malware Configuration

Threatname: Agenttesla

{"To: ": "rameshwar.raut@eminentleague.com", "ByHost:": "mail.eminentleague.com:587", "From: ": "rameshwar.raut@eminentleague.com"}

Signature Similarity

Sample Distance (10 = nearest)

10 9 8 7 6 5 4 3 2 1

Similar Samples

Samplename	Analysis ID	SHA256	Similarity

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Simulations

Behavior and APIs

Time	Type	Description
13:25:54	API Interceptor	966x Sleep call for process: NEW_INVOICE.exe modified
13:25:56	API Interceptor	24x Sleep call for process: powershell.exe modified
13:25:58	API Interceptor	2x Sleep call for process: schtasks.exe modified
13:26:50	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MNltZVno C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe
13:26:59	API Interceptor	480x Sleep call for process: SjKMY.exe modified

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
NEW_INVOICE.exe	73%	Virustotal		Browse
NEW_INVOICE.exe	100%	Avira	TR/Dropper.MSIL.ugaix
NEW_INVOICE.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	100%	Avira	TR/Dropper.MSIL.ugaix
C:\Users\user\AppData\Roaming\lNzSaUcIhlGHF.exe	100%	Avira	TR/Dropper.MSIL.ugaix
C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\lNzSaUcIhlGHF.exe	100%	Joe Sandbox ML

Unpacked PE Files

Source	Detection	Scanner	Label	Download
13.2.SjKMY.exe.270000.0.unpack	100%	Avira	TR/Dropper.MSIL.ugaix	Download File
7.0.NEW_INVOICE.exe.1230000.0.unpack	100%	Avira	TR/Dropper.MSIL.ugaix	Download File
8.0.SjKMY.exe.270000.0.unpack	100%	Avira	TR/Dropper.MSIL.ugaix	Download File
13.0.SjKMY.exe.270000.0.unpack	100%	Avira	TR/Dropper.MSIL.ugaix	Download File
13.2.SjKMY.exe.400000.2.unpack	100%	Avira	TR/Dropper.Gen	Download File
1.0.NEW_INVOICE.exe.1230000.0.unpack	100%	Avira	TR/Dropper.MSIL.ugaix	Download File
7.2.NEW_INVOICE.exe.1230000.6.unpack	100%	Avira	TR/Dropper.MSIL.ugaix	Download File
7.2.NEW_INVOICE.exe.400000.0.unpack	100%	Avira	TR/Dropper.Gen	Download File

Domains

Source	Detection	Scanner	Label	Link
eminentleague.com	0%	Virustotal		Browse
mail.eminentleague.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	Virustotal		Browse
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://pi.hole/admin/5ManHole	0%	Avira URL Cloud	safe
http://crl.useZ	0%	Avira URL Cloud	safe
http://ocsp.int-x3.letsencrypt.org0/	0%	URL Reputation	safe
https://v6745Ki5eOlpwSJ6UFt.org	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
https://v6745Ki5eOlpwSJ6UFt.orgH	0%	Avira URL Cloud	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://ocsp.int-x3.letsencrypt.orT	0%	Avira URL Cloud	safe
http://cps.root-x1.letsencrypt.org0	0%	URL Reputation	safe
http://www.usertrust.	0%	URL Reputation	safe
http://pi.hole/admin/	0%	Avira URL Cloud	safe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

Source	Rule	Description	Author	Strings
00000008.00000002.472784341.0196B000.00000004.00000001.sdmp	JoeSecurity_CassandraCrypter	Yara detected Cassandra Crypter	Joe Security
00000001.00000002.321842021.03F40000.00000004.00000001.sdmp	ConventionEngine_Term_Desktop	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x1a6b:$anchor: Desktop 0x24eb:$anchor: Desktop 0x24c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
00000001.00000002.321842021.03F40000.00000004.00000001.sdmp	ConventionEngine_Term_Users	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x24db:$anchor: Users 0x24c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
00000001.00000002.321842021.03F40000.00000004.00000001.sdmp	JoeSecurity_CassandraCrypter	Yara detected Cassandra Crypter	Joe Security
00000001.00000002.320873231.01F1B000.00000004.00000001.sdmp	JoeSecurity_CassandraCrypter	Yara detected Cassandra Crypter	Joe Security
00000008.00000002.474216706.03ED0000.00000004.00000001.sdmp	ConventionEngine_Term_Desktop	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x1a6b:$anchor: Desktop 0x24eb:$anchor: Desktop 0x24c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
00000008.00000002.474216706.03ED0000.00000004.00000001.sdmp	ConventionEngine_Term_Users	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x24db:$anchor: Users 0x24c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
00000008.00000002.474216706.03ED0000.00000004.00000001.sdmp	JoeSecurity_CassandraCrypter	Yara detected Cassandra Crypter	Joe Security
00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000D.00000002.600936606.01B80000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000002.600936606.01B80000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: SjKMY.exe PID: 2900	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: SjKMY.exe PID: 2900	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: SjKMY.exe PID: 3300	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: SjKMY.exe PID: 3300	JoeSecurity_CassandraCrypter	Yara detected Cassandra Crypter	Joe Security
Process Memory Space: NEW_INVOICE.exe PID: 3968	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: NEW_INVOICE.exe PID: 3968	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: NEW_INVOICE.exe PID: 3540	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: NEW_INVOICE.exe PID: 3540	JoeSecurity_CassandraCrypter	Yara detected Cassandra Crypter	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
8.2.SjKMY.exe.3ed0000.6.raw.unpack	ConventionEngine_Term_Desktop	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x1a6b:$anchor: Desktop 0x24eb:$anchor: Desktop 0x24c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
8.2.SjKMY.exe.3ed0000.6.raw.unpack	ConventionEngine_Term_Users	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x24db:$anchor: Users 0x24c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
8.2.SjKMY.exe.3ed0000.6.raw.unpack	JoeSecurity_CassandraCrypter	Yara detected Cassandra Crypter	Joe Security
8.2.SjKMY.exe.3ed0000.6.unpack	ConventionEngine_Term_Desktop	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x6eb:$anchor: Desktop 0x6c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
8.2.SjKMY.exe.3ed0000.6.unpack	ConventionEngine_Term_Users	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x6db:$anchor: Users 0x6c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
1.2.NEW_INVOICE.exe.3f40000.6.raw.unpack	ConventionEngine_Term_Desktop	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x1a6b:$anchor: Desktop 0x24eb:$anchor: Desktop 0x24c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
1.2.NEW_INVOICE.exe.3f40000.6.raw.unpack	ConventionEngine_Term_Users	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x24db:$anchor: Users 0x24c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
1.2.NEW_INVOICE.exe.3f40000.6.raw.unpack	JoeSecurity_CassandraCrypter	Yara detected Cassandra Crypter	Joe Security
1.2.NEW_INVOICE.exe.3f40000.6.unpack	ConventionEngine_Term_Desktop	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x6eb:$anchor: Desktop 0x6c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
1.2.NEW_INVOICE.exe.3f40000.6.unpack	ConventionEngine_Term_Users	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x6db:$anchor: Users 0x6c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
8.2.SjKMY.exe.3e80000.5.unpack	ConventionEngine_Term_Desktop	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x4f6eb:$anchor: Desktop 0x4f6c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb
8.2.SjKMY.exe.3e80000.5.unpack	ConventionEngine_Term_Users	Searching for PE files with PDB path keywords, terms or anomalies.	@stvemillertime	0x4f6db:$anchor: Users 0x4f6c0:$pcre: RSDS\x03\x0B\xECI\xE5\xC6?L\x8B\xC6`mF\x8FP\xF6\x01C:\Users\Cassandra\Desktop\Premium\CyaX\CyaX\obj\Debug\CyaX.pdb

Sigma Overview

System Summary:

Sigma detected: Scheduled temp file as task from temp location

Show sources

Source: Process started

Author: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lNzSaUcIhlGHF' /XML 'C:\Users\user\AppData\Local\Temp\tmpB1D8.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lNzSaUcIhlGHF' /XML 'C:\Users\user\AppData\Local\Temp\tmpB1D8.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\NEW_INVOICE.exe' , ParentImage: C:\Users\user\Desktop\NEW_INVOICE.exe, ParentProcessId: 3540, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lNzSaUcIhlGHF' /XML 'C:\Users\user\AppData\Local\Temp\tmpB1D8.tmp', ProcessId: 3900

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
192.185.129.21	http://m-d.co.in/Rechnung/012019	Get hash	malicious	Browse	m-d.co.in/favicon.ico

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
unknown	Nota Spese.xls	Get hash	malicious	Browse	45.84.0.8
	http://axdsz.pro/?target=-7EBNQCgQAAAPQGwPVLQAFAQEREQoRCQoRDUIRDRIAAX9hZGNvbWJvATE#al=26230#ap=26041	Get hash	malicious	Browse	91.228.154.124
	http://ggmail.com	Get hash	malicious	Browse	173.194.79.154
	http://www.direct2print.co.uk	Get hash	malicious	Browse	52.4.32.92
	-#U2709-Colt-Employee-Benefits-Pol#U03b9cy-45766405.html	Get hash	malicious	Browse	23.111.164.58
	rech_190822556.html	Get hash	malicious	Browse	45.67.229.95
	rech_190822556.html	Get hash	malicious	Browse	13.224.96.124
	HOL415687447.html	Get hash	malicious	Browse	13.224.96.126
	HOL415687447.html	Get hash	malicious	Browse	13.224.96.93
	https://thespoteventvenue.net/TP/Severin.bayer/c2V2ZXJpbi5iYXllckBjb2x0Lm5ldA==	Get hash	malicious	Browse	144.208.74.176
	FileZilla_3.46.3_win32_sponsored-setup.exe	Get hash	malicious	Browse	5.62.44.66
	23-11-18 (Copier).html	Get hash	malicious	Browse	88.99.66.31
	http://yesimsatirli.com/baby/Documentation/	Get hash	malicious	Browse	5.2.78.43
	https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmerrilledge.tt.omtrdc.net%2Fm2%2Fmerrilledge%2Fubox%2Fimage%3Fmbox%3DoptOut%26profile.throttle_value%3D999%26mboxDefault%3Dhttps%3A%2F%2Fis.gd%2FuoSKRo&data=02%7C01%7CProfiling%40idcare.org%7Cff5c767b73dc41878c3708d7a06b2bb0%7Cf9d906e6c5d54033a34720a87f8a13eb%7C1%7C0%7C637154255133518251&sdata=uSLGRNIStKp0P7ykV5jAFp1nFhyWRiF42Plwv2Ry6rI%3D&reserved=0	Get hash	malicious	Browse	104.25.23.21
	view_presentation_e0j.vbs	Get hash	malicious	Browse	47.56.155.167
	PicturethrillSetup.exe	Get hash	malicious	Browse	104.18.137.190
	http://astrotechsteels.com/iodasiduasdasd/mt2	Get hash	malicious	Browse	142.44.174.197
	pimTNyOSw.exe	Get hash	malicious	Browse	127.0.0.1
	https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f260NS9VZ95SSN9XV2Z9WN22S9529VNNW95N.turismosurdelosrios.cl%2f%3femail%3dcjones%40murexltd.com&c=E,1,p3mKvJyJgF7qWMvjT45AM_To_CcYCG3BCU7zMJsCOQJ2vnof7lw_77bHhEr8-ge1Twu-jgFJv0vwJZmcp0kt0uX7UdrLX-qTZubZW7rwR21WzAq4wtFrqA,,&typo=1	Get hash	malicious	Browse	104.17.64.4
	ATT01483.htm	Get hash	malicious	Browse	13.35.253.5

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Startup

System is w7_1

NEW_INVOICE.exe (PID: 3540 cmdline: 'C:\Users\user\Desktop\NEW_INVOICE.exe' MD5: A24C195DA4F8A5DEE365875B3E3A38A1)

powershell.exe (PID: 3656 cmdline: 'powershell' Get-MpPreference -verbose MD5: 92F44E405DB16AC55D97E3BFE3B132FA)

schtasks.exe (PID: 3900 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lNzSaUcIhlGHF' /XML 'C:\Users\user\AppData\Local\Temp\tmpB1D8.tmp' MD5: 2003E9B15E1C502B146DAD2E383AC1E3)

NEW_INVOICE.exe (PID: 3968 cmdline: C:\Users\user\Desktop\NEW_INVOICE.exe MD5: A24C195DA4F8A5DEE365875B3E3A38A1)

SjKMY.exe (PID: 3300 cmdline: 'C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe' MD5: A24C195DA4F8A5DEE365875B3E3A38A1)

powershell.exe (PID: 3840 cmdline: 'powershell' Get-MpPreference -verbose MD5: 92F44E405DB16AC55D97E3BFE3B132FA)

schtasks.exe (PID: 3780 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lNzSaUcIhlGHF' /XML 'C:\Users\user\AppData\Local\Temp\tmpB28F.tmp' MD5: 2003E9B15E1C502B146DAD2E383AC1E3)

SjKMY.exe (PID: 2900 cmdline: C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe MD5: A24C195DA4F8A5DEE365875B3E3A38A1)

cleanup

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A Download File
Process:	C:\Users\user\Desktop\NEW_INVOICE.exe
File Type:	data
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A Download File
Process:	C:\Users\user\Desktop\NEW_INVOICE.exe
File Type:	data
Size (bytes):	252
Entropy (8bit):	3.011479071771695
Encrypted:	false
MD5:	858C7C3342AE518033351A189D63B486
SHA1:	8F168BA1DA45B686003013343D3FAF7D395BD7E6
SHA-256:	14CC949F0BFC305D54594A90FCCE8FB2A5649C1C376726A9EE5260CDBE323718
SHA-512:	FF3A59C8059F195A7896007B1AAD0F56659A707770CF384DE01110410FE8FE60F8B16C17353B7B9F681DCFB768D5FE4592A7A04CF41EDB6FD0ECDAEAD152AF91
Malicious:	false
Reputation:	low
Preview:	p...... ....`....5.....(....................................................... ........_[.z....Q..(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.5.9.c.a.9.2.e.e.9.4.9.8.0."...

C:\Users\user\AppData\Local\Temp\tmpB1D8.tmp Download File
Process:	C:\Users\user\Desktop\NEW_INVOICE.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Size (bytes):	1645
Entropy (8bit):	5.1289587740971045
Encrypted:	false
MD5:	46C510CC07F2D7EBB4373E9ED9B10F65
SHA1:	C13487473E96DAE11E461AF878662528FD9B122B
SHA-256:	7B785577B84F1110A93DEA44CA9896358D759B503A4E5DF47FB7FAF74B1073A3
SHA-512:	F1E35358F6E9012CB92E8F6D1064E8E8981B78DF580F2DFC27B2899173A9AD20D37DCD3213AF9C163ADFBC30F045F19493C78A2D52A41BC7BACB00662D0A7E05
Malicious:	true
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true</Star

C:\Users\user\AppData\Local\Temp\tmpB28F.tmp Download File
Process:	C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Size (bytes):	1645
Entropy (8bit):	5.1289587740971045
Encrypted:	false
MD5:	46C510CC07F2D7EBB4373E9ED9B10F65
SHA1:	C13487473E96DAE11E461AF878662528FD9B122B
SHA-256:	7B785577B84F1110A93DEA44CA9896358D759B503A4E5DF47FB7FAF74B1073A3
SHA-512:	F1E35358F6E9012CB92E8F6D1064E8E8981B78DF580F2DFC27B2899173A9AD20D37DCD3213AF9C163ADFBC30F045F19493C78A2D52A41BC7BACB00662D0A7E05
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true</Star

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\AZX544L1NOFYBDML4BDJ.temp Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Size (bytes):	8016
Entropy (8bit):	3.5704919026824595
Encrypted:	false
MD5:	8C91DCC2899350DC511D8FA604CBF627
SHA1:	0AE0891304F434123D3B10F8D28C4D09D722DE15
SHA-256:	D6A23CC197966912010FC16259F6F8D669A9A4BED77C09E2FAD93EFF2A1E20EA
SHA-512:	C09397D7D1A0B28DA7FC1159DCCEAE451E810790731031A9852E573748B433F009BD2F49F5B83FEC148CE43A45038E4AE2F7610CF2DC0D9207BCEF9F86914CFC
Malicious:	false
Reputation:	low
Preview:	...................................FL..................F.".. ....b..>...#...>...#...>...k............................P.O. .:i.....+00.../C:\...................\.1.....lF.R. PROGRA~2..D.......:..lF.R.........................P.r.o.g.r.a.m.D.a.t.a.....X.1......H]:. MICROS~1..@.......:...H]:.........................M.i.c.r.o.s.o.f.t.....R.1.....M>O@. Windows.<.......:..M>O@...(.....................W.i.n.d.o.w.s.......1.....~F\O..STARTM~1..j.......:..~F\O...2...............@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......I.k..Programs..f.......:...I.k...3...............<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1......I.h..ACCESS~1..l.......:..M>Z@...4...............B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:.%..WINDOW~1..R.......:.&.:.%...8.....................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:.& .WINDOW~1.LNK..Z.......:.&.:.&....)....................W.i.n.d.o.w.s.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HD5C8X6YVH9IY3KNPMG3.temp Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Size (bytes):	8016
Entropy (8bit):	3.5704919026824595
Encrypted:	false
MD5:	8C91DCC2899350DC511D8FA604CBF627
SHA1:	0AE0891304F434123D3B10F8D28C4D09D722DE15
SHA-256:	D6A23CC197966912010FC16259F6F8D669A9A4BED77C09E2FAD93EFF2A1E20EA
SHA-512:	C09397D7D1A0B28DA7FC1159DCCEAE451E810790731031A9852E573748B433F009BD2F49F5B83FEC148CE43A45038E4AE2F7610CF2DC0D9207BCEF9F86914CFC
Malicious:	false
Reputation:	low
Preview:	...................................FL..................F.".. ....b..>...#...>...#...>...k............................P.O. .:i.....+00.../C:\...................\.1.....lF.R. PROGRA~2..D.......:..lF.R.........................P.r.o.g.r.a.m.D.a.t.a.....X.1......H]:. MICROS~1..@.......:...H]:.........................M.i.c.r.o.s.o.f.t.....R.1.....M>O@. Windows.<.......:..M>O@...(.....................W.i.n.d.o.w.s.......1.....~F\O..STARTM~1..j.......:..~F\O...2...............@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......I.k..Programs..f.......:...I.k...3...............<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1......I.h..ACCESS~1..l.......:..M>Z@...4...............B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:.%..WINDOW~1..R.......:.&.:.%...8.....................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:.& .WINDOW~1.LNK..Z.......:.&.:.&....)....................W.i.n.d.o.w.s.

C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe Download File
Process:	C:\Users\user\Desktop\NEW_INVOICE.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Size (bytes):	556032
Entropy (8bit):	7.385329869892082
Encrypted:	false
MD5:	A24C195DA4F8A5DEE365875B3E3A38A1
SHA1:	89894D4B3132F35AC36132DDDD587C23CE866EEC
SHA-256:	606B235A75668449B6CA23C5588DB0CBD43AB384AE0553A55732E58A73882122
SHA-512:	258435D569A9C589BF54996717A03B4A50360E6C896CEED03B313157D68485575F34C60FE2845569D98DBB6A7B1AF1F6934C7CD15D4A331FB73BB6756A8A24B4
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[p%^.................p............... ........@.. ....................................@.................................<...O.................................................................................... ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B................p.......H.......H?...N...........C..x............................................0............(....(..........(.....o..........................(.......(.......(.......(.......(......N..(....o....(.....&..(........s.........s.........s.........s.........s..........0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0.................,.........o....+....9....~.........,2~.........(....o .....,.

C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe:Zone.Identifier Download File
Process:	C:\Users\user\Desktop\NEW_INVOICE.exe
File Type:	ASCII text, with CRLF line terminators
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\lNzSaUcIhlGHF.exe Download File
Process:	C:\Users\user\Desktop\NEW_INVOICE.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Size (bytes):	556032
Entropy (8bit):	7.385329869892082
Encrypted:	false
MD5:	A24C195DA4F8A5DEE365875B3E3A38A1
SHA1:	89894D4B3132F35AC36132DDDD587C23CE866EEC
SHA-256:	606B235A75668449B6CA23C5588DB0CBD43AB384AE0553A55732E58A73882122
SHA-512:	258435D569A9C589BF54996717A03B4A50360E6C896CEED03B313157D68485575F34C60FE2845569D98DBB6A7B1AF1F6934C7CD15D4A331FB73BB6756A8A24B4
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[p%^.................p............... ........@.. ....................................@.................................<...O.................................................................................... ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B................p.......H.......H?...N...........C..x............................................0............(....(..........(.....o..........................(.......(.......(.......(.......(......N..(....o....(.....&..(........s.........s.........s.........s.........s..........0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0.................,.........o....+....9....~.........,2~.........(....o .....,.

C:\Users\user\AppData\Roaming\lNzSaUcIhlGHF.exe:Zone.Identifier Download File
Process:	C:\Users\user\Desktop\NEW_INVOICE.exe
File Type:	ASCII text, with CRLF line terminators
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
eminentleague.com	192.185.129.21	true	true	0%, Virustotal, Browse	unknown
mail.eminentleague.com	unknown	unknown	true	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false	0%, Virustotal, Browse URL Reputation: safe	unknown
http://crl.entrust.net/server1.crl0	NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false		high
http://cps.letsencrypt.org0	NEW_INVOICE.exe, 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false	URL Reputation: safe	unknown
http://ocsp.entrust.net03	NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false	URL Reputation: safe	unknown
http://pi.hole/admin/5ManHole	NEW_INVOICE.exe	false	Avira URL Cloud: safe	unknown
http://cert.int-x3.letsencrypt.org/0	NEW_INVOICE.exe, 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false		high
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3J2L3Z4DHW9UY	SjKMY.exe, NEW_INVOICE.exe	false		high
http://crl.useZ	SjKMY.exe, 0000000D.00000002.602446126.04CD0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.int-x3.letsencrypt.org0/	NEW_INVOICE.exe, 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false	URL Reputation: safe	unknown
https://v6745Ki5eOlpwSJ6UFt.org	SjKMY.exe, 0000000D.00000002.600936606.01B80000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false	URL Reputation: safe	unknown
http://www.diginotar.nl/cps/pkioverheid0	NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false	URL Reputation: safe	low
https://paypal.me/justinboughton	SjKMY.exe, SjKMY.exe, 0000000D.00000000.468616532.00272000.00000020.00020000.sdmp, NEW_INVOICE.exe	false		high
https://v6745Ki5eOlpwSJ6UFt.orgH	SjKMY.exe, 0000000D.00000002.600936606.01B80000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.entrust.net0D	NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false	URL Reputation: safe	unknown
https://secure.comodo.com/CPS0	NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false		high
http://crl.entrust.net/2048ca.crl0	NEW_INVOICE.exe, 00000007.00000002.592489886.00346000.00000004.00000020.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false		high
http://ocsp.int-x3.letsencrypt.orT	SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://cps.root-x1.letsencrypt.org0	NEW_INVOICE.exe, 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, SjKMY.exe, 0000000D.00000002.599660337.00642000.00000004.00000020.sdmp	false	URL Reputation: safe	unknown
http://www.usertrust.	SjKMY.exe, 0000000D.00000002.602446126.04CD0000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://pi.hole/admin/	NEW_INVOICE.exe	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Country	Flag	ASN	ASN Name	Malicious
192.185.129.21	United States		46606	unknown	true

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.385329869892082
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	NEW_INVOICE.exe
File size:	556032
MD5:	a24c195da4f8a5dee365875b3e3a38a1
SHA1:	89894d4b3132f35ac36132dddd587c23ce866eec
SHA256:	606b235a75668449b6ca23c5588db0cbd43ab384ae0553a55732e58a73882122
SHA512:	258435d569a9c589bf54996717a03b4a50360e6c896ceed03b313157d68485575f34c60fe2845569d98dbb6a7b1af1f6934c7cd15d4a331fb73bb6756a8a24b4
SSDEEP:	12288:LxpQJFjY1HkXPLQky7EI5vnAi3h/Vx+KjarA7:1+7jYdKPy1vAEx+TrA7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[p%^.................p............... ........@.. ....................................@................................

File Icon


Icon Hash:	aab2e3e39383aa00

Static PE Info

General
Entrypoint:	0x488e8e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5E25705B [Mon Jan 20 09:18:19 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:	v2.0.50727
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x88e3c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8a000	0x800	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x8c000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x86e94	0x87000	False	0.803370949074	data	7.40004234633	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x8a000	0x800	0x800	False	0.3486328125	data	3.54747235368	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x8c000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0x8a090	0x3c4	data
RT_MANIFEST	0x8a464	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright 2018 Justin Boughton
Assembly Version	1.2.2.0
InternalName	ManHole.exe
FileVersion	1.2.2.0
CompanyName	Justin Boughton
LegalTrademarks
Comments	A simple stat viewer and management utility for Pi-Hole software
ProductName	ManHole
ProductVersion	1.2.2.0
FileDescription	ManHole
OriginalFilename	ManHole.exe

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 24, 2020 13:27:11.138900042 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:11.269542933 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:11.269965887 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:11.635843992 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:11.636332989 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:11.767146111 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:11.768887997 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:11.903709888 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:11.991286993 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:12.138353109 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:12.138377905 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:12.138391018 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:12.138567924 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:12.179358959 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:12.310749054 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:12.525557995 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:26.354283094 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:26.485173941 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:26.511954069 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:26.642870903 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:26.650279045 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:26.803409100 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:26.805442095 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:26.936297894 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:26.937362909 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:27.072266102 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:27.074508905 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:27.205180883 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:27.210073948 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:27.210441113 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:27.210702896 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:27.210963964 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:27:27.340681076 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:27.340933084 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:27.341213942 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:27.341470003 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:27.345470905 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:27:27.556304932 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:16.454399109 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:16.583884954 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:16.584194899 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:16.934586048 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:16.945132017 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:17.075393915 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:17.076788902 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:17.210445881 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:17.421000004 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:17.566405058 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:17.566436052 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:17.566453934 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:17.566831112 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:17.597399950 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:17.728471041 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:17.931926012 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:18.550838947 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:18.681126118 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:18.681874990 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:18.811589003 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:18.812172890 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:18.983716011 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:18.983752012 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:18.984379053 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.114547014 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.115441084 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.247786999 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.248573065 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.378288984 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.379086018 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.379340887 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.379429102 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.379513979 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.446685076 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.447540998 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.495266914 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.508481979 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.509345055 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.509551048 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.509572983 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.512631893 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.512856007 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.576195955 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.576436043 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.577347040 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.577450037 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.578814030 CET	587	49164	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.578902960 CET	49164	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.624970913 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.625740051 CET	587	49167	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.625986099 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.626036882 CET	49167	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.629403114 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.757006884 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.757364035 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:19.977699995 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:19.978310108 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.107522964 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.107825994 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.160048008 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.160263062 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.240483046 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.241574049 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.288248062 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.288605928 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.386985064 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.387023926 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.387043953 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.387159109 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.418502092 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.420600891 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.421639919 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.548599958 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.562397957 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.566796064 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.566814899 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.566827059 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.566896915 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.590795040 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.691373110 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.691878080 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.719279051 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.724821091 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.820879936 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.822424889 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.852739096 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.853290081 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.975508928 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.975876093 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:20.981540918 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:20.981884003 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.104597092 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.104969025 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.147423029 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.147917032 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.236017942 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.236603022 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.275760889 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.276182890 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.365422010 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.366272926 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.366760969 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.366945982 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.367058992 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.367202044 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.406474113 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.406894922 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.494987965 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.495145082 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.495364904 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.495517015 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.495634079 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.495714903 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.495738983 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.495820999 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.534636974 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.535571098 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.535778046 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.535891056 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.536051035 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.536230087 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.623816967 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.623934984 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.624142885 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.624294043 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.624305964 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.624351978 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.624419928 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.624473095 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.624614000 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.624713898 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.663228989 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.663300037 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.663397074 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.663400888 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.663532019 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.663535118 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.663773060 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.663922071 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.752628088 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.752760887 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.752808094 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.752913952 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.752948046 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.752978086 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.753124952 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.753217936 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.753849983 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.754139900 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.754400015 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.754657984 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.754924059 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.755187988 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.755434036 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.755728006 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.791109085 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.791135073 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.791244984 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.791465044 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.791594028 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.791683912 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.881473064 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.882110119 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.882414103 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.882677078 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.882921934 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.883179903 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.883455992 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.883687019 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.883929968 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.884396076 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.884423018 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.884444952 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.884864092 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.885191917 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.885457039 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.885859013 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.886166096 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.886504889 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.918924093 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.918953896 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.919105053 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.919148922 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.919172049 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.919197083 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:21.919574976 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.919697046 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.919815063 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.919922113 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.920027971 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.920135975 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.920269966 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:21.920377016 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.010745049 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.011183977 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.012480021 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.012861967 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.013015032 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.013200045 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.013375044 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.013565063 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.013712883 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.013931990 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.014370918 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.014385939 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.014559984 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.014673948 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.014734030 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.014966011 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.015044928 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.015247107 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.046938896 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.047118902 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.047219038 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.047312975 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.047441006 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.047528982 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.047625065 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.047693968 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.047852039 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.047899008 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.048228979 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.048319101 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.048511028 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.048703909 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.048947096 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.049279928 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.049617052 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.049921036 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.139827967 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.140255928 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.141426086 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.141660929 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.141746998 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.141916037 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.142118931 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.142416954 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.142455101 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.142632008 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.143307924 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.143348932 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.143476963 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.143618107 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.143739939 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.143874884 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.144062996 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.144249916 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.175667048 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.175708055 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.175820112 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.176048994 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.176059961 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.176212072 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.176246881 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.176346064 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.176460981 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.176585913 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.176743031 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.176877975 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.176959038 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.177090883 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.177136898 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.177360058 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.177464962 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.177911997 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.268922091 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.269365072 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.270359993 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.270406008 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.270607948 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.270756960 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.271166086 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.271187067 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.271362066 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.271640062 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.272198915 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.272367954 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.272466898 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.272528887 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.272578955 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.272752047 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.272804976 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.272954941 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.303865910 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.303939104 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.303957939 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.304234982 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.304255962 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.304357052 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.304553032 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.304645061 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.304672956 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.304682970 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.304814100 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.304934025 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.304995060 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.305105925 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.305301905 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.305429935 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.305474043 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.305680037 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.397986889 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.398670912 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.399169922 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.399329901 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.399636030 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.399779081 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.400384903 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.400417089 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.400696039 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.400804043 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.400968075 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.401371956 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.401396036 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.401469946 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.401663065 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.401825905 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.401937962 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.402054071 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.432080984 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.432401896 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.432626009 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.432682037 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.432691097 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.432699919 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.432719946 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.432835102 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.433052063 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.433213949 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.433445930 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.433581114 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.433590889 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.433613062 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.433721066 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.434015036 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.434313059 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.434564114 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.527477026 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.528135061 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.528156042 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.528283119 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.528647900 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.529006004 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.529267073 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.529428959 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.529711962 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.530090094 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.530241013 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.530396938 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.530468941 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.530625105 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.530657053 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.530814886 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.531018019 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.531126976 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.560221910 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.560575962 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.560697079 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.560807943 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.560895920 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.561034918 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.561108112 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.561130047 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.561254978 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.561343908 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.561451912 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.561561108 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.561584949 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.561903000 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.561908960 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.562200069 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.562273979 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.562552929 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.660248995 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.660279036 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.660293102 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.660305977 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.660319090 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.660331964 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.660345078 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.660357952 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.660370111 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.661565065 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.661729097 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.661923885 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.688271046 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.688496113 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.688611031 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.688847065 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.688970089 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.689095020 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.689394951 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.689748049 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.690357924 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.692580938 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.692676067 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.692750931 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.692847013 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.692964077 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.693056107 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.693142891 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.693213940 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.693306923 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.792907000 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.796802044 CET	587	49168	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.820271969 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.820296049 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.820311069 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.820564985 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.820581913 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.820597887 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.820633888 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.820727110 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.821352005 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.821619987 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.821959972 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.822096109 CET	49169	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:22.949485064 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.949523926 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.949594975 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.951751947 CET	587	49169	192.185.129.21	192.168.1.16
Jan 24, 2020 13:28:22.993714094 CET	49168	587	192.168.1.16	192.185.129.21
Jan 24, 2020 13:28:23.150352001 CET	49169	587	192.168.1.16	192.185.129.21

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 24, 2020 13:27:10.926304102 CET	56265	53	192.168.1.16	8.8.8.8
Jan 24, 2020 13:27:11.095786095 CET	53	56265	8.8.8.8	192.168.1.16
Jan 24, 2020 13:27:13.404232979 CET	60259	53	192.168.1.16	8.8.8.8
Jan 24, 2020 13:27:13.427861929 CET	53	60259	8.8.8.8	192.168.1.16
Jan 24, 2020 13:27:13.441203117 CET	59355	53	192.168.1.16	8.8.8.8
Jan 24, 2020 13:27:13.472940922 CET	53	59355	8.8.8.8	192.168.1.16
Jan 24, 2020 13:27:14.220590115 CET	57034	53	192.168.1.16	8.8.8.8
Jan 24, 2020 13:27:14.244148970 CET	53	57034	8.8.8.8	192.168.1.16
Jan 24, 2020 13:27:15.213515043 CET	57034	53	192.168.1.16	8.8.8.8
Jan 24, 2020 13:27:15.237108946 CET	53	57034	8.8.8.8	192.168.1.16
Jan 24, 2020 13:27:16.213596106 CET	57034	53	192.168.1.16	8.8.8.8
Jan 24, 2020 13:27:16.237109900 CET	53	57034	8.8.8.8	192.168.1.16
Jan 24, 2020 13:27:18.217652082 CET	57034	53	192.168.1.16	8.8.8.8
Jan 24, 2020 13:27:18.244271994 CET	53	57034	8.8.8.8	192.168.1.16
Jan 24, 2020 13:27:22.229660988 CET	57034	53	192.168.1.16	8.8.8.8
Jan 24, 2020 13:27:22.253144026 CET	53	57034	8.8.8.8	192.168.1.16
Jan 24, 2020 13:28:16.229892015 CET	63068	53	192.168.1.16	8.8.8.8
Jan 24, 2020 13:28:16.404453039 CET	53	63068	8.8.8.8	192.168.1.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 24, 2020 13:27:10.926304102 CET	192.168.1.16	8.8.8.8	0x3a51	Standard query (0)	mail.eminentleague.com	A (IP address)	IN (0x0001)
Jan 24, 2020 13:28:16.229892015 CET	192.168.1.16	8.8.8.8	0x6cbc	Standard query (0)	mail.eminentleague.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 24, 2020 13:27:11.095786095 CET	8.8.8.8	192.168.1.16	0x3a51	No error (0)	mail.eminentleague.com	eminentleague.com		CNAME (Canonical name)	IN (0x0001)
Jan 24, 2020 13:27:11.095786095 CET	8.8.8.8	192.168.1.16	0x3a51	No error (0)	eminentleague.com		192.185.129.21	A (IP address)	IN (0x0001)
Jan 24, 2020 13:28:16.404453039 CET	8.8.8.8	192.168.1.16	0x6cbc	No error (0)	mail.eminentleague.com	eminentleague.com		CNAME (Canonical name)	IN (0x0001)
Jan 24, 2020 13:28:16.404453039 CET	8.8.8.8	192.168.1.16	0x6cbc	No error (0)	eminentleague.com		192.185.129.21	A (IP address)	IN (0x0001)

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Jan 24, 2020 13:27:11.635843992 CET	587	49164	192.185.129.21	192.168.1.16	220-cp-ht-3.webhostbox.net ESMTP Exim 4.92 #2 Fri, 24 Jan 2020 12:26:44 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Jan 24, 2020 13:27:11.636332989 CET	49164	587	192.168.1.16	192.185.129.21	EHLO 899552
Jan 24, 2020 13:27:11.767146111 CET	587	49164	192.185.129.21	192.168.1.16	250-cp-ht-3.webhostbox.net Hello 899552 [84.17.52.66] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Jan 24, 2020 13:27:11.768887997 CET	49164	587	192.168.1.16	192.185.129.21	STARTTLS
Jan 24, 2020 13:27:11.903709888 CET	587	49164	192.185.129.21	192.168.1.16	220 TLS go ahead
Jan 24, 2020 13:28:16.934586048 CET	587	49167	192.185.129.21	192.168.1.16	220-cp-ht-3.webhostbox.net ESMTP Exim 4.92 #2 Fri, 24 Jan 2020 12:27:49 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Jan 24, 2020 13:28:16.945132017 CET	49167	587	192.168.1.16	192.185.129.21	EHLO 899552
Jan 24, 2020 13:28:17.075393915 CET	587	49167	192.185.129.21	192.168.1.16	250-cp-ht-3.webhostbox.net Hello 899552 [84.17.52.66] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Jan 24, 2020 13:28:17.076788902 CET	49167	587	192.168.1.16	192.185.129.21	STARTTLS
Jan 24, 2020 13:28:17.210445881 CET	587	49167	192.185.129.21	192.168.1.16	220 TLS go ahead
Jan 24, 2020 13:28:19.577347040 CET	587	49164	192.185.129.21	192.168.1.16	421 cp-ht-3.webhostbox.net lost input connection
Jan 24, 2020 13:28:19.624970913 CET	587	49167	192.185.129.21	192.168.1.16	421 cp-ht-3.webhostbox.net lost input connection
Jan 24, 2020 13:28:19.977699995 CET	587	49168	192.185.129.21	192.168.1.16	220-cp-ht-3.webhostbox.net ESMTP Exim 4.92 #2 Fri, 24 Jan 2020 12:27:52 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Jan 24, 2020 13:28:19.978310108 CET	49168	587	192.168.1.16	192.185.129.21	EHLO 899552
Jan 24, 2020 13:28:20.107522964 CET	587	49168	192.185.129.21	192.168.1.16	250-cp-ht-3.webhostbox.net Hello 899552 [84.17.52.66] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Jan 24, 2020 13:28:20.107825994 CET	49168	587	192.168.1.16	192.185.129.21	STARTTLS
Jan 24, 2020 13:28:20.160048008 CET	587	49169	192.185.129.21	192.168.1.16	220-cp-ht-3.webhostbox.net ESMTP Exim 4.92 #2 Fri, 24 Jan 2020 12:27:52 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Jan 24, 2020 13:28:20.160263062 CET	49169	587	192.168.1.16	192.185.129.21	EHLO 899552
Jan 24, 2020 13:28:20.240483046 CET	587	49168	192.185.129.21	192.168.1.16	220 TLS go ahead
Jan 24, 2020 13:28:20.288248062 CET	587	49169	192.185.129.21	192.168.1.16	250-cp-ht-3.webhostbox.net Hello 899552 [84.17.52.66] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Jan 24, 2020 13:28:20.288605928 CET	49169	587	192.168.1.16	192.185.129.21	STARTTLS
Jan 24, 2020 13:28:20.420600891 CET	587	49169	192.185.129.21	192.168.1.16	220 TLS go ahead

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: NEW_INVOICE.exe PID: 3540 Parent PID: 2640

General

Start time:	13:25:53
Start date:	20/01/2020
Path:	C:\Users\user\Desktop\NEW_INVOICE.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\Desktop\NEW_INVOICE.exe'
Imagebase:	0x1230000
File size:	556032 bytes
MD5 hash:	A24C195DA4F8A5DEE365875B3E3A38A1
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: ConventionEngine_Term_Desktop, Description: Searching for PE files with PDB path keywords, terms or anomalies., Source: 00000001.00000002.321842021.03F40000.00000004.00000001.sdmp, Author: @stvemillertime Rule: ConventionEngine_Term_Users, Description: Searching for PE files with PDB path keywords, terms or anomalies., Source: 00000001.00000002.321842021.03F40000.00000004.00000001.sdmp, Author: @stvemillertime Rule: JoeSecurity_CassandraCrypter, Description: Yara detected Cassandra Crypter, Source: 00000001.00000002.321842021.03F40000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CassandraCrypter, Description: Yara detected Cassandra Crypter, Source: 00000001.00000002.320873231.01F1B000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: powershell.exe PID: 3656 Parent PID: 3540

General

Start time:	13:25:55
Start date:	20/01/2020
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	'powershell' Get-MpPreference -verbose
Imagebase:	0x21ad0000
File size:	452608 bytes
MD5 hash:	92F44E405DB16AC55D97E3BFE3B132FA
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Analysis Process: schtasks.exe PID: 3900 Parent PID: 3540

General

Start time:	13:25:58
Start date:	20/01/2020
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lNzSaUcIhlGHF' /XML 'C:\Users\user\AppData\Local\Temp\tmpB1D8.tmp'
Imagebase:	0xe10000
File size:	179712 bytes
MD5 hash:	2003E9B15E1C502B146DAD2E383AC1E3
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: NEW_INVOICE.exe PID: 3968 Parent PID: 3540

General

Start time:	13:25:59
Start date:	20/01/2020
Path:	C:\Users\user\Desktop\NEW_INVOICE.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\NEW_INVOICE.exe
Imagebase:	0x1230000
File size:	556032 bytes
MD5 hash:	A24C195DA4F8A5DEE365875B3E3A38A1
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.594629850.01EC0000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: SjKMY.exe PID: 3300 Parent PID: 1440

General

Start time:	13:26:58
Start date:	20/01/2020
Path:	C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe
Wow64 process (32bit):	false
Commandline:	'C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe'
Imagebase:	0x270000
File size:	556032 bytes
MD5 hash:	A24C195DA4F8A5DEE365875B3E3A38A1
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CassandraCrypter, Description: Yara detected Cassandra Crypter, Source: 00000008.00000002.472784341.0196B000.00000004.00000001.sdmp, Author: Joe Security Rule: ConventionEngine_Term_Desktop, Description: Searching for PE files with PDB path keywords, terms or anomalies., Source: 00000008.00000002.474216706.03ED0000.00000004.00000001.sdmp, Author: @stvemillertime Rule: ConventionEngine_Term_Users, Description: Searching for PE files with PDB path keywords, terms or anomalies., Source: 00000008.00000002.474216706.03ED0000.00000004.00000001.sdmp, Author: @stvemillertime Rule: JoeSecurity_CassandraCrypter, Description: Yara detected Cassandra Crypter, Source: 00000008.00000002.474216706.03ED0000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low

Chronological Activities

Analysis Process: powershell.exe PID: 3840 Parent PID: 3300

General

Start time:	13:27:00
Start date:	20/01/2020
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	'powershell' Get-MpPreference -verbose
Imagebase:	0x21c00000
File size:	452608 bytes
MD5 hash:	92F44E405DB16AC55D97E3BFE3B132FA
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Analysis Process: schtasks.exe PID: 3780 Parent PID: 3300

General

Start time:	13:27:03
Start date:	20/01/2020
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\lNzSaUcIhlGHF' /XML 'C:\Users\user\AppData\Local\Temp\tmpB28F.tmp'
Imagebase:	0x980000
File size:	179712 bytes
MD5 hash:	2003E9B15E1C502B146DAD2E383AC1E3
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: SjKMY.exe PID: 2900 Parent PID: 3300

General

Start time:	13:27:04
Start date:	20/01/2020
Path:	C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\dDFKPCD\SjKMY.exe
Imagebase:	0x270000
File size:	556032 bytes
MD5 hash:	A24C195DA4F8A5DEE365875B3E3A38A1
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.600936606.01B80000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.600936606.01B80000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: NEW_INVOICE.exe PID: 3540 Parent PID: 2640 NEW_INVOICE.exeUNIQUE

Execution Graph

Execution Coverage:	14.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	4%
Total number of Nodes:	149
Total number of Limit Nodes:	7

Executed Functions

Function 00780A50, Relevance: 8.6, Strings: 5, Instructions: 2398
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

L[l, xrefs: 00780BB7
Xk, xrefs: 00780D07
8Rk, xrefs: 00780D37
8Rk, xrefs: 00780D97
8Rk, xrefs: 00780D67

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: 8Rk$8Rk$8Rk$L[l$Xk
API String ID: 0-1909057796
Opcode ID: c1912dc2108e1fb7031d5f767a8173276086953981d4da88109a423a1ec162b5
Instruction ID: 4a4f8444d5b71cf416f2e255d0c0f3408424cc3e4a2912fcb8b69159c611b467
Opcode Fuzzy Hash: c1912dc2108e1fb7031d5f767a8173276086953981d4da88109a423a1ec162b5
Instruction Fuzzy Hash: B8439334A01618CFCB64DF64C899BA9B7B2FF8A315F5041E9E549AB360DB316E85CF01

Uniqueness

Uniqueness Score: 100.00%

Function 00780A3F, Relevance: 8.6, Strings: 5, Instructions: 2398
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

L[l, xrefs: 00780BB7
Xk, xrefs: 00780D07
8Rk, xrefs: 00780D37
8Rk, xrefs: 00780D97
8Rk, xrefs: 00780D67

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: 8Rk$8Rk$8Rk$L[l$Xk
API String ID: 0-1909057796
Opcode ID: cc824d06d5b740482a5390c4d96f4d8692f3f3d3ea09467ced1de057eec9fe25
Instruction ID: 1c60913f35ad26aee3dc6b602c1c140330118e51e1427b6c49fd0e96bbe069b4
Opcode Fuzzy Hash: cc824d06d5b740482a5390c4d96f4d8692f3f3d3ea09467ced1de057eec9fe25
Instruction Fuzzy Hash: C2439334A01618CFCB64DF64C899BA9B7B2FF8A315F1041E9E549AB361DB316E85CF01

Uniqueness

Uniqueness Score: 100.00%

Function 0078335F, Relevance: 2.7, Strings: 2, Instructions: 170
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@}l, xrefs: 007834AD
<z(, xrefs: 007833D8

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: :@}l$<z(
API String ID: 0-1008631021
Opcode ID: f1c4bae171aebae2db5dbaa2dd7f33e6066997b7c7811be59927e86218648966
Instruction ID: e2ba676be9e8f8eee7f87c1ec966d21dd2ea4714c59bb4d3778c9ec72da8b704
Opcode Fuzzy Hash: f1c4bae171aebae2db5dbaa2dd7f33e6066997b7c7811be59927e86218648966
Instruction Fuzzy Hash: FF71C374E10208DFCF05DFE9C554AAEBBB2AF88304F248069D809AB365DB35AE45CF51

Uniqueness

Uniqueness Score: 100.00%

Function 007C0D87, Relevance: 1.6, APIs: 1, Instructions: 81networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C0E1B

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 8371ddb7c04f70846a3dfc9e91fca7970d4e4f7a2cc7d1023c196578daaad637
Instruction ID: c19577c354bad536a85a1c00c87e401bd8c72a262f1ffcd852b6dec1459d7378
Opcode Fuzzy Hash: 8371ddb7c04f70846a3dfc9e91fca7970d4e4f7a2cc7d1023c196578daaad637
Instruction Fuzzy Hash: EC219172509780AFD712CB61DC44F96BFB8EF46324F0884DAE944CF192D264A909CBB1

Uniqueness

Uniqueness Score: 0.92%

Function 007C096C, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

listen.WS2_32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C0A00

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: listen
String ID:
API String ID: 3257165821-0
Opcode ID: 10278120935a7db781f624cdd4f308c509cc007b53ed3aead64479f327e0a691
Instruction ID: 18c6b82fb434d5bd8a85c9f6f7d91da16038ddc409a5bd15f8e56a1691226317
Opcode Fuzzy Hash: 10278120935a7db781f624cdd4f308c509cc007b53ed3aead64479f327e0a691
Instruction Fuzzy Hash: 3421C775405384AFEB12CF50DC45F9ABFB8EF46324F0885DAE9449F193D3649905CBA1

Uniqueness

Uniqueness Score: 1.28%

Function 007C2C06, Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,00000E38), ref: 007C2C6D

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: c0be50cde94bdf1d7ce2e5184a8ba688038a5e50561bdf18a607fd95c330e75d
Instruction ID: cad2dee11ee969c203bd8d4b8922c724253940465a852deb4b24852e202aea68
Opcode Fuzzy Hash: c0be50cde94bdf1d7ce2e5184a8ba688038a5e50561bdf18a607fd95c330e75d
Instruction Fuzzy Hash: 6811D272500204AEEB20DB55DC85FAEFBACEF54320F04886EE905CB241DB74A5058AB1

Uniqueness

Uniqueness Score: 0.05%

Function 007C0DBA, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C0E1B

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 9402f1c53456fef5c427bf1f33c39eb2fba919e057b680b01e6c61538619a416
Instruction ID: 92a6b2d92dc29ab2657132c4ec7a81191b669027f3dcdad50d6e15de8340a769
Opcode Fuzzy Hash: 9402f1c53456fef5c427bf1f33c39eb2fba919e057b680b01e6c61538619a416
Instruction Fuzzy Hash: 7C119072500204EFEB20DF55DC84F9AF7ACEF55724F04896AE9098B245D774E544CAF1

Uniqueness

Uniqueness Score: 0.92%

Function 007C09AA, Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

listen.WS2_32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C0A00

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: listen
String ID:
API String ID: 3257165821-0
Opcode ID: f1f52b3b0ade8512a05507e978cddf1076dabec901d967461e002d03602a3489
Instruction ID: 90f5ea63d9fda12915df59d14ff2dd6e1825d2db23eaa82cbd9e522c388981d3
Opcode Fuzzy Hash: f1f52b3b0ade8512a05507e978cddf1076dabec901d967461e002d03602a3489
Instruction Fuzzy Hash: F311E072500204EEEB10CF55CC84FAAFBACEF95324F04C8AAE9089B245D678E5048AE1

Uniqueness

Uniqueness Score: 1.28%

Function 007878D0, Relevance: .6, Instructions: 609COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57093ff79d6dd04da8f29dd70cc6b73481c0b73a8a363ddb86a5acf3fe792c1e
Instruction ID: 28d3857c8efbfadd7c641bd82f4fdd1dc828dc676f1b2bdf275aa6d4977fee3d
Opcode Fuzzy Hash: 57093ff79d6dd04da8f29dd70cc6b73481c0b73a8a363ddb86a5acf3fe792c1e
Instruction Fuzzy Hash: DC52F274D112288FDB64EF69C854BEDBBB6AF49304F2085E9D109AB290DB349EC4CF51

Uniqueness

Uniqueness Score: 0.00%

Function 007853F8, Relevance: .5, Instructions: 527COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82842547dd50e8be45cfddc8a7f1f8b21e22e72cee0155436d9c170e438541d8
Instruction ID: 015002991e1b05e60864ed6103709f5b0c609f1d2acfa82d5faa82a144829407
Opcode Fuzzy Hash: 82842547dd50e8be45cfddc8a7f1f8b21e22e72cee0155436d9c170e438541d8
Instruction Fuzzy Hash: 7A42F274D45228CFCB28DF61D8487E9B7B2BB4A305F6488A9C54A67350DB798AC6CF10

Uniqueness

Uniqueness Score: 0.00%

Function 007878C1, Relevance: .5, Instructions: 482COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4bc86b193f3bcc1605066758c48a8a1b70118e3fff4bd2b3ab6b4108d24acab
Instruction ID: 36f2d3fe909c8d232c0f42694194d6a55422db8a234f9648c8f700568ff9b3b5
Opcode Fuzzy Hash: c4bc86b193f3bcc1605066758c48a8a1b70118e3fff4bd2b3ab6b4108d24acab
Instruction Fuzzy Hash: B5320474D14228CFDB64EF65C854BEDBBB6AF49304F2085EAD109AB290DB349E84CF51

Uniqueness

Uniqueness Score: 0.00%

Function 007849D0, Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7caeecbc444b7d74a1ff0f75b022a2cec6aaea33a6a15dda320491ef6b63c67
Instruction ID: cd4f636acf6be28e1e150982015e5cf9705685a68a1014821ef2ba8481b03915
Opcode Fuzzy Hash: a7caeecbc444b7d74a1ff0f75b022a2cec6aaea33a6a15dda320491ef6b63c67
Instruction Fuzzy Hash: B76125B4D041099FCF04EFE9C580AADFBF2BF89324F28C55AE514AB355DB3499418B61

Uniqueness

Uniqueness Score: 0.00%

Function 00780280, Relevance: 5.1, Strings: 4, Instructions: 117
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

P`(, xrefs: 00780370
P`(, xrefs: 007803BD
P`(, xrefs: 0078032A
P`(, xrefs: 007802D1

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: P`($P`($P`($P`(
API String ID: 0-61198860
Opcode ID: 0992e5f12c6ae663bcc34a15d2ec5ac47a6f1db37e5cf82ce817195a69e48ed8
Instruction ID: ea8eb90379d3905f8aeed82e8b9662e74d7ee133e2ddb8090308fc10474d091f
Opcode Fuzzy Hash: 0992e5f12c6ae663bcc34a15d2ec5ac47a6f1db37e5cf82ce817195a69e48ed8
Instruction Fuzzy Hash: EE418B78A01208DFDF00DFA8C584AADBBF1BF4D314F1044A9E502AB3A0D735A945EF55

Uniqueness

Uniqueness Score: 100.00%

Function 007805A8, Relevance: 4.0, Strings: 3, Instructions: 201
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@}l, xrefs: 007806D4
lc(, xrefs: 00780640, 0078066B, 00780742, 00780762, 0078096B
\,(, xrefs: 007806BD

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: :@}l$\,($lc(
API String ID: 0-3876432169
Opcode ID: 8cebb6df4ffe9797ddfdb63a37f350ebddaeeee3fbd4fa1434ae8b3d90aa897c
Instruction ID: 4ae6d6a648b45a170741ff47737ab41fef11099416a136bb2bd690c8b1bd7071
Opcode Fuzzy Hash: 8cebb6df4ffe9797ddfdb63a37f350ebddaeeee3fbd4fa1434ae8b3d90aa897c
Instruction Fuzzy Hash: 2991C074E01218CFDB54EFA8C994BDDBBB2BF49314F2040A9D409AB391DB35A989CF50

Uniqueness

Uniqueness Score: 100.00%

Function 007839DE, Relevance: 3.9, Strings: 3, Instructions: 158
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

;, xrefs: 007839C3
;, xrefs: 00783B27
9, xrefs: 0078399E

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: 9$;$;
API String ID: 0-765335408
Opcode ID: f721ce20233b3311f15feb2fd16ebc9106704ba71bb1bc778f654f595ad3e211
Instruction ID: 7fe3beac9892f60ea03b39740c9f26456f07ceaa3f62a25087e7e93eca042d47
Opcode Fuzzy Hash: f721ce20233b3311f15feb2fd16ebc9106704ba71bb1bc778f654f595ad3e211
Instruction Fuzzy Hash: 14511A70C8920ACFDB04EFA8D8846EDBBB5FF49704F20952AD055B7250E7785A89CF41

Uniqueness

Uniqueness Score: 100.00%

Function 00783B26, Relevance: 3.9, Strings: 3, Instructions: 155
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

;, xrefs: 007839C3
;, xrefs: 00783B27
9, xrefs: 0078399E

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: 9$;$;
API String ID: 0-765335408
Opcode ID: 385f3363a8df3de69119c006c724a22b96e7951443e70ac197e0465ece5183db
Instruction ID: 9d1a715671acf8ae213102ce767f9b68188f1c27d82c91aacefed14ae72d68ab
Opcode Fuzzy Hash: 385f3363a8df3de69119c006c724a22b96e7951443e70ac197e0465ece5183db
Instruction Fuzzy Hash: 5A51F7B0C4920ACFDB14EFA8D8446EDBBB8FF49704F20912AD056B7251E7785A4ACF41

Uniqueness

Uniqueness Score: 100.00%

Function 007800F7, Relevance: 2.6, Strings: 2, Instructions: 56
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hb(, xrefs: 00780164
a(, xrefs: 00780140

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: Hb($a(
API String ID: 0-446870321
Opcode ID: ccb2cb3213d2b34ce35e8e8f23e1410f62205312273cb78f96376d9cbb02d769
Instruction ID: ab500ae260403007a41c57c822f238acedb31680ba3da286c822b96325e10191
Opcode Fuzzy Hash: ccb2cb3213d2b34ce35e8e8f23e1410f62205312273cb78f96376d9cbb02d769
Instruction Fuzzy Hash: 29218E34D2214ACFCB00EBE4D44C69CBB72BF91308B1085B9D8099B295DB716E59CF96

Uniqueness

Uniqueness Score: 100.00%

Function 00780108, Relevance: 2.6, Strings: 2, Instructions: 50
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hb(, xrefs: 00780164
a(, xrefs: 00780140

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: Hb($a(
API String ID: 0-446870321
Opcode ID: 3dd33b036c61f23f1cbb09065df99b7c93269ebce1e3ccf5f754ef8f8256147b
Instruction ID: 27d6fda08c399946447345601aa235af8e214c0da7521fa1f87a7a327fdcf2de
Opcode Fuzzy Hash: 3dd33b036c61f23f1cbb09065df99b7c93269ebce1e3ccf5f754ef8f8256147b
Instruction Fuzzy Hash: F0116D34D2100ACFCB04EBE4E54D69DB772FF90309B104578E8099B295DB716E54CF9A

Uniqueness

Uniqueness Score: 100.00%

Function 0026B729, Relevance: 1.6, APIs: 1, Instructions: 109
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNEL32(?,00000E38,?,?), ref: 0026B802

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: eb357f7d51dad594a86a82715ec19a30e78a945c3858125d3e248566d99c7c46
Instruction ID: 1a10222f77bf3aa359a01d5de3d512f802bacc3ecbabf108daa7df28c1a571cf
Opcode Fuzzy Hash: eb357f7d51dad594a86a82715ec19a30e78a945c3858125d3e248566d99c7c46
Instruction Fuzzy Hash: 6A415C3550E3C0AFD3138B358C51A61BF74EF87620F0E85DBE8848B5A3D2256919D7B2

Uniqueness

Uniqueness Score: 0.03%

Function 007C2658, Relevance: 1.6, APIs: 1, Instructions: 103
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNEL32(?,00000E38), ref: 007C271D

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 305c567d4559b95a57019d61e60d8792c5a265d16985dc2ed2bf24c433f0a743
Instruction ID: 0945837b67de4fd41635e27e3ec76bcab8e987ff03f0492e157f05be6a4ebb6c
Opcode Fuzzy Hash: 305c567d4559b95a57019d61e60d8792c5a265d16985dc2ed2bf24c433f0a743
Instruction Fuzzy Hash: 6631AF72504744AFEB21CB61CC44FA7BBACEF45310F08899EE985DB552D224E909CB71

Uniqueness

Uniqueness Score: 0.15%

Function 0026B3FF, Relevance: 1.6, APIs: 1, Instructions: 102
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LsaLookupSids.ADVAPI32(?,00000E38), ref: 0026B4BA

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: LookupSids
String ID:
API String ID: 2427636062-0
Opcode ID: fd5a748ac8dc4536f12a16f0c4ad9e7e8e9dd38db90022ed0d61dad953867d21
Instruction ID: 3cdc9dd0bee2f2155fd0f301413300d31077bdd6342f4bc4958dd92878272e17
Opcode Fuzzy Hash: fd5a748ac8dc4536f12a16f0c4ad9e7e8e9dd38db90022ed0d61dad953867d21
Instruction Fuzzy Hash: 60318172504244AFEB21CFA5CC44FABBBACEF55314F0849AAF944CB152D764E548CB71

Uniqueness

Uniqueness Score: 100.00%

Function 007C339B, Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNEL32(?,00000E38), ref: 007C344B

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2ed6380c083b467d536d3d95518615e97138b22c464774aa967589431b758e76
Instruction ID: e847863cbbe7eabc1690daec01d89c7210f76ff44f5179fde6e28c0fe53d1072
Opcode Fuzzy Hash: 2ed6380c083b467d536d3d95518615e97138b22c464774aa967589431b758e76
Instruction Fuzzy Hash: 72319272404384AFE7128F61CC44FAABFACEF46324F04899AF945CB152D264A909DB61

Uniqueness

Uniqueness Score: 0.23%

Function 0026BBF3, Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0026BCA9

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: df301741be83c894090dadd247d19c04880d9a735c2a7fe64b75a84c62260ee6
Instruction ID: b588c31815a2a3405c59e5b6c4ea6c3481cd66ff9f9f78d45d25de78cb3f3565
Opcode Fuzzy Hash: df301741be83c894090dadd247d19c04880d9a735c2a7fe64b75a84c62260ee6
Instruction Fuzzy Hash: 31317EB2505380AFE722CF65CC44B66BFE8EF46314F08849AE9848B252D371E959CB71

Uniqueness

Uniqueness Score: 0.01%

Function 007C294C, Relevance: 1.6, APIs: 1, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNEL32(?,00000E38), ref: 007C29EB

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 850cb800cf7ac1d276a98611ef8e330932022a1d1e3655a4a39236fde5891dfd
Instruction ID: 02f3ae62dc0dfba5a16551823091194f13e292ee6c89e72fd55801121151e352
Opcode Fuzzy Hash: 850cb800cf7ac1d276a98611ef8e330932022a1d1e3655a4a39236fde5891dfd
Instruction Fuzzy Hash: F8318F72504344AFEB22CB61DC44FABBBACEF55324F0489AEF945CB152D264E9098B61

Uniqueness

Uniqueness Score: 0.23%

Function 0026AB26, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E38), ref: 0026ABD5

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 29b0b646370a6d4e3aadf4f94ca9a082d591dc1034b9bbbfd12db82cfef0fa43
Instruction ID: 91f2fbc67713c83fcc7dabf6d2f922ed7888ab0a570fbdf26ce8e07b10ab8499
Opcode Fuzzy Hash: 29b0b646370a6d4e3aadf4f94ca9a082d591dc1034b9bbbfd12db82cfef0fa43
Instruction Fuzzy Hash: DF31C472504380AFE722CF60CC45FA7BFBCEF56310F0889AAE9449B152D264E949CB71

Uniqueness

Uniqueness Score: 0.01%

Function 0026B426, Relevance: 1.6, APIs: 1, Instructions: 91UNIQUE

Download Yara Rule

APIs

LsaLookupSids.ADVAPI32(?,00000E38), ref: 0026B4BA

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: LookupSids
String ID:
API String ID: 2427636062-0
Opcode ID: 39eb0471931607a251fcb286c9475cb54ee5e3738059133a86f1907e776931d6
Instruction ID: 3941f01795d5da5c3bba0386ddb7927764f826353ba85d515270d9be43451526
Opcode Fuzzy Hash: 39eb0471931607a251fcb286c9475cb54ee5e3738059133a86f1907e776931d6
Instruction Fuzzy Hash: CF218C72510204AEEB21DFA5CC84FABF7ACEF54314F04896AF945CA141E774E5888BB1

Uniqueness

Uniqueness Score: 100.00%

Function 007C1025, Relevance: 1.6, APIs: 1, Instructions: 90networkUNIQUE

Download Yara Rule

APIs

accept.WS2_32(?,?), ref: 007C10C9

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: accept
String ID:
API String ID: 3005279540-0
Opcode ID: 94bbaaed21461034f0d3819c7a23844a440357807bb30c9fdc32d47fbb27b05e
Instruction ID: fd4d66b4fb4ad841310cabbedf439bc6de14967bd8945a67eab9427f54c17fb4
Opcode Fuzzy Hash: 94bbaaed21461034f0d3819c7a23844a440357807bb30c9fdc32d47fbb27b05e
Instruction Fuzzy Hash: 863181715093846FE712CB60DC45B96FFB8EF46314F0884AEE9848B253D375A908CB62

Uniqueness

Uniqueness Score: 23.02%

Function 007C2BD2, Relevance: 1.6, APIs: 1, Instructions: 90COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,00000E38), ref: 007C2C6D

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 35bde422a0b99a6463164d2b8e32af93f8796332f65fb0d15582aeb5eb85eecb
Instruction ID: 36ae2ff082b0c499deb2aeeb87c401331b564b3ca675a627b998bad23dfb877c
Opcode Fuzzy Hash: 35bde422a0b99a6463164d2b8e32af93f8796332f65fb0d15582aeb5eb85eecb
Instruction Fuzzy Hash: 2B31A0725093806FE7128B64DC55FAABFB8EF46310F08849FE944CB193D664A909C772

Uniqueness

Uniqueness Score: 0.05%

Function 0026AC1D, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 0026ACD8

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a822ea78f34012d17321355e2956ec0d66f299d1f9741222ed6965c568b7a313
Instruction ID: c7c9881119448c718d9c54ea4bde7295bda036f6f080e7f821a7c8fba90068d9
Opcode Fuzzy Hash: a822ea78f34012d17321355e2956ec0d66f299d1f9741222ed6965c568b7a313
Instruction Fuzzy Hash: 7131C272105780AFE722CF61CC45FA6BFBCEF46314F08849AE945DB152D260E949CB71

Uniqueness

Uniqueness Score: 0.03%

Function 007C304A, Relevance: 1.6, APIs: 1, Instructions: 89fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,?), ref: 007C30D6

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: bd6175069db35593f8a47fc90bfefd2ce344e3c8a78d9b295845e29d60676a83
Instruction ID: f07c8ae7bbcffac658598edcb60b970433cedde5b3477515c7f66fe8bfcb49c4
Opcode Fuzzy Hash: bd6175069db35593f8a47fc90bfefd2ce344e3c8a78d9b295845e29d60676a83
Instruction Fuzzy Hash: E831507250D3C45FD7138B259C55B92BFB89F17214F0D84DFE884CB1A3E2299949C762

Uniqueness

Uniqueness Score: 0.26%

Function 007C0B34, Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C0BD1

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 9705cd216770a76139e6284b8a10eac75d8e1c9f0be821a6b1697e0f9e86dd3b
Instruction ID: 2035ef55a05225ed2343f443f1a082f1816573b7cc9cfbb6518584668360d1a7
Opcode Fuzzy Hash: 9705cd216770a76139e6284b8a10eac75d8e1c9f0be821a6b1697e0f9e86dd3b
Instruction Fuzzy Hash: 0031D7B2505780AFDB128F60DC45F96BFB8EF56314F0885DEE984CB153D2249945CBB1

Uniqueness

Uniqueness Score: 0.67%

Function 007C04F4, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 007C059A

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 8826bf46d842329f79402d06abbb833fdd5cf35ab3175c781e5a42682d33e385
Instruction ID: 9d97c0a8bb1f088b8a9db4dbc65a979414fc7dfd460ba7ccf31970a13c8ed8ff
Opcode Fuzzy Hash: 8826bf46d842329f79402d06abbb833fdd5cf35ab3175c781e5a42682d33e385
Instruction Fuzzy Hash: 3531B172009380AFE722CF61DC44F96FFB8EF16214F08449EE9848B252D365A948CBA1

Uniqueness

Uniqueness Score: 0.53%

Function 0026AFCF, Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 0026B06C

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 83823b381aa933debad2359d5bf591baa3901d7c13c0ccba53dce3e71efc3182
Instruction ID: 04aa58e6e3028fc38e9096b2cefa8de62acfbd7f412665807cb6245f7a8aa2a3
Opcode Fuzzy Hash: 83823b381aa933debad2359d5bf591baa3901d7c13c0ccba53dce3e71efc3182
Instruction Fuzzy Hash: 3C31B172109780AFD712CF60CC44F9BBFBCEF46214F0884ABE944CB152D224A948CB72

Uniqueness

Uniqueness Score: 0.09%

Function 007C2682, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.KERNEL32(?,00000E38), ref: 007C271D

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: e4e10b452d06dcc89fa90ab5ff4a9bc626dec6bbc51d2fa2146d3a525dc1fbdc
Instruction ID: 7bdd608f2136dc6761c433b235a29ab742bf9a29d29d408d8819ebd3e12940db
Opcode Fuzzy Hash: e4e10b452d06dcc89fa90ab5ff4a9bc626dec6bbc51d2fa2146d3a525dc1fbdc
Instruction Fuzzy Hash: 97219E72100604AFEB20CE65CC84FABFBECEF54314F04896EEA45D6542E724E9098A71

Uniqueness

Uniqueness Score: 0.15%

Function 0026B2F3, Relevance: 1.6, APIs: 1, Instructions: 85UNIQUE

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E38), ref: 0026B38F

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: f37bf868bdbbd70bfcf3f3e0eb0ae2fe2dad7bee6e8c850a6aac2b9cd4315d33
Instruction ID: eeabac2305dc525d1b9588dc553509f31ba567e53adac54e4752f985a4583077
Opcode Fuzzy Hash: f37bf868bdbbd70bfcf3f3e0eb0ae2fe2dad7bee6e8c850a6aac2b9cd4315d33
Instruction Fuzzy Hash: 65218472504344AFE711CF64DC44FAAFBBCEF45310F08889AF944DB152D364A554CB61

Uniqueness

Uniqueness Score: 37.75%

Function 007C0875, Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 007C0915

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 0ce9e7a8574d29a93039a45797f2bd02d73f59d03699a4ab96be80543e823fc1
Instruction ID: 3e8a135b88a63aaef55c7451f1d35d52265fe43097dd07fa491e35760d320b99
Opcode Fuzzy Hash: 0ce9e7a8574d29a93039a45797f2bd02d73f59d03699a4ab96be80543e823fc1
Instruction Fuzzy Hash: D33141B1509780AFE711CB65CC45F56FFF8AF46314F0884AEE9448B252D375E948CBA1

Uniqueness

Uniqueness Score: 0.03%

Function 007C2866, Relevance: 1.6, APIs: 1, Instructions: 85pipeCOMMON

Download Yara Rule

APIs

CreatePipe.KERNEL32(?,00000E38,?,?), ref: 007C2916

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: CreatePipe
String ID:
API String ID: 2719314638-0
Opcode ID: 146af8d3bbef12047c48bb900fd24f00c2ef52f4de8dbb60f4f0909acbb5e323
Instruction ID: 6f8fefebf7574862060148362e8c1f98761ddddbcf21811bd28eef13fca254b4
Opcode Fuzzy Hash: 146af8d3bbef12047c48bb900fd24f00c2ef52f4de8dbb60f4f0909acbb5e323
Instruction Fuzzy Hash: 1531417150E3C06FD7138B758C55A56BFB8EF47610F1984DBE888CF293D224A919C7A2

Uniqueness

Uniqueness Score: 0.77%

Function 007C2765, Relevance: 1.6, APIs: 1, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C2814

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 157ec89e7a920c9c6d3a57d131ac533cc7d091334cdb0c66926ced443e5d57ee
Instruction ID: fa575d30ff2798614bc0db7aeed9a827aa5161aa6d32ae2e28c1bd1dc773bce2
Opcode Fuzzy Hash: 157ec89e7a920c9c6d3a57d131ac533cc7d091334cdb0c66926ced443e5d57ee
Instruction Fuzzy Hash: A931C372409780AFD7228B608C55F97FFB8AF56310F0889DEE9858B1A3D264E549C761

Uniqueness

Uniqueness Score: 0.19%

Function 007C112C, Relevance: 1.6, APIs: 1, Instructions: 83networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C11C6

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 22c57455b4ad2fc2d638eec7caec479bed4a415c6c7d8103ae5da08c2cbde418
Instruction ID: ceba0aef8687967803b121799e251fc97612a87ae109c5b027c09a3e8872eab3
Opcode Fuzzy Hash: 22c57455b4ad2fc2d638eec7caec479bed4a415c6c7d8103ae5da08c2cbde418
Instruction Fuzzy Hash: 26218072409384AFD712CB618C44F9ABFBCAF46324F0985EBE984DB153D224A548CBB1

Uniqueness

Uniqueness Score: 0.67%

Function 007C2F70, Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

SetNamedSecurityInfoW.ADVAPI32(?,?,?,?,?,?,?), ref: 007C300A

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: InfoNamedSecurity
String ID:
API String ID: 1443090519-0
Opcode ID: eff4f9d75887f674d012bac76dce59550bd28c80c3b3a404894f14eb9c5d55c6
Instruction ID: 2ce96cecb18c6d34fcef61a9223cd1b1147708b161c0e282d7687501a39978f8
Opcode Fuzzy Hash: eff4f9d75887f674d012bac76dce59550bd28c80c3b3a404894f14eb9c5d55c6
Instruction Fuzzy Hash: E63149766047849FDB21CF25CC44F52FBF8EF46710F08849EE949CB262E224E949CB61

Uniqueness

Uniqueness Score: 4.65%

Function 007C12DD, Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNELBASE(?,00000E38,?,?), ref: 007C138A

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: 6cd77fcb7ef208738b9d93dd82882a7d1cb68144b9f0bffd48e49ba8139e1b23
Instruction ID: 7d9d751ac334ced40eb065342b3898de8a0d8b5d548558a48a794fed8b40efed
Opcode Fuzzy Hash: 6cd77fcb7ef208738b9d93dd82882a7d1cb68144b9f0bffd48e49ba8139e1b23
Instruction Fuzzy Hash: 0A3193725097C05FD312CB65DC55B62BFB8EF87610F0A81DBE8848F693D224A919C7A2

Uniqueness

Uniqueness Score: 3.53%

Function 007C2CCB, Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

FindWindowA.USER32(?,00000E38), ref: 007C2D6E

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: FindWindow
String ID:
API String ID: 134000473-0
Opcode ID: 85eba09b8f995057fb45aacdf6e9492d55d7ddddd40ce566e531b023571976cc
Instruction ID: 3ca79c946b94d4beabf3e26180dc1de926b6b8025dfbddcb8477f6d184d127e0
Opcode Fuzzy Hash: 85eba09b8f995057fb45aacdf6e9492d55d7ddddd40ce566e531b023571976cc
Instruction Fuzzy Hash: 1F21B671409380AFE7128B50CC45F96BFB8EF56320F0884DAF9449F192D278A949CB71

Uniqueness

Uniqueness Score: 1.40%

Function 007C296E, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNEL32(?,00000E38), ref: 007C29EB

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: dc98583958b0d2528d50bc53831519394bd7fbb92eb769f436c5e3e297956f1a
Instruction ID: c2ba4fd938879473a35f0bee73e68f9002b88f7e4e8343144a1d4909a653b5d3
Opcode Fuzzy Hash: dc98583958b0d2528d50bc53831519394bd7fbb92eb769f436c5e3e297956f1a
Instruction Fuzzy Hash: A621B272500204AFEB21CFA1CC44FABFBACEF54324F04896EF945C6551D775E5498BA1

Uniqueness

Uniqueness Score: 0.23%

Function 007C33CE, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNEL32(?,00000E38), ref: 007C344B

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: e9c23845d44d76a18873884d76d4378a0f07d26025696714f024b7cd4c056755
Instruction ID: 6de9a4753791e45a4ed9b9e2722cec44e6f7883b0c1bc4512659c1803dffecd9
Opcode Fuzzy Hash: e9c23845d44d76a18873884d76d4378a0f07d26025696714f024b7cd4c056755
Instruction Fuzzy Hash: BF21C172500204AFEB21CFA5CC44FABFBACEF54324F04896EF945CA141D774E6498B61

Uniqueness

Uniqueness Score: 0.23%

Function 007C3577, Relevance: 1.6, APIs: 1, Instructions: 78threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNEL32(?,?), ref: 007C3617

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 783a3918b7ac89403ea1af075248d27f9399745fa47055514e9e3784a1f59d5d
Instruction ID: 8b39f8a221294cc5e3b32ba6a35ac0db7b102b44a3eb38f5f76a7dd36e234b78
Opcode Fuzzy Hash: 783a3918b7ac89403ea1af075248d27f9399745fa47055514e9e3784a1f59d5d
Instruction Fuzzy Hash: F031297550E3C49FD7138B25DC99A51BFB4AF13314F0A80DFD8858F2A3D268A909CB62

Uniqueness

Uniqueness Score: 0.60%

Function 007C0406, Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 007C0491

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 901d45134425068465fdcd8308df210d65c26eea6781525d48dbd3f412e9e1e2
Instruction ID: ff9350137a89e7058bc732377c49c2837308dd45ec0c511dfeba9375aac470f1
Opcode Fuzzy Hash: 901d45134425068465fdcd8308df210d65c26eea6781525d48dbd3f412e9e1e2
Instruction Fuzzy Hash: 25217171505380AFE721CB65DC45F66FFA8EF46714F0884AEE9448B252D375E904CB61

Uniqueness

Uniqueness Score: 0.68%

Function 0026B82E, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 0026B8BA

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 3e0819e41f585441e705cd59546198628f8df685f27aefc667ffd547267ca341
Instruction ID: e21a64c59ce80b32257c1b96560471191cf8cd59fbaeeb34dad7aab928b65283
Opcode Fuzzy Hash: 3e0819e41f585441e705cd59546198628f8df685f27aefc667ffd547267ca341
Instruction Fuzzy Hash: 79218271409780AFE722CF51DC45F96FFB8EF45310F08849EE9858B252D375A458CB61

Uniqueness

Uniqueness Score: 0.66%

Function 007C34A9, Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 007C3530

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 81e97a63257acb773ca928d6031d997067bbba3ce537455ff0cb3abf20af427f
Instruction ID: a0175253e424932cc5e54ba752bdf412a30b9068267b01f163107e224fbf5495
Opcode Fuzzy Hash: 81e97a63257acb773ca928d6031d997067bbba3ce537455ff0cb3abf20af427f
Instruction Fuzzy Hash: 83219C725097C09FDB12CB35DC55B92BFA49F47320F0D84DAE9848F263D625AA08CB62

Uniqueness

Uniqueness Score: 0.03%

Function 0026BC2A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0026BCA9

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: b65ecfd1ae6f30c2be5a34d51c69512ad3e62fe5e1448a07a031d8660548051e
Instruction ID: ca557dc6c77424df04c4eb662bdedf1e6f4aeb68d7328024d096a62ebc2865f4
Opcode Fuzzy Hash: b65ecfd1ae6f30c2be5a34d51c69512ad3e62fe5e1448a07a031d8660548051e
Instruction Fuzzy Hash: D721AE71500300AFEB21CF65CC44B66FBE8EF59314F04886AE945CB252D771E998CB71

Uniqueness

Uniqueness Score: 0.01%

Function 0026BD00, Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 0026BD95

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 24a72b960f45163ab206508e02e62efd3045ae1d9d13a8cbf8c81101847c8bef
Instruction ID: b9824639af0889c98b44cb0ac2ebf9d9e2b7bd33dc003059f878bb30033b8b86
Opcode Fuzzy Hash: 24a72b960f45163ab206508e02e62efd3045ae1d9d13a8cbf8c81101847c8bef
Instruction Fuzzy Hash: 3021F8B6408780AFE7128B259C44BA7BFBCEF46324F08859AE9848B153D364A945CB71

Uniqueness

Uniqueness Score: 0.11%

Function 007C016A, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C01FC

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 3e753ad9db4940f768b2e296307f27e12ecbdeb5d8d8fd244bac7720030489b7
Instruction ID: 722b367e3d593cae02c4cf7143b4d535f27371efc2972281693cc5f756ec01d4
Opcode Fuzzy Hash: 3e753ad9db4940f768b2e296307f27e12ecbdeb5d8d8fd244bac7720030489b7
Instruction Fuzzy Hash: A821BD72105740AFE722CF51CC44F97FBBCEF45320F08849EEA459B292D264E908CBA1

Uniqueness

Uniqueness Score: 0.03%

Function 0026AB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E38), ref: 0026ABD5

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 9c0a45689361750a5b98acef0997c13d16cc9495a91fc1c808b72f16b18b7914
Instruction ID: a04690a4e12e2f7cd486444dd04675f3d12aff67bec9263cb25cbf09371d4e44
Opcode Fuzzy Hash: 9c0a45689361750a5b98acef0997c13d16cc9495a91fc1c808b72f16b18b7914
Instruction Fuzzy Hash: 5021D172510704AFEB20DF51DC44FABF7ACEF64324F04896AE90596141E770E958CEB2

Uniqueness

Uniqueness Score: 0.01%

Function 007C0E79, Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

getsockname.WS2_32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C0EFF

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: getsockname
String ID:
API String ID: 3358416759-0
Opcode ID: 812edf07dc7e14a1ed609499654592ed627a99392926f1ee69f369888203fddb
Instruction ID: 9355172f30d6b44d9f2e6215bc1e192206dd634a38b169a2687205d7cc1b223b
Opcode Fuzzy Hash: 812edf07dc7e14a1ed609499654592ed627a99392926f1ee69f369888203fddb
Instruction Fuzzy Hash: 16217172509384AFD721CB55CC44F9ABFBCEF46320F08859AE9489B152D264E944CBB1

Uniqueness

Uniqueness Score: 1.37%

Function 007C20E3, Relevance: 1.6, APIs: 1, Instructions: 74libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E38), ref: 007C2183

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3c1232f56aa0c96e5322e5a53cf962814332312f26fb3699ab1936c641a703ea
Instruction ID: e47f7ab73f8ee3ab0ebed5d8ac825c1b5e43d4c0508b9297ff58fafaba7f7279
Opcode Fuzzy Hash: 3c1232f56aa0c96e5322e5a53cf962814332312f26fb3699ab1936c641a703ea
Instruction Fuzzy Hash: AA21C8714453846FE712CB10DD45FA6FFB8DF42720F0880DAE9849F193D269A949C7B2

Uniqueness

Uniqueness Score: 0.02%

Function 0026BEB2, Relevance: 1.6, APIs: 1, Instructions: 73fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 0026BF31

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: cf28aec8e7742c1b1384b007cdfa17b93a977ddb986391bd4a4e998b4b72278f
Instruction ID: 7d8a9db7824e065e7361036c68a7d3e4642f6eb730c2d4e1d04691df845d556c
Opcode Fuzzy Hash: cf28aec8e7742c1b1384b007cdfa17b93a977ddb986391bd4a4e998b4b72278f
Instruction Fuzzy Hash: 6221CF72405340AFEB228F51DC44FA7BBACEF85724F04899AF9448B152D264A948CBB1

Uniqueness

Uniqueness Score: 0.02%

Function 0026B31E, Relevance: 1.6, APIs: 1, Instructions: 72UNIQUE

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E38), ref: 0026B38F

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: 1f7e39084c129384316c9b3920280ba191ac502260aa98b10a84532b7634e61c
Instruction ID: 3e76f599c807ad91c8bbf8d33c854b0177a4e175ae5f45e44ac5a76449b703b3
Opcode Fuzzy Hash: 1f7e39084c129384316c9b3920280ba191ac502260aa98b10a84532b7634e61c
Instruction Fuzzy Hash: 6B21C372610204AFEB21DFA5DC45FABFBACEF55310F0488AAFD04CA641D770E5588A71

Uniqueness

Uniqueness Score: 37.75%

Function 007C08A2, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 007C0915

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: fe848e6dac8ccdc05fb563a913df17df6ce3604b9f0ba3e59417130aad9a85ec
Instruction ID: 028fc69b2ad85f2cd86d93deea25817658cd8339832ee26cc9cfeb22a240ce8f
Opcode Fuzzy Hash: fe848e6dac8ccdc05fb563a913df17df6ce3604b9f0ba3e59417130aad9a85ec
Instruction Fuzzy Hash: 83218E71500244AFE720DF65CD85FA6FBE8EF59714F08846EE9488B246D375E908CAA1

Uniqueness

Uniqueness Score: 0.03%

Function 0026BB32, Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

GetFileAttributesExW.KERNEL32(?,?,?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 0026BBAA

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: fb9655cb4dd49aa50b4b638a7d735078b3a4140dbb83c181f09b621a7b27b81a
Instruction ID: ae5d5b1c3ac68410ccc37b46ac27723c71b5f26740a3719ccc969849afe80504
Opcode Fuzzy Hash: fb9655cb4dd49aa50b4b638a7d735078b3a4140dbb83c181f09b621a7b27b81a
Instruction Fuzzy Hash: 8021AC765093809FDB12CF25DC45B92BFB8EF07314F0984EAE984CB263D224A858CB61

Uniqueness

Uniqueness Score: 6.12%

Function 007C0F5D, Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C0FDB

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: beebbf5c81ada5f9a016ce73e94bff65ed7110e8c4b3237cd032126a44717664
Instruction ID: 46b4d205bfe72643445a0eacc875d459efed0637797277177c21bed1d5dc378d
Opcode Fuzzy Hash: beebbf5c81ada5f9a016ce73e94bff65ed7110e8c4b3237cd032126a44717664
Instruction Fuzzy Hash: E621A472409384AFDB12CF50CC44F9AFFB8EF46314F08849AF9449B152D274A544CB61

Uniqueness

Uniqueness Score: 0.45%

Function 0026B002, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 0026B06C

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 5dabfee6c6494c341db72e4e08ed492d4fddc9c00a00753881be9608ee2e3435
Instruction ID: 286d24fbb038e3206be6a538fbb8086240f9ede166a9b71da8a3d985e9fa9743
Opcode Fuzzy Hash: 5dabfee6c6494c341db72e4e08ed492d4fddc9c00a00753881be9608ee2e3435
Instruction Fuzzy Hash: 2B11C372510204AFEB218F51CC44FABFBACEF54324F04896AE905CA255E771E5988BB1

Uniqueness

Uniqueness Score: 0.09%

Function 0026B913, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 0026B990

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 0b187dc9dc3bd8679fcd3b3828acfd9a7c3ab0ca039199c125ec8a5c70e75b27
Instruction ID: 690ff3da5bf2b906cd24f7d958f0d3802b5d495c86d34f135201465280e6824a
Opcode Fuzzy Hash: 0b187dc9dc3bd8679fcd3b3828acfd9a7c3ab0ca039199c125ec8a5c70e75b27
Instruction Fuzzy Hash: A2218C724093C0AFDB128F61DC44A92BFB4EF47320F0985DAE9848B563C3359959CB61

Uniqueness

Uniqueness Score: 0.42%

Function 0026AC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 0026ACD8

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 48b615bc0eebf74fafe5d01875325010cb4357653719928123ef456b2ba7b480
Instruction ID: 9e3e67afe708174c1bf8d730f6841aa4be291d0a3af43c3daf015c89a467247e
Opcode Fuzzy Hash: 48b615bc0eebf74fafe5d01875325010cb4357653719928123ef456b2ba7b480
Instruction Fuzzy Hash: 3B21C071210604AFEB20CF51CC80FA6F7ECEF55710F04855AE905DB251D760E958CEB2

Uniqueness

Uniqueness Score: 0.03%

Function 007C105E, Relevance: 1.6, APIs: 1, Instructions: 68networkUNIQUE

Download Yara Rule

APIs

accept.WS2_32(?,?), ref: 007C10C9

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: accept
String ID:
API String ID: 3005279540-0
Opcode ID: 15f3893332a6059804f28fac3d7fa489e5cdcb2ac6a83e1bb9be1232d5d91b24
Instruction ID: de895037752c1a120688cd52266ef1e59e8c8795668ff541bbf1e3e8519fd43d
Opcode Fuzzy Hash: 15f3893332a6059804f28fac3d7fa489e5cdcb2ac6a83e1bb9be1232d5d91b24
Instruction Fuzzy Hash: CC21F371100244AFE720CF95CC45FA6FBE8EF45324F14846EED448B242D375E844CA72

Uniqueness

Uniqueness Score: 23.02%

Function 007C0426, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 007C0491

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 91b6d0c72c9d114ca5d9ee2794d7eb51a43c2240d9c61be1138928e6dfc69c0a
Instruction ID: 26635dfe692b556022df70f0c5fc7572d2fb4762798882a3f9ca4ad15b168cb7
Opcode Fuzzy Hash: 91b6d0c72c9d114ca5d9ee2794d7eb51a43c2240d9c61be1138928e6dfc69c0a
Instruction Fuzzy Hash: 1E21A171500340AFEB24DFA5CC85FA6FBE8EF56724F04886EED448B241D375E904CAA1

Uniqueness

Uniqueness Score: 0.68%

Function 007C3700, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 007C3780

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 6f5c3b379d1fa5e04dc0bfcf258d6e09967012625a5474c5816086259b24f665
Instruction ID: 648a3642fe2e8ae964e51555f725520ee57ac99a1e74b2f2530f1baedbfb0dcf
Opcode Fuzzy Hash: 6f5c3b379d1fa5e04dc0bfcf258d6e09967012625a5474c5816086259b24f665
Instruction Fuzzy Hash: 9921C2B61097C09FDB12CF25DC85A92FFB4EF07320F0980DEE9858B563D224A948DB61

Uniqueness

Uniqueness Score: 0.04%

Function 0026B84E, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 0026B8BA

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 303acdf5fc4d666aff6ce591cc9211c1a2948d3b59cde075cce1f4e35a87a81c
Instruction ID: 2661f32673373d600c607a530ecee3a4db8ff783ba2ed55ed69ae62602628b79
Opcode Fuzzy Hash: 303acdf5fc4d666aff6ce591cc9211c1a2948d3b59cde075cce1f4e35a87a81c
Instruction Fuzzy Hash: 5321D171505240AFEB21CFA1DC45B9AFBE8EF49324F04886EEA458B251D371E458CF61

Uniqueness

Uniqueness Score: 0.66%

Function 007C0526, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 007C059A

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 9c2d44833d6a031453ce5a162e0a64c3a0ba264fb27d1420836b6b51fd645183
Instruction ID: fd9a7a5579c22c27f33679a01ce3d6d240cf5e54f9ec54cf175ba1e0cc08aba5
Opcode Fuzzy Hash: 9c2d44833d6a031453ce5a162e0a64c3a0ba264fb27d1420836b6b51fd645183
Instruction Fuzzy Hash: 44219D72100204AFEB21CF95DD45FAAFBE8EF59324F04886EE9458B241D775E918CFA1

Uniqueness

Uniqueness Score: 0.53%

Function 007C1675, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 007C16F1

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 2635725ada6d12fe6ce6747fdf3e551e83d9ec5d2719643590f32226d8c8fc49
Instruction ID: 8ce5903e927183f9ab3eb8a4dc44afa1e6cbd9e6e5cf3f08cfe399e79fcf486a
Opcode Fuzzy Hash: 2635725ada6d12fe6ce6747fdf3e551e83d9ec5d2719643590f32226d8c8fc49
Instruction Fuzzy Hash: 122190765093809FDB22CE25DC45B62BFB8EF56314F09809EED848B253D265E908CB62

Uniqueness

Uniqueness Score: 0.65%

Function 007C2F9E, Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

SetNamedSecurityInfoW.ADVAPI32(?,?,?,?,?,?,?), ref: 007C300A

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: InfoNamedSecurity
String ID:
API String ID: 1443090519-0
Opcode ID: a47025deafbf7c9b7d3a91b5fd6334ef6ac410c1194d4f1dc82dc424368fd0e7
Instruction ID: d2698e20e584eef95a2f33cc8ebf442502efd874d01819743a3332142fbfdf60
Opcode Fuzzy Hash: a47025deafbf7c9b7d3a91b5fd6334ef6ac410c1194d4f1dc82dc424368fd0e7
Instruction Fuzzy Hash: 632130766002449FDB20CF66C884F52F7E8EF14710F0884AEE949CB252D375E945CB61

Uniqueness

Uniqueness Score: 4.65%

Function 007C018A, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C01FC

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 5a66bcad1d32451508c347757a6970beba505222906dc3e565ad5a2551ad74ff
Instruction ID: ab29bf9b5c8c5bc61027d964b45b486ec960ba41e7dbdc00206cd4887bd4bbd5
Opcode Fuzzy Hash: 5a66bcad1d32451508c347757a6970beba505222906dc3e565ad5a2551ad74ff
Instruction Fuzzy Hash: 7111AF72100704EFEB21CE51DC84FABF7ACEF54720F08895EEA459A251D764E948CAB1

Uniqueness

Uniqueness Score: 0.03%

Function 007C0B72, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C0BD1

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: ab8a17e93763d08cb5cbd9ceca53f50e52e25e0715b6aef06f693032fe0e33ba
Instruction ID: c842df2130a85b21beb2d11d13e54c08a055baa98107dfef8efa7edb5e3058a7
Opcode Fuzzy Hash: ab8a17e93763d08cb5cbd9ceca53f50e52e25e0715b6aef06f693032fe0e33ba
Instruction Fuzzy Hash: 7511BE72100604EFEB208F95DC84FAAFBACEF55324F04896EE9058B255D775E9488BB1

Uniqueness

Uniqueness Score: 0.67%

Function 007C1162, Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C11C6

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 966a962543c545533858d067a24c50f2a8373e1d67fba8da0bfecb79a9484d0e
Instruction ID: c5961f83d1ae25f49e17495d34b961fe0b275e9bd2b94e32c4d4284a51b4afc9
Opcode Fuzzy Hash: 966a962543c545533858d067a24c50f2a8373e1d67fba8da0bfecb79a9484d0e
Instruction Fuzzy Hash: 2611B276500204AFEB10CF91CC84F9AF7ACEF95324F14896BEA09DB245E774E504CAB1

Uniqueness

Uniqueness Score: 0.67%

Function 007C15CC, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

AddAtomW.KERNEL32(?), ref: 007C1634

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: Atom
String ID:
API String ID: 2154973765-0
Opcode ID: 2642c7f3153f0c664b25d329f9fd72b3b4ac247b9c3c2f818f2ee7c9a85f65c1
Instruction ID: dc9319d44763cd78cfe9f71648dab7478cdf01cab3426c5ffa46f41eb05a3d31
Opcode Fuzzy Hash: 2642c7f3153f0c664b25d329f9fd72b3b4ac247b9c3c2f818f2ee7c9a85f65c1
Instruction Fuzzy Hash: 5F116D715093809FDB12CB25DC55B52BFB8DF47720F0880EAED849F253D669A908CB62

Uniqueness

Uniqueness Score: 0.38%

Function 0026A65A, Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32(?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 0026A6CC

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: b7e8f66eac3a7fe2ae5fe0d54f5f143a26ada9a6f61b10c2de20d475882ff583
Instruction ID: 8a33cc2436ebc10cd86e0afd56c4031d2ede93e45d247a1778c96a074bfe8b03
Opcode Fuzzy Hash: b7e8f66eac3a7fe2ae5fe0d54f5f143a26ada9a6f61b10c2de20d475882ff583
Instruction Fuzzy Hash: 2921366140E3C45FDB128B25DC54A62BFB49F47624F0D80DBED849B2A3D2699948CB72

Uniqueness

Uniqueness Score: 0.23%

Function 007C3861, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 007C38D5

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 88331131991ed09d9f362c0ad90294273b3c7280646c35da2d043e0cd633a02d
Instruction ID: 9dbdf861f8fb19d053ee8aa5f9aba54225c9e23f4b40b9fefbac60fe9be7e244
Opcode Fuzzy Hash: 88331131991ed09d9f362c0ad90294273b3c7280646c35da2d043e0cd633a02d
Instruction Fuzzy Hash: 6C218C724093C09FDB128F25CC44A52BFB0EF17320F0984DEE9858F163D265A918DB62

Uniqueness

Uniqueness Score: 0.10%

Function 007C00C6, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetComputerNameW.KERNEL32(?,00000E38,?,?), ref: 007C0142

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: d7498e3559270e759e0038d161aebbd93b51429e1e8e3a0f0cf9ad46ace3773d
Instruction ID: b1f60ed2e904ae013b0596edbc3bd27ef182cd809512566a550f9595d4e5baba
Opcode Fuzzy Hash: d7498e3559270e759e0038d161aebbd93b51429e1e8e3a0f0cf9ad46ace3773d
Instruction Fuzzy Hash: 0911B271905340AFD3118B16DC45F76BFB8EFC6620F09819AED489B682D225B919CBB2

Uniqueness

Uniqueness Score: 0.11%

Function 007C0E9E, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

getsockname.WS2_32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C0EFF

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: getsockname
String ID:
API String ID: 3358416759-0
Opcode ID: 9402f1c53456fef5c427bf1f33c39eb2fba919e057b680b01e6c61538619a416
Instruction ID: 2c9c36d0070f6d6822b16df0c99b42e4d99872007c30366fd0c14133ec5ef9fe
Opcode Fuzzy Hash: 9402f1c53456fef5c427bf1f33c39eb2fba919e057b680b01e6c61538619a416
Instruction Fuzzy Hash: 28119072500204EEEB20CF55CC84F9AF7ACEF55324F04896EE9098B245D774E944CAB1

Uniqueness

Uniqueness Score: 1.37%

Function 0026A5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNEL32(?,?,?,?,?,?,?), ref: 0026A61A

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 9665e29e86e4ab4de3834a3e22546c905baa760fa52ba682479475591dd5d263
Instruction ID: 976e9cf90e580e95f1734c6dccc472ea627260e5d916139ed10bfe004cfd682c
Opcode Fuzzy Hash: 9665e29e86e4ab4de3834a3e22546c905baa760fa52ba682479475591dd5d263
Instruction Fuzzy Hash: 76118772409780AFDB228F55DC44A52FFF4EF46310F0884DAFD858B562D275A418DB61

Uniqueness

Uniqueness Score: 0.23%

Function 0026B9D0, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNEL32(?,?,?), ref: 0026BA42

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: LongNamePath
String ID:
API String ID: 82841172-0
Opcode ID: c28657c02253a7ff067715e19c84557b5a70b2984bd36845dd48b5724f6ae642
Instruction ID: 1249b7fe69f49755e9e7837d0ae94a92f3e5cbcb3c6b13235080badfe4a07c12
Opcode Fuzzy Hash: c28657c02253a7ff067715e19c84557b5a70b2984bd36845dd48b5724f6ae642
Instruction Fuzzy Hash: 3B218E764093C09FDB23CF64DC55B52BFB4AF47324F0884DAE9848B263D2359948CB61

Uniqueness

Uniqueness Score: 0.12%

Function 007C2D02, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

FindWindowA.USER32(?,00000E38), ref: 007C2D6E

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: FindWindow
String ID:
API String ID: 134000473-0
Opcode ID: 119e6e79556878241d6268800deafc9cfd9e6efeaba778aed1ecf9e03a208c4e
Instruction ID: e29ef40485de554b52a5e17fb3f4cb7d66e5fd19f6551b783dbe5de410315139
Opcode Fuzzy Hash: 119e6e79556878241d6268800deafc9cfd9e6efeaba778aed1ecf9e03a208c4e
Instruction Fuzzy Hash: 67110471500200AFEB20CF55CC45FAAFBACDF95324F1488AAFD059A285D275A549CBA1

Uniqueness

Uniqueness Score: 1.40%

Function 007C27AA, Relevance: 1.6, APIs: 1, Instructions: 61registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C2814

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 261b31cedfb9f2a2f6c128ca2cc07b8551ffbac057ae6afacd40a1665816f881
Instruction ID: 2d7f25ffa8e28a1f97dc82419dca75782dcd3f27e55987e435a22610c6a2c6ca
Opcode Fuzzy Hash: 261b31cedfb9f2a2f6c128ca2cc07b8551ffbac057ae6afacd40a1665816f881
Instruction Fuzzy Hash: 4F11BF72500600AFEB218F91CC80FABFBECEF55720F04895EEA459A252D775E509CAB1

Uniqueness

Uniqueness Score: 0.19%

Function 0026BED2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 0026BF31

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 78b2399ff360952fe6976754794a5f38a3112c73b758b7f178f047d8d1e029ef
Instruction ID: c11fb34411abb80cd9d8a44372047919ad8ec2ed4e52e26906818e2ed419be7a
Opcode Fuzzy Hash: 78b2399ff360952fe6976754794a5f38a3112c73b758b7f178f047d8d1e029ef
Instruction Fuzzy Hash: 4011E272410200EFEB218F91DC44FAAFBACEF54324F14896AF9048A555D371A594CFB1

Uniqueness

Uniqueness Score: 0.02%

Function 007C3151, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNEL32(?,?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 007C31B3

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 89f0120a3acd12a57efb7acfca3166a9b400e6745cc6867a0059ec5992c790e4
Instruction ID: d12c9d90f79ab6c94af1856c99288e649c72ee565d97fdee73017bdb235cbd84
Opcode Fuzzy Hash: 89f0120a3acd12a57efb7acfca3166a9b400e6745cc6867a0059ec5992c790e4
Instruction Fuzzy Hash: 2711D3725097845FDB11CF25DC85B52BFE8EF46320F0884AEED45CB252D235D945CB61

Uniqueness

Uniqueness Score: 0.03%

Function 007C32F8, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 007C3354

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: edffe550bedcf7116f465571e119a2a199320a98ea2769d85c4c12b6660d2875
Instruction ID: 2044894ae2e7e95887a5af14faacf96ee8775204e7b326bd2a70030af92cd574
Opcode Fuzzy Hash: edffe550bedcf7116f465571e119a2a199320a98ea2769d85c4c12b6660d2875
Instruction Fuzzy Hash: FC1133755093809FDB12CF25DC55B56BFA89F46220F0884EEED49CB252D264E948CB62

Uniqueness

Uniqueness Score: 2.20%

Function 007C365F, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 007C36C4

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 2b7175b1162bd8be4ad8369909ab06caaf1065ddb82c401a09b011cd2d839d41
Instruction ID: debf68f0927c4a31f7b9f28a189b93f6ca8210ad4b6a74890fc16f5bc89cec95
Opcode Fuzzy Hash: 2b7175b1162bd8be4ad8369909ab06caaf1065ddb82c401a09b011cd2d839d41
Instruction Fuzzy Hash: A311D376009780AFDB228F25DC45A52FFB4EF46320F08809EED858B663C265A958DB61

Uniqueness

Uniqueness Score: 0.11%

Function 007C0F82, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 007C0FDB

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: d456e62da82134362599cfd516f776266754edf6cc6eec359f32b2a560370186
Instruction ID: dc209e960fb0d8daa098049853660cb961be252e3ee6fbe032ea2144598b6d0d
Opcode Fuzzy Hash: d456e62da82134362599cfd516f776266754edf6cc6eec359f32b2a560370186
Instruction Fuzzy Hash: 0311C172500244AEEB21CF91CC44FAAFBACEF95324F14886EE9089B245D775A544CAB1

Uniqueness

Uniqueness Score: 0.45%

Function 007C211A, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E38), ref: 007C2183

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 67ed5dfaa51b8c47887674f2aaf36d16273f21ae01f6e6b96fab8efd619deaf0
Instruction ID: 98017137ac249a2283a2faf5cf91c60b532e9b70cd5ee684d5112d44a3987f4e
Opcode Fuzzy Hash: 67ed5dfaa51b8c47887674f2aaf36d16273f21ae01f6e6b96fab8efd619deaf0
Instruction Fuzzy Hash: 6F114871110304AFEB20DF11DC85FB6FBACDF95720F18845EFE444A282D7B9A949CAA1

Uniqueness

Uniqueness Score: 0.02%

Function 0026A87F, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0026A8E0

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: b1952dbad30d4144d5fe8bcb406e8f4be3a984b24310a63d7d5c80e6c231d353
Instruction ID: dad08da2b5912bbd4cea8d997d58d7c08310a9df9ae0f677b29c7d288c38f63b
Opcode Fuzzy Hash: b1952dbad30d4144d5fe8bcb406e8f4be3a984b24310a63d7d5c80e6c231d353
Instruction Fuzzy Hash: 6B118F71449380AFDB12CF15DC49B52BFB4EF46324F0884DAED498F253D275A958CBA2

Uniqueness

Uniqueness Score: 0.45%

Function 007C13C0, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32(?,?,?,?,?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 007C1420

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: a0f7462033b68efa6ba07aa91bc2453c5890dbb1814ee17947cdeb76909b6e1a
Instruction ID: 9ae5623031b2bf5530c78bf856a610defb6070f635d981aea2f13c59406cde59
Opcode Fuzzy Hash: a0f7462033b68efa6ba07aa91bc2453c5890dbb1814ee17947cdeb76909b6e1a
Instruction Fuzzy Hash: 9D115E72409780AFDB21CF55DC44B52FFB4EF46320F0884AEED898B662D279A518DB61

Uniqueness

Uniqueness Score: 0.53%

Function 007C308E, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,?), ref: 007C30D6

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: ae6a3a71da15bb62c0fd2e822cd7b87b1acf7b5782338ed44ded719eb103ba4b
Instruction ID: ff467c62bcfa29f0fb81e51942d2833497309e89f5e88e74ca270d0cc51acc6f
Opcode Fuzzy Hash: ae6a3a71da15bb62c0fd2e822cd7b87b1acf7b5782338ed44ded719eb103ba4b
Instruction Fuzzy Hash: 701182726002449FDB10CF65D885B56FBE8EF55320F08C46EEC09CB246D635D944CA61

Uniqueness

Uniqueness Score: 0.26%

Function 0026BD42, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E38,D1E3F35F,00000000,00000000,00000000,00000000), ref: 0026BD95

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 47867c4806141675b8aaff525ecda4d37eb4d344ab35374b8271978692e47856
Instruction ID: fae744a2b97e403da6f683483d3798d459498b0a96968662f7f17f35b59a0139
Opcode Fuzzy Hash: 47867c4806141675b8aaff525ecda4d37eb4d344ab35374b8271978692e47856
Instruction Fuzzy Hash: E9012231110200EEEB11CF51DC84BAAFBACDF95724F048496ED088F245D7B4E988CAB2

Uniqueness

Uniqueness Score: 0.11%

Function 00786A84, Relevance: 1.6, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

2, xrefs: 00786B2C

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: 402eac67ca75b3cf8b56d6bcb509c6e2acccc283c905902b3436605b4cbdfe89
Instruction ID: 9d8ef8857c66c68f674c32beaa9469a4d4ea0e60531f0e157dee72a9d5e0e980
Opcode Fuzzy Hash: 402eac67ca75b3cf8b56d6bcb509c6e2acccc283c905902b3436605b4cbdfe89
Instruction Fuzzy Hash: 80D1C274D45328DFDB14DFA4C558BEEBBB1BF09308F2095A9C009AB291DB795A88CF50

Uniqueness

Uniqueness Score: 1.07%

Function 0026ADF4, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 0026AE54

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 15494a42ce5062b048739ac239bbc0bc38a15fe516c8f5ccca9681758d22600f
Instruction ID: 1a09fecd62339023e0a793aefdffb9fc8b6bbccb123c5064e357df83f2393280
Opcode Fuzzy Hash: 15494a42ce5062b048739ac239bbc0bc38a15fe516c8f5ccca9681758d22600f
Instruction Fuzzy Hash: 1C119E32409780AFDB21CF51DC45E52FFB4EF46320F08849EEA854B662C375A858CB62

Uniqueness

Uniqueness Score: 0.10%

Function 0026BB6A, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

GetFileAttributesExW.KERNEL32(?,?,?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 0026BBAA

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 49cb4011029fb0998748600df2a8490c90c79aa47c8830949413ff8710c1a17d
Instruction ID: 6d03eafcb2e9d9f09942827250414f6632302c38a51b0ab73a55d281f6961d50
Opcode Fuzzy Hash: 49cb4011029fb0998748600df2a8490c90c79aa47c8830949413ff8710c1a17d
Instruction Fuzzy Hash: 8401D6766103009FDB11CF65D884756FBE8EF55324F0884AAED09CB216D771D494CB61

Uniqueness

Uniqueness Score: 6.12%

Function 007C3176, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNEL32(?,?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 007C31B3

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: fb152e58e9f5c4f2a79b3d7cda451d859ea5bffd384a48233c00c257031c0f17
Instruction ID: 42aadd46ededf491faa83ec19063f13d8ce0d4007adfc47c9bf8f0173cfb9270
Opcode Fuzzy Hash: fb152e58e9f5c4f2a79b3d7cda451d859ea5bffd384a48233c00c257031c0f17
Instruction Fuzzy Hash: 550192726006449FEB10CF6AD885B56FBD8EF55321F0CC4AEED09CB256D279D904CB61

Uniqueness

Uniqueness Score: 0.03%

Function 007C133A, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNELBASE(?,00000E38,?,?), ref: 007C138A

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: 57c568ee6dc64de3e4fd5200e30e1f2f196e59217f31f73848e40a49c9d4154e
Instruction ID: 2a216e5344e4cefcd288f2d1cdd836367a7e7b5660ac27aff0ea80af3c73525b
Opcode Fuzzy Hash: 57c568ee6dc64de3e4fd5200e30e1f2f196e59217f31f73848e40a49c9d4154e
Instruction Fuzzy Hash: F501B172900200AFD310DF16DC45B66FBA8FF88B20F14856AED088B741D331F515CAE2

Uniqueness

Uniqueness Score: 3.53%

Function 007C373A, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 007C3780

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 29af05e8fd5fb3425aeef04dd23ab85f35293d4bc2c9caa0a9b2e264a5be4365
Instruction ID: cbf8f54c9a8845a5f6e72d3c5cb858b4b61e3a156de4fdb67002c3bbed63fe84
Opcode Fuzzy Hash: 29af05e8fd5fb3425aeef04dd23ab85f35293d4bc2c9caa0a9b2e264a5be4365
Instruction Fuzzy Hash: 7F01A1B51006009FEB208F15D884F62FBA4EF55320F08C4AEED458B622D335E958DF62

Uniqueness

Uniqueness Score: 0.04%

Function 007C331A, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 007C3354

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: 188ef5a02fc044355cfb7fd90973a44e717bfadbb5db19edfe27bbb85d9f9cc3
Instruction ID: 85ba866db54d93ed889aa4a7d838e6fc05444563521ea01c5fc3ea63122ac02c
Opcode Fuzzy Hash: 188ef5a02fc044355cfb7fd90973a44e717bfadbb5db19edfe27bbb85d9f9cc3
Instruction Fuzzy Hash: 900192716002809FEB10CF66D985B56FBD8EF45720F08C4AEEC09CB246D779E904CB61

Uniqueness

Uniqueness Score: 2.20%

Function 007C34F6, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 007C3530

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 94a906d5e0ed80ef15cce960ad3b5ab8721060f6f593a5a40a3b9a7928f88452
Instruction ID: c03c3af1b6c910d514b45a14d94851c99c8066d1815e4caf84ad72bea6df58fb
Opcode Fuzzy Hash: 94a906d5e0ed80ef15cce960ad3b5ab8721060f6f593a5a40a3b9a7928f88452
Instruction Fuzzy Hash: 6801B5726002409FDB10CF6AE885B56FBD8DF41720F08C4AEEC09CB346D779D914CA61

Uniqueness

Uniqueness Score: 0.03%

Function 007C28C6, Relevance: 1.5, APIs: 1, Instructions: 47pipeCOMMON

Download Yara Rule

APIs

CreatePipe.KERNEL32(?,00000E38,?,?), ref: 007C2916

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: CreatePipe
String ID:
API String ID: 2719314638-0
Opcode ID: e05641c432603c5d969d90fa16e4afb2c5cc440004540f5e94d7977ecc26d7ce
Instruction ID: 76881d41137578dc9f83805eaae1f7938310f030aecaff7de8eead4362a4bf97
Opcode Fuzzy Hash: e05641c432603c5d969d90fa16e4afb2c5cc440004540f5e94d7977ecc26d7ce
Instruction Fuzzy Hash: 9D019E72900200AFD310DF16DC45B66FBA8FB88A20F14856AED088B741D231F515CAE2

Uniqueness

Uniqueness Score: 0.77%

Function 007C16A6, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 007C16F1

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 4439312ceb4f42ce2f68e6a30166f67b0d1dc6dbacd59c9ec32d6f0f43959aec
Instruction ID: 950c1f4d832ad57e558d7634ec9536fde4b81e0491e4c731a553fe4f5da2b9bb
Opcode Fuzzy Hash: 4439312ceb4f42ce2f68e6a30166f67b0d1dc6dbacd59c9ec32d6f0f43959aec
Instruction Fuzzy Hash: BF0192755003009FDB20CF56D985B12FBE8EF56720F08C46EED498B252D775E818CE62

Uniqueness

Uniqueness Score: 0.65%

Function 0026A5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNEL32(?,?,?,?,?,?,?), ref: 0026A61A

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 28b1abd980ac92a2af188d94e119a6fd22bb0613ec8404bfeb65347b70e4bc12
Instruction ID: 35cbae8c841aff50cde2d5db54b35f37e3bf570f4d46ba02e7b2cfe4f6af450b
Opcode Fuzzy Hash: 28b1abd980ac92a2af188d94e119a6fd22bb0613ec8404bfeb65347b70e4bc12
Instruction Fuzzy Hash: 28018B32410700AFDF218F95D844B52FBE4EF59320F08C9AAEE494A616C372A468DF62

Uniqueness

Uniqueness Score: 0.23%

Function 007C15FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

AddAtomW.KERNEL32(?), ref: 007C1634

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: Atom
String ID:
API String ID: 2154973765-0
Opcode ID: 4e7182c1fd4ff26a7147bd7c0456f5918a6b42f212c0049c44795019a643dc86
Instruction ID: 80433e45f4748625b309000d67d525fb10792adf61c6a9c0344b509136d1a5ef
Opcode Fuzzy Hash: 4e7182c1fd4ff26a7147bd7c0456f5918a6b42f212c0049c44795019a643dc86
Instruction Fuzzy Hash: 2C01D4715002409FDB10CF56D884B66FBE8DF46720F4CC4BEEC489B206DB79E404CAA2

Uniqueness

Uniqueness Score: 0.38%

Function 007C35DA, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNEL32(?,?), ref: 007C3617

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 76e863da36585ec5b9bb25cc5e024e3cd173f7610837c677fd11fc7da3c4c317
Instruction ID: 9b119d2ff7d9ebcfee14071929c7d2bf89f4f3bf8e617a1f50d97c3018c7127e
Opcode Fuzzy Hash: 76e863da36585ec5b9bb25cc5e024e3cd173f7610837c677fd11fc7da3c4c317
Instruction Fuzzy Hash: 9601B135600200AFEB10CF16D885B65FBA4EF45720F08C0AEDC098B352D379EA58CAA2

Uniqueness

Uniqueness Score: 0.60%

Function 0026B7B2, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,?,?), ref: 0026B802

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 6c76d17d041b20e4b644571bc0e523b8f3c40cea999e4fce87a04c4e6d79ef44
Instruction ID: 35bdef8c9a155a6705461f4ca19d8d8bd09832c7e37e9098c70d52df519c2194
Opcode Fuzzy Hash: 6c76d17d041b20e4b644571bc0e523b8f3c40cea999e4fce87a04c4e6d79ef44
Instruction Fuzzy Hash: 6A01A271900600ABD310DF16DC46B66FBA8FFC9B20F14815AED084B741D371F565CAE6

Uniqueness

Uniqueness Score: 0.03%

Function 0026B952, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 0026B990

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 4881c60e08dc9fe4f479161fb03e331b762b94b39667975393e7e096e8e25ccc
Instruction ID: 5a8d36fb2754abed95c66bedcaa3e955178c38d24b7537618689d46c8356053c
Opcode Fuzzy Hash: 4881c60e08dc9fe4f479161fb03e331b762b94b39667975393e7e096e8e25ccc
Instruction Fuzzy Hash: F401B532511340DFDF21CF95D844B55FBA4EF55321F0888AAEE498B216D371E4A8CF62

Uniqueness

Uniqueness Score: 0.42%

Function 007C00F2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetComputerNameW.KERNEL32(?,00000E38,?,?), ref: 007C0142

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 88a2dfdbd0535dcdfe2d428623571bc8e511932c7bd9d72f46f655b4b8bcaf89
Instruction ID: fe82c1db3e392f0404e40a900141373013d8540c5e8098b31d928107baa49d11
Opcode Fuzzy Hash: 88a2dfdbd0535dcdfe2d428623571bc8e511932c7bd9d72f46f655b4b8bcaf89
Instruction Fuzzy Hash: 2D01A271900600ABD310DF16DC46B66FBA8FFC9B20F148159ED084B741D331F555CAE6

Uniqueness

Uniqueness Score: 0.11%

Function 007C13E2, Relevance: 1.5, APIs: 1, Instructions: 43fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32(?,?,?,?,?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 007C1420

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: bfc22e765c3b7c4d140b360875e2b6031492c2184fe956c2bf635db2c08b9e76
Instruction ID: fe1cace784812db02faae3f6b6b20e5f90515fedca64c8f1b314b90541464c81
Opcode Fuzzy Hash: bfc22e765c3b7c4d140b360875e2b6031492c2184fe956c2bf635db2c08b9e76
Instruction Fuzzy Hash: CB0192324007409FDF20CF55D884B51FBA4EF45320F1888BEED494B616D375A518DB62

Uniqueness

Uniqueness Score: 0.53%

Function 007C3686, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 007C36C4

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 5f4c5af087b7dc9269a2b919a89915279ea9b300f10e6ca8b29568cb28a7a76f
Instruction ID: 0df5b04e403d665ef5eb05fd8c3bfad1ec8ec59687555728d2aa669e1dccbe27
Opcode Fuzzy Hash: 5f4c5af087b7dc9269a2b919a89915279ea9b300f10e6ca8b29568cb28a7a76f
Instruction Fuzzy Hash: FF01F532100700AFDB208F55D845B52FBA0EF15320F08C46EED464B721C375E518DF62

Uniqueness

Uniqueness Score: 0.11%

Function 0026BA0A, Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNEL32(?,?,?), ref: 0026BA42

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: LongNamePath
String ID:
API String ID: 82841172-0
Opcode ID: 650330ef625a5ffb3b07d5d729591691c6e8b3715e0bfe5f7029c6f20b496753
Instruction ID: d513942471fc81d93128e952c7d1034a238235f4c067bc9183292331c9950a67
Opcode Fuzzy Hash: 650330ef625a5ffb3b07d5d729591691c6e8b3715e0bfe5f7029c6f20b496753
Instruction Fuzzy Hash: 3801D472414340DFDF11CF95D884B55FBA4EF55320F08C4AAED488B216D371A994CBA2

Uniqueness

Uniqueness Score: 0.12%

Function 0026A8AE, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0026A8E0

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 84ad777cb3c541f518e8b254bae044426d115fccc5cc91138af02f8a39cbaf04
Instruction ID: 57d239a448b57e5d9754492fdbb6372f93f3979adbfeb6e95c5ebf2f27376f5f
Opcode Fuzzy Hash: 84ad777cb3c541f518e8b254bae044426d115fccc5cc91138af02f8a39cbaf04
Instruction Fuzzy Hash: 3C01D1715213409FDF10CF55D888762FBA4EF45320F18C4AAED089B216D375A998CFA2

Uniqueness

Uniqueness Score: 0.45%

Function 0026AE16, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 0026AE54

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 59a8a8bb50ee9ae945ed65f6a3d830194a6c9161e383d342a578247d823dbd03
Instruction ID: 6dab6f5f95734a1ce3ceb22ea4c64bf27aaea43accfd270d6c750e507490cea8
Opcode Fuzzy Hash: 59a8a8bb50ee9ae945ed65f6a3d830194a6c9161e383d342a578247d823dbd03
Instruction Fuzzy Hash: B1018431410740DFDB208F55D885B51FBA4EF55320F0884AADD490B626D372E468DF62

Uniqueness

Uniqueness Score: 0.10%

Function 007C389A, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 007C38D5

Memory Dump Source

Source File: 00000001.00000002.318499229.007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7c0000_NEW_INVOICE.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 470167171f905fb058970441a5cb4d6430b9ca1cdedccf5979b347d16692e225
Instruction ID: c3b75ac3b5a36af45df77ce39d7a5fcb816c38f82ee833d9acc993a0b7bcf551
Opcode Fuzzy Hash: 470167171f905fb058970441a5cb4d6430b9ca1cdedccf5979b347d16692e225
Instruction Fuzzy Hash: 76018B365007449FEB208F46D885B61FBA0EF59320F08C59EED494B226D37AE558DFA2

Uniqueness

Uniqueness Score: 0.10%

Function 0026A69A, Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32(?,D1E3F35F,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 0026A6CC

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: e1ad7c5093a82689bc394261153c4f3e6bd48cee913b4cca5f3a10b360d71068
Instruction ID: 0c3c6d19cf129b30cc88329a36dc3a814cdce6bdc91d497b53c439cb1dd7002c
Opcode Fuzzy Hash: e1ad7c5093a82689bc394261153c4f3e6bd48cee913b4cca5f3a10b360d71068
Instruction Fuzzy Hash: 80F0FF354203409FDF108F06D884761FBA8EF41320F0CC0AADD090B216D3B5E8A8CEA2

Uniqueness

Uniqueness Score: 0.23%

Function 007867A0, Relevance: 1.5, Strings: 1, Instructions: 218COMMON

Download Yara Rule

Strings

:@}l, xrefs: 007869F7

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: :@}l
API String ID: 0-282943697
Opcode ID: 60604a21ce57bbf09daf7f9e4e6e5935b526de22ece4ddddc65fd77d6fa18195
Instruction ID: e4b54af40029979263d3927ccf84fa93af06e2876beb7b2447090587d798d4b7
Opcode Fuzzy Hash: 60604a21ce57bbf09daf7f9e4e6e5935b526de22ece4ddddc65fd77d6fa18195
Instruction Fuzzy Hash: 8F91CBB4D00218DFCB18DFA5C944AEDBBB2BF59304F209569D40ABB354DB399A85CF50

Uniqueness

Uniqueness Score: 7.75%

Function 007872B0, Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

:@}l, xrefs: 0078736C

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: :@}l
API String ID: 0-282943697
Opcode ID: 74d58b3636c33ce36f2cf565bf6e1ae9771a42afc1f29dd46c6def41561372bd
Instruction ID: bcb488cc550cef7aa8e8cd0d12525bdac6af6b2864ae3b02e354603d300a3cf9
Opcode Fuzzy Hash: 74d58b3636c33ce36f2cf565bf6e1ae9771a42afc1f29dd46c6def41561372bd
Instruction Fuzzy Hash: 71410374E01208AFCF08DFA4D594AEEBBB2FF89304F208869E815A7395DB359941CF51

Uniqueness

Uniqueness Score: 7.75%

Function 0026A2D6, Relevance: 1.3, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 0026A32C

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 7f0005ee2641417ec1ece4ab80ce30cabf3d9605a06f4c7830e31f43e35a270c
Instruction ID: aee81ddf8b3d0d9e5af89d4f83d07c1c4f0b43b0699ee52fd5870da633bfe109
Opcode Fuzzy Hash: 7f0005ee2641417ec1ece4ab80ce30cabf3d9605a06f4c7830e31f43e35a270c
Instruction Fuzzy Hash: BA11C672509380AFDB11CF25DC84B52BFA8EF42320F0880EAFD459B652D274A858CB62

Uniqueness

Uniqueness Score: 0.03%

Function 0026A2FA, Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 0026A32C

Memory Dump Source

Source File: 00000001.00000002.317539580.0026A000.00000040.00000001.sdmp, Offset: 0026A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_26a000_NEW_INVOICE.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 0596ab6d2aedbc3cb0c96985ec63dba5c18420658fa463c08f0829f98b37a9d7
Instruction ID: 83f6e3287c9c67c1fa473761f123b905f9836a0dcd0a279d444828810ccd57d3
Opcode Fuzzy Hash: 0596ab6d2aedbc3cb0c96985ec63dba5c18420658fa463c08f0829f98b37a9d7
Instruction Fuzzy Hash: 9701DF726103409FDB108F59D884766FBA4EF41320F08C4EAEC098B316D375E868CEA2

Uniqueness

Uniqueness Score: 0.03%

Function 00780530, Relevance: 1.3, Strings: 1, Instructions: 36UNIQUE

Download Yara Rule

Strings

|x(, xrefs: 00780563

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: |x(
API String ID: 0-1895371554
Opcode ID: 12f377c7443a44410f9c4a85291d14692107958963a6129027046e70af965296
Instruction ID: d7aa460af1d9ed58e7c19e0642e4777d1b2382bcde8e05fab3ee727291953199
Opcode Fuzzy Hash: 12f377c7443a44410f9c4a85291d14692107958963a6129027046e70af965296
Instruction Fuzzy Hash: 02016D78946248DFCB01EBA8D54499DBBB4FF06304F1445D5D8849B352D330EE59DFA1

Uniqueness

Uniqueness Score: 100.00%

Function 00785C80, Relevance: .6, Instructions: 622COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d2a880604291cec5ad178375791034ba186b9af64678bf15d79316f9e82449b
Instruction ID: 13fb62f8d4d5acdc72c23909216c34e42408f87a98fcca3a4d3a4d45caef121f
Opcode Fuzzy Hash: 5d2a880604291cec5ad178375791034ba186b9af64678bf15d79316f9e82449b
Instruction Fuzzy Hash: F762E174D81228CFDB24DF61D948BEDBBB2BB49308F6044A9C909A7390DB795E85CF50

Uniqueness

Uniqueness Score: 0.00%

Function 00783E84, Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 511fddc3c9288d703c3c93e09fa08a2bc573a0b3707192455108819b0759c247
Instruction ID: 77521c28e92a0d57111799d3c234558b2a8f4337eb82f0c0be99aad697c3bb81
Opcode Fuzzy Hash: 511fddc3c9288d703c3c93e09fa08a2bc573a0b3707192455108819b0759c247
Instruction Fuzzy Hash: 86C13830C4521ACFCB20EFA8C844BEDBBB5BF16304F2085AAD51967291DBB95A85DF41

Uniqueness

Uniqueness Score: 0.00%

Function 00783ECC, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4d81a2901174b7ab95c690bc05dab54af30fa936e744f8fdb33e70b7b3bddcc
Instruction ID: a9426d0a0c383db88a71d20e8fcc9bf578cb30ef70ef05e8edb171d234bf0deb
Opcode Fuzzy Hash: f4d81a2901174b7ab95c690bc05dab54af30fa936e744f8fdb33e70b7b3bddcc
Instruction Fuzzy Hash: BEB11430C4422ACFCF20DFA8C884BEDBBB5BF16314F2085AAD51967291DBB55A85DF41

Uniqueness

Uniqueness Score: 0.00%

Function 00787009, Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3226371816cce469070df718be417459e86b46d4285e8cfd3506f72fb40d14fc
Instruction ID: 503e03a5219c061328d56f08f9bca3c201b3486caab1599246a927129751df34
Opcode Fuzzy Hash: 3226371816cce469070df718be417459e86b46d4285e8cfd3506f72fb40d14fc
Instruction Fuzzy Hash: 9D911234E41218DBEB14DFA5D891BEEB7B2AF89704F208429E9017F394CB71A845CF55

Uniqueness

Uniqueness Score: 0.00%

Function 00784D08, Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a72ea4fba65f0a6d99f730cb9c69605b6e13d4140856279c313e648810d62426
Instruction ID: 217adccf4d7701bb9adf9e9f8b91ae283d5df5cbd7a76a06f9208c89bd7ab571
Opcode Fuzzy Hash: a72ea4fba65f0a6d99f730cb9c69605b6e13d4140856279c313e648810d62426
Instruction Fuzzy Hash: 42813474C42219CFCB04DFA5E8587EEBBB1FB4A305F54946AD401B72A0DB784A88CF54

Uniqueness

Uniqueness Score: 0.00%

Function 00784FA8, Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 572597b050dc71757a7d1309836434bfe40e4316ebfe99a07f4ce7d9d9cb8870
Instruction ID: 9b75b9ff813bf241e7084c6f87276ff0964cb0d9157b4794ed09165f5600c10a
Opcode Fuzzy Hash: 572597b050dc71757a7d1309836434bfe40e4316ebfe99a07f4ce7d9d9cb8870
Instruction Fuzzy Hash: 53611F74E44248CFCB18DFA9D894AADBBF2BF89304F20856AD405AB364DB359842CF40

Uniqueness

Uniqueness Score: 0.00%

Function 0078475C, Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82e8e499076c14a4ef3b18ab9af630c46bbf68dec975cedcd39a5047220d89d2
Instruction ID: 44c5fa89b8fd5ad41c13d3152e4e65fa567e804eb71c0227f618aa75af83fcdd
Opcode Fuzzy Hash: 82e8e499076c14a4ef3b18ab9af630c46bbf68dec975cedcd39a5047220d89d2
Instruction Fuzzy Hash: F1516C74D90106CFCB00EFE9E94898CBBF9FB44319B918969D0249B265DB30DC92CF99

Uniqueness

Uniqueness Score: 0.00%

Function 00784760, Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 883407e8906546f67e835738ff3880e7136fd0edd089cd69e28864f42f1746a9
Instruction ID: f3cf0000ca9686436f953ac996b372f355d4e2831157f479e1f37ab121d1a58a
Opcode Fuzzy Hash: 883407e8906546f67e835738ff3880e7136fd0edd089cd69e28864f42f1746a9
Instruction Fuzzy Hash: 03515C74D90106CFCB00EFE9E94498CBBF9FB44319B918969D0249B265DB30DC91CF99

Uniqueness

Uniqueness Score: 0.00%

Function 007853E8, Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2702469bbe2983ec2ac4dd92471da3d91fcce9c0ca0ae6f61d7a0a8deae2e3e
Instruction ID: fef7db7ff2ed218c9cbe3fed662c7cd47f04e047b00420143c87f4b8a91380c6
Opcode Fuzzy Hash: c2702469bbe2983ec2ac4dd92471da3d91fcce9c0ca0ae6f61d7a0a8deae2e3e
Instruction Fuzzy Hash: 22411870D01228CFCB29DFA1C9547DDB7B2AF96308F6048A8C1096B390CBB65AC5CF51

Uniqueness

Uniqueness Score: 0.00%

Function 00784BE0, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28f8eddd0d36266116a8fbfa4e857b93714e7ae16d3e92c10c358e5db64260a4
Instruction ID: 931aa5fe794b2302e571114be4cac2933fb262ad46ccd1a2a7191d372fff0fe3
Opcode Fuzzy Hash: 28f8eddd0d36266116a8fbfa4e857b93714e7ae16d3e92c10c358e5db64260a4
Instruction Fuzzy Hash: 12319C70D0510A9FCF00EFE9C440AAEBBF6BF8A324F24C655D114A7295DB749A419B61

Uniqueness

Uniqueness Score: 0.00%

Function 0028A954, Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.317566032.00282000.00000040.00000001.sdmp, Offset: 00282000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_282000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 593665ad94824b0ca776a78336190a3f72c6023eaa318526aaf12282b7c20bef
Instruction ID: d40ed98f1ec05ef4863937691e6c574033cde5238389abc5183cc0eed7a9938c
Opcode Fuzzy Hash: 593665ad94824b0ca776a78336190a3f72c6023eaa318526aaf12282b7c20bef
Instruction Fuzzy Hash: 51315CB6509340AFD750CF06EC45A57FFE8EB89620F08C85EF94997252D275A908CBA2

Uniqueness

Uniqueness Score: 0.00%

Function 007852A8, Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12fd85997b1c23fe50a835447ab353094c45b1067f9a200a57552aeaaa5fff4a
Instruction ID: c3ec17dc1fe510e6f1f105cccba310908ba4b2670649ffe165f3784e89a1a2e3
Opcode Fuzzy Hash: 12fd85997b1c23fe50a835447ab353094c45b1067f9a200a57552aeaaa5fff4a
Instruction Fuzzy Hash: F5310370D42208EFDB14DFA5D484BEEBBB2BF49348F609429E501B7290CB799985CF94

Uniqueness

Uniqueness Score: 0.00%

Function 0028A81C, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.317566032.00282000.00000040.00000001.sdmp, Offset: 00282000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_282000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04dfb533f0b883ee210b6d82525fb31cb728fd35995b6fbe10b53b6310a6f455
Instruction ID: e84ff37a01377f6822bb9aa497d30a8ba65680192c506ab518463b72a0793145
Opcode Fuzzy Hash: 04dfb533f0b883ee210b6d82525fb31cb728fd35995b6fbe10b53b6310a6f455
Instruction Fuzzy Hash: 5E215EB6508340AFD750CF46EC41A57FBE8EBC9620F04C86EF94997312D271E904CBA2

Uniqueness

Uniqueness Score: 0.00%

Function 00787549, Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c60f37089d52fc92952fd74dad00b8f5c8babb3ec43092a6e0b9b7ef9ceafed7
Instruction ID: 7f81b6d78085e813b373e9d560818a164ec618d062b36c748787ca1a54910ec8
Opcode Fuzzy Hash: c60f37089d52fc92952fd74dad00b8f5c8babb3ec43092a6e0b9b7ef9ceafed7
Instruction Fuzzy Hash: 4931E7B4E012099FCB04DFA9D854A9EFBF2FF89300F248069D815A7361DB359945CF51

Uniqueness

Uniqueness Score: 0.00%

Function 0028A83A, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.317566032.00282000.00000040.00000001.sdmp, Offset: 00282000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_282000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b34517c40cd1677454f9fe49646bf4f3181c655cd28fa732ff636e2bfe8ea5f1
Instruction ID: b4cdd6c8a94d9348d421f2e3ef354703e2a9da21006cc6860e641e1d879d2e05
Opcode Fuzzy Hash: b34517c40cd1677454f9fe49646bf4f3181c655cd28fa732ff636e2bfe8ea5f1
Instruction Fuzzy Hash: A12119B6508300AFD650CF4AEC41A56FBE8EBC8660F14C82EFD4897311D275E9148BA2

Uniqueness

Uniqueness Score: 0.00%

Function 0028A97E, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.317566032.00282000.00000040.00000001.sdmp, Offset: 00282000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_282000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 225725e4634f29001173e44b1f1cf5ee28b50778107a43955083c1f7144182ed
Instruction ID: fc535671f7be4882f366e1fd51e11954ede16961695bbdc8c008250b0f2384c2
Opcode Fuzzy Hash: 225725e4634f29001173e44b1f1cf5ee28b50778107a43955083c1f7144182ed
Instruction Fuzzy Hash: 792119B6508300AFD650CF0AEC41A56FBE8EBC8660F14C82EFD4897311D275E9148BA2

Uniqueness

Uniqueness Score: 0.00%

Function 00787829, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee7fafcabd68983f4c29e90553c99bed2b4a9035da33b1870f93627400175ee9
Instruction ID: 271494bac83a73c03920fed303c3aa9d2d6bed333e59b59f7c26e7f53c0a214a
Opcode Fuzzy Hash: ee7fafcabd68983f4c29e90553c99bed2b4a9035da33b1870f93627400175ee9
Instruction Fuzzy Hash: D2218074D4D3889FCB06DFA5D8093ACBFB4AF06310F2480DAC405A7292D3384A48DFA1

Uniqueness

Uniqueness Score: 0.00%

Function 0028B011, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.317566032.00282000.00000040.00000001.sdmp, Offset: 00282000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_282000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5830ce5daf10ebece6e81baeda98a06cecd05a4b2fd677205d5b6038b5912c3d
Instruction ID: 5a524c6507871a7e7c852c5bb9190f3d3295f40b070c4c2229170b87ba7ff204
Opcode Fuzzy Hash: 5830ce5daf10ebece6e81baeda98a06cecd05a4b2fd677205d5b6038b5912c3d
Instruction Fuzzy Hash: 2A112977515340AFD7118F12AC05A52FFA8DB92631F08C4ABEE088B653D176B518CBB2

Uniqueness

Uniqueness Score: 0.00%

Function 00785198, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b04d1879d5940918080320c3d14fc88fa718a601aa5150d9f7eb024844ffcb82
Instruction ID: 0b95f56d204563661e050f8c612af7a70fe4904cbc27f64479a727e8a9720737
Opcode Fuzzy Hash: b04d1879d5940918080320c3d14fc88fa718a601aa5150d9f7eb024844ffcb82
Instruction Fuzzy Hash: B8217C34986244CFC716DFA1E84C6A97BB2FB4A301F6489A5EE0583391CB3059A6CF61

Uniqueness

Uniqueness Score: 0.00%

Function 0078529B, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de34373d0c3ff66d3a983070e04ea374c421c7e391c0223615851314888aaa67
Instruction ID: 9aec69e33e6ae640dac8521a695d9a7078f45cc5b760f15943d3ee1609fd5130
Opcode Fuzzy Hash: de34373d0c3ff66d3a983070e04ea374c421c7e391c0223615851314888aaa67
Instruction Fuzzy Hash: F6213770D42208EFDB14DFA5D498BEEBBB2BF49308F209029E505B7390C7B59945CB94

Uniqueness

Uniqueness Score: 0.00%

Function 00F61E30, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.320361861.00F60000.00000040.00000001.sdmp, Offset: 00F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f60000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9f81f2d51abd8cc0a0db254908b40c6a275932863ab2f86ec643c8dbe9b1d57
Instruction ID: 4d7dfb9d4887226b870b9e5a3bf4361a57835fe43fe78d26345afe457249b6c9
Opcode Fuzzy Hash: b9f81f2d51abd8cc0a0db254908b40c6a275932863ab2f86ec643c8dbe9b1d57
Instruction Fuzzy Hash: DA11B8B5508301AFD340CF19D880A5BFBE4FBC8664F04896EF99897311D231E914CFA2

Uniqueness

Uniqueness Score: 0.00%

Function 007E0984, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318526362.007E0000.00000040.00000040.sdmp, Offset: 007E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7e0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b3e7c7a8f4accce31b6fb02249390d409533fb1fd6007e628735ac7f7aa18ea
Instruction ID: 9ed7f0c5478a21352dd58751549bee382d421ed4cde8df2b01463b0b14bb0821
Opcode Fuzzy Hash: 5b3e7c7a8f4accce31b6fb02249390d409533fb1fd6007e628735ac7f7aa18ea
Instruction Fuzzy Hash: E411E4311093C49FD711CB55D980F16BB95EB99708F28C9ADE4491B243C7BBDC83DA91

Uniqueness

Uniqueness Score: 0.00%

Function 00786790, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 144d906e39a4606423eed6ee84175dd7f85b77c66c659091db3e90eee7942438
Instruction ID: 07035226febf1c67eb51a837156471387eaf93e0636aba632f1f10f68dccd0c5
Opcode Fuzzy Hash: 144d906e39a4606423eed6ee84175dd7f85b77c66c659091db3e90eee7942438
Instruction Fuzzy Hash: 592144B0C45248DFDB04DFE6C5083EDFBB1AF45304F1080AAC814AB295E7791A4ACF80

Uniqueness

Uniqueness Score: 0.00%

Function 0028AF78, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.317566032.00282000.00000040.00000001.sdmp, Offset: 00282000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_282000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8223e61ecd928a1bfc91b51bb0d19a77dfd43c23e355cdc20e1521820d7cd385
Instruction ID: d69d0a8bfaec21441a350c60e0f5c486328ab080484707feed0db44cc1832a34
Opcode Fuzzy Hash: 8223e61ecd928a1bfc91b51bb0d19a77dfd43c23e355cdc20e1521820d7cd385
Instruction Fuzzy Hash: 8311BAB5508301AFD750CF5ADC41A5BFBE8EBC8660F04892EF95997311D271E918CFA2

Uniqueness

Uniqueness Score: 0.00%

Function 00F61CD4, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.320361861.00F60000.00000040.00000001.sdmp, Offset: 00F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f60000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22a548c76d080c306260ba2e0702b2e1bcc64e309255d41c8bc7dc67091f2b20
Instruction ID: 41242090618b6816dcb4ec407030dfccc776bf6b672b51d150ba1942d0c10a0e
Opcode Fuzzy Hash: 22a548c76d080c306260ba2e0702b2e1bcc64e309255d41c8bc7dc67091f2b20
Instruction Fuzzy Hash: 4A11FAB5508301AFD350CF09DC84A5BFBE8EBC8660F04882EF95897311D271E908CFA2

Uniqueness

Uniqueness Score: 0.00%

Function 007E07F8, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318526362.007E0000.00000040.00000040.sdmp, Offset: 007E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7e0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 561b4864b55a8f3e8d788d23509bf767ed08100d42648331c5bd0cf8de04c8b3
Instruction ID: bc7920d0d2a2178044ee958ec0466475ebdb90d127aee17ecccf7bbf0bed19b7
Opcode Fuzzy Hash: 561b4864b55a8f3e8d788d23509bf767ed08100d42648331c5bd0cf8de04c8b3
Instruction Fuzzy Hash: B0F0D6775097806FC7118F16AC40862FFB8DE8663070DC4AFFC498B656D225A904CBB2

Uniqueness

Uniqueness Score: 0.00%

Function 007803E8, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c63a08ea48cf826bfc0e1a44ba101cff8fb374808aff623c0e2e64af1eee57cc
Instruction ID: bf07a4bdb55c9997cc9b555c3c2befe9ebf8ce4b99fbaf444230f7de4f96db5f
Opcode Fuzzy Hash: c63a08ea48cf826bfc0e1a44ba101cff8fb374808aff623c0e2e64af1eee57cc
Instruction Fuzzy Hash: D9F02B34A46248DFD706D7B1D664BAE7B76EFC7208F15A4D5800423282CA355F02D354

Uniqueness

Uniqueness Score: 0.00%

Function 007803F8, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bb311ecc2ed0b4513b76ec7bef88470f9036551c3838a4e643a7b9d11c8b12c
Instruction ID: e556c85b15b27aa4d8e0bb4ed02d0f15e8d6e0af7ad835edccd28c974941a6ae
Opcode Fuzzy Hash: 3bb311ecc2ed0b4513b76ec7bef88470f9036551c3838a4e643a7b9d11c8b12c
Instruction Fuzzy Hash: F7F03038A52108DBD708DBB1E668BBE77A6EFC6248F50A4688405332849F755E02D755

Uniqueness

Uniqueness Score: 0.00%

Function 007E0A40, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318526362.007E0000.00000040.00000040.sdmp, Offset: 007E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7e0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46debe57896ac666fbdd8b357651a768cc350afad20f7cf280d2b96e708a9c95
Instruction ID: 249801178906d014454e6642db3bb34e9469f8fdb2e6d5108ff3c5d7c76ac4dc
Opcode Fuzzy Hash: 46debe57896ac666fbdd8b357651a768cc350afad20f7cf280d2b96e708a9c95
Instruction Fuzzy Hash: 7FF03C35108684DFC306CF54D940B15FBA2FB89718F24C6ADE9491B762C77BE853DA81

Uniqueness

Uniqueness Score: 0.00%

Function 00780220, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd44ba6d9bbc14876209bb9b0ef7258917eadbd94ae9ab6a492214f26113cb2b
Instruction ID: 2a4394dff324413d95d612c27d3ae77f5186224c650b11086594bbd33c95f2d9
Opcode Fuzzy Hash: fd44ba6d9bbc14876209bb9b0ef7258917eadbd94ae9ab6a492214f26113cb2b
Instruction Fuzzy Hash: 5DF08C3894A348DFCB06DBB5E409198BFB5BF42305F2040EAD8488B352D3715A49DBA1

Uniqueness

Uniqueness Score: 0.00%

Function 00780458, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78ee5d5d56d736a25f42cbf994a12e82ef1e5ea1b0709a3c40064ec802a5a0f0
Instruction ID: 250074078a4bd84b76da17369003034a52781680fc141e06f42d53302004193f
Opcode Fuzzy Hash: 78ee5d5d56d736a25f42cbf994a12e82ef1e5ea1b0709a3c40064ec802a5a0f0
Instruction Fuzzy Hash: F0F05238D42208DFCB04EFB4E5485ADBBB0FF46304F2089AAD814A3351DB319A02CB80

Uniqueness

Uniqueness Score: 0.00%

Function 007E081E, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318526362.007E0000.00000040.00000040.sdmp, Offset: 007E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7e0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 422376033bb0386137f31aa8e590a64c86adb983733340451e362f70b9ef42c1
Instruction ID: 818725bfb816ee341803d3717e7b4f221f9154b2c5545be188044b470b707e7d
Opcode Fuzzy Hash: 422376033bb0386137f31aa8e590a64c86adb983733340451e362f70b9ef42c1
Instruction Fuzzy Hash: 7EE092766007009F9650CF0BEC41452F7A8EBC4631B18C47FEC0D8B715E635B504CAA2

Uniqueness

Uniqueness Score: 0.00%

Function 0028A90B, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.317566032.00282000.00000040.00000001.sdmp, Offset: 00282000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_282000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad29cffa2f9f140699a71b60be3e344c802b533e55474c84eec7106f5531f3f6
Instruction ID: 7143a615a909abcbf0c1ff2240790ce0750330b531c67da820f927048e021680
Opcode Fuzzy Hash: ad29cffa2f9f140699a71b60be3e344c802b533e55474c84eec7106f5531f3f6
Instruction Fuzzy Hash: 65E0D8725403046BD2508E079C45B53FB98DB90A31F08C567FD081B352E172B514C9E1

Uniqueness

Uniqueness Score: 0.00%

Function 0028A7C7, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.317566032.00282000.00000040.00000001.sdmp, Offset: 00282000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_282000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d87b97619c7585f604a843092ca48d9d7c9ec08bfe3a6f28acd4f602b55c2ed
Instruction ID: f118728f80fdd4c8a18be6b7d008cee322307208e72bbcca3d67316c04a0f53e
Opcode Fuzzy Hash: 4d87b97619c7585f604a843092ca48d9d7c9ec08bfe3a6f28acd4f602b55c2ed
Instruction Fuzzy Hash: 2BE0D8735003046BD2509E079C45B53FB98DB90A30F08C467FD081B312E172B514C9E1

Uniqueness

Uniqueness Score: 0.00%

Function 0028AFC7, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.317566032.00282000.00000040.00000001.sdmp, Offset: 00282000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_282000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e67d6978b254f0aca33ce1b667811dfc278c410baf232b8040f46700bedf57dc
Instruction ID: 843d4b0ca9e46f9ac579cde7f80126dd850a60706e7ba3977663d60b9d15d54f
Opcode Fuzzy Hash: e67d6978b254f0aca33ce1b667811dfc278c410baf232b8040f46700bedf57dc
Instruction Fuzzy Hash: 48E0D8725403046BD2509E079C45B52FB98DB90A31F08C467FD085B312E172B514C9F1

Uniqueness

Uniqueness Score: 0.00%

Function 007809E8, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fabf6635254009694cd23c764490a3dfb958a1f33eabb810305068589cfd8615
Instruction ID: f2b06758cd49cbb089b8ed0a3c95708cd0f581e94a383f925abbec02dec316fa
Opcode Fuzzy Hash: fabf6635254009694cd23c764490a3dfb958a1f33eabb810305068589cfd8615
Instruction Fuzzy Hash: 8DF01534A11108EBCB08EFF8DA52A9DB775EF41315F2005A898056B390DF306F58CBA1

Uniqueness

Uniqueness Score: 0.00%

Function 00F61E9B, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.320361861.00F60000.00000040.00000001.sdmp, Offset: 00F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f60000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69221967d76bb817408a640e15b3624a85f53e409b5430ae87946313ba8ff12e
Instruction ID: ba2ccab61112c72aa63181fdea791e6ea886f422852411ac19c9de4614d34442
Opcode Fuzzy Hash: 69221967d76bb817408a640e15b3624a85f53e409b5430ae87946313ba8ff12e
Instruction Fuzzy Hash: 7EE0D8725403006BD2508E079C45B52FB98DBD0A31F08C467FD081B712E172B514CAE1

Uniqueness

Uniqueness Score: 0.00%

Function 00F61747, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.320361861.00F60000.00000040.00000001.sdmp, Offset: 00F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f60000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a307a1a89c13cc8456f21e80a81a2899f731b383de81a674821046c71bcae01c
Instruction ID: 3350c5f927dc3d8a35a253ffc70099e451f4480a370d76ddb194cc5d03b25721
Opcode Fuzzy Hash: a307a1a89c13cc8456f21e80a81a2899f731b383de81a674821046c71bcae01c
Instruction Fuzzy Hash: EEE0D8725003006BD2509E079C46B53FB98DBD0A30F08C467FD081B316E176B514C9E1

Uniqueness

Uniqueness Score: 0.00%

Function 00F61D23, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.320361861.00F60000.00000040.00000001.sdmp, Offset: 00F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_f60000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0018f0cf2cb51ed3cf91c64fe4d7160defa3d6b99da3a85cc33bb1015bc9163a
Instruction ID: 99b9fec280c00ae1de2621c613a7a2e050efa8934e20c22c7bc17ed174d41a53
Opcode Fuzzy Hash: 0018f0cf2cb51ed3cf91c64fe4d7160defa3d6b99da3a85cc33bb1015bc9163a
Instruction Fuzzy Hash: C5E0D8725003046BD2509E079C49B53FB98DB80A31F08C467FD081B312E172B514C9F1

Uniqueness

Uniqueness Score: 0.00%

Function 00780460, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d798c58852af375e0082974b2f78a99b58fa14f3f2d958c15d779af09afe5f65
Instruction ID: 519c0e70353c72b34357136754037c1f767a087f790f56733ca722003ec89ac6
Opcode Fuzzy Hash: d798c58852af375e0082974b2f78a99b58fa14f3f2d958c15d779af09afe5f65
Instruction Fuzzy Hash: 47F03938D42208DFCB04EFF4E5485ADBBB0FB05301F2045A9D814A3350DB709A00CF80

Uniqueness

Uniqueness Score: 0.00%

Function 007877E8, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5805d875a69a20ae233e606cf30d730a4703ce02c12daf831f9e189415de5890
Instruction ID: ad997e05932d63193d2a9c01c0453fa774e629bedd9f42a43a04cce3e6d7180a
Opcode Fuzzy Hash: 5805d875a69a20ae233e606cf30d730a4703ce02c12daf831f9e189415de5890
Instruction Fuzzy Hash: 35E0DF3180E3889FCB079BB0EC0966CBF34EF07310F1445EAC840A3292D7344A88DB91

Uniqueness

Uniqueness Score: 0.00%

Function 00780230, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65cbcb86ed6eefabfd5b3c7656c1ded09b91ac08ff052afa30c0e604341f0163
Instruction ID: 7a98121db41626e54acba9a2d65da70bfc6f0cb67ccae5eea18a79f8b4b81343
Opcode Fuzzy Hash: 65cbcb86ed6eefabfd5b3c7656c1ded09b91ac08ff052afa30c0e604341f0163
Instruction Fuzzy Hash: D6E04F38D4A308DFCB04DFE9E50859CBBB5FB45305F2050A9D80993350D7715E58DB81

Uniqueness

Uniqueness Score: 0.00%

Function 007877F8, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ba98ec364f690ed5e1be424e3ae58b7e1993475ae0b97a4fb388dde04322711
Instruction ID: cd7071cb261b3d9b04d65b5bf2f907c8d9553e3ca5f68386e7f1111d05849ee2
Opcode Fuzzy Hash: 7ba98ec364f690ed5e1be424e3ae58b7e1993475ae0b97a4fb388dde04322711
Instruction Fuzzy Hash: BED05E34D06208DBCB09EFE5E94DAADBB78EB46311F2095A8D80423250D7345A80DF95

Uniqueness

Uniqueness Score: 0.00%

Function 007800ED, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cfc41f329359aa72c803d08b830b6970514cc90719e1a0a1d9573f24f3bb0d6
Instruction ID: da057e13bff4be02e1d5e13700aba8915185208988b88a461e13e07308ca7c5c
Opcode Fuzzy Hash: 8cfc41f329359aa72c803d08b830b6970514cc90719e1a0a1d9573f24f3bb0d6
Instruction Fuzzy Hash: 38D01739D02209CBCB00DFA8E0846ECFB70EB89325F20942AC514A3240C7314455CF91

Uniqueness

Uniqueness Score: 0.00%

Function 002623F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.317531855.00262000.00000040.00000001.sdmp, Offset: 00262000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_262000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d37742569b7fae878c1127c3fcfa00cd954d9ff00fe88f864c7cdef192617a24
Instruction ID: 695d370189d94163633194a2599fd798b483924e9c0c9ca2280df0d0bbaaf7ac
Opcode Fuzzy Hash: d37742569b7fae878c1127c3fcfa00cd954d9ff00fe88f864c7cdef192617a24
Instruction Fuzzy Hash: ABD05B752159918FD3168E1CC158B9537946F52704F4644F99800DB663C764D9D5D600

Uniqueness

Uniqueness Score: 0.00%

Function 007800CD, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.318445624.00780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_780000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e532e28433095b8eb4be8b1fd7c06856390df059f93376785b15fe9a32d6dd96
Instruction ID: aaa05033fdfe981192f1bed151e63da909f91b28375a5874a5a4264f56d7637d
Opcode Fuzzy Hash: e532e28433095b8eb4be8b1fd7c06856390df059f93376785b15fe9a32d6dd96
Instruction Fuzzy Hash: ACD0C93AE02208CFCB00CFA9F4445DCF771EB89225B20D46BD514B3250C7319415CF50

Uniqueness

Uniqueness Score: 0.00%

Function 002623BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.317531855.00262000.00000040.00000001.sdmp, Offset: 00262000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_262000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02464122a5689606a24f7ff7dfb84824a565d0385f9a11e9740b27a77adb38c7
Instruction ID: 8dfea393afad7d4bde1efa164683c1a66bfb3dcbafdb010c4b91d2eb2a43ec16
Opcode Fuzzy Hash: 02464122a5689606a24f7ff7dfb84824a565d0385f9a11e9740b27a77adb38c7
Instruction Fuzzy Hash: BBD05E342105828BD715CF0CC294F5977E4AF81704F1648E9BC008B366C3B8DDE4CB40

Uniqueness

Uniqueness Score: 0.00%

Non-executed Functions

Analysis Process: NEW_INVOICE.exe PID: 3968 Parent PID: 3540 NEW_INVOICE.exeUNIQUE

Execution Graph

Execution Coverage:	18.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	15.4%
Total number of Nodes:	228
Total number of Limit Nodes:	12

Executed Functions

Function 00F01A0A, Relevance: 13.2, APIs: 2, Strings: 5, Instructions: 930UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

:@}l, xrefs: 00F02F09
:@}l, xrefs: 00F0340B
X, xrefs: 00F02D07
X, xrefs: 00F01FEB
:@}l, xrefs: 00F03691

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: :@}l$:@}l$:@}l$X$X
API String ID: 6842923-315616662
Opcode ID: e4d7b58cb11fc17cf924899f7ac69bdd2a4835e8414dff7a56c7c55862aa88d8
Instruction ID: 36243cf7d9f90aaa6e2a8ec11e49214fe81c2e45b476722a4887ab9b7fcd9209
Opcode Fuzzy Hash: e4d7b58cb11fc17cf924899f7ac69bdd2a4835e8414dff7a56c7c55862aa88d8
Instruction Fuzzy Hash: 59A2E7B4A40228CFCB64CF24DD84B9AB7B2FB98315F1082E6D909A7350DB319E95DF50

Uniqueness

Uniqueness Score: 100.00%

Function 00EFA680, Relevance: 6.3, Strings: 4, Instructions: 1267UNIQUE

Download Yara Rule

Strings

l-:, xrefs: 00EFB884
d-, xrefs: 00EFAFEF
l-:, xrefs: 00EFB6DB
l-:, xrefs: 00EFAADF

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: d-$l-:$l-:$l-:
API String ID: 0-3091147437
Opcode ID: 90dce76a8528720fca27485ffc654b52458d494863f01bd9b85551f29c446774
Instruction ID: 588edb399aa67297a78849cb2eefbdf58642feb195b2623b8f34206cf146a336
Opcode Fuzzy Hash: 90dce76a8528720fca27485ffc654b52458d494863f01bd9b85551f29c446774
Instruction Fuzzy Hash: 2CA28E30B102598FDB14DBB4C8506AEB7F2AF95304F2485BAD509EB395EB34DD86CB81

Uniqueness

Uniqueness Score: 100.00%

Function 00F01ED2, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 213UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: c9082608c5fdf3fef701d585c1f3d04bd074e5ff16f27e0c14f2c04b4a3d2d4a
Instruction ID: eec5ecd0e4150811fa73c32107a8f14915b10f3b82e0202c53c80ee5feb8ec20
Opcode Fuzzy Hash: c9082608c5fdf3fef701d585c1f3d04bd074e5ff16f27e0c14f2c04b4a3d2d4a
Instruction Fuzzy Hash: D9A1B6B4A401288FCBA0CF24DD8479EB7F2FB89325F1082E6990DA7350DB319E959F51

Uniqueness

Uniqueness Score: 100.00%

Function 00F024BF, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 281UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F02D07

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: 476e426ce967e2b8e1e4a0d376af548f4ac1d142d6d2f51ec9b78031ea17dffc
Instruction ID: 7b27d91574e9a4db0f8bd8bed08c9d1652dcccee51e519b2d44fe09fefc79eef
Opcode Fuzzy Hash: 476e426ce967e2b8e1e4a0d376af548f4ac1d142d6d2f51ec9b78031ea17dffc
Instruction Fuzzy Hash: A5D1C9B4A402298FDBA0CF24DD8469AF7B2FB89315F1082E6D909A7350DB319ED4DF51

Uniqueness

Uniqueness Score: 100.00%

Function 00EFA671, Relevance: 3.1, Strings: 2, Instructions: 619UNIQUE

Download Yara Rule

Strings

d-, xrefs: 00EFAFEF
l-:, xrefs: 00EFAADF

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: d-$l-:
API String ID: 0-4218257674
Opcode ID: 72c9fce965faf88b16c47de8962774facada6c115e960044f3fb19757c78fcad
Instruction ID: 719ef52724a82b03b3111d7dd81f8c4a51a5c1e3ba5650543a5d819b18463ac8
Opcode Fuzzy Hash: 72c9fce965faf88b16c47de8962774facada6c115e960044f3fb19757c78fcad
Instruction Fuzzy Hash: C0324B70B00219CFDB54DB68C850BAEB7B2AF88304F2485BAD509EB754EB34DD858F91

Uniqueness

Uniqueness Score: 100.00%

Function 00EF3AF0, Relevance: 1.7, Strings: 1, Instructions: 423
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@}l, xrefs: 00EF3CE0

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: :@}l
API String ID: 0-282943697
Opcode ID: 1a94ecdf3664356ad404471fff57220f538ab657cd645185fbc96d23a5c53d4f
Instruction ID: d732ccf98bbb7eb4baa98426cadb220ac48f37e902da9613845477834665726b
Opcode Fuzzy Hash: 1a94ecdf3664356ad404471fff57220f538ab657cd645185fbc96d23a5c53d4f
Instruction Fuzzy Hash: FFF10370B142498FCB04DBB9C8505EEBBF2AF95350B14806AD605FB395DB38DD46CB92

Uniqueness

Uniqueness Score: 7.75%

Function 00EF9F80, Relevance: 1.6, Strings: 1, Instructions: 369
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@}l, xrefs: 00EFA1AF

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: :@}l
API String ID: 0-282943697
Opcode ID: a0f04bf23fade4f6e23494a43dcf27bafc515aeeff3737c282953f8535b0306a
Instruction ID: 62823fa172f5568763f515c9e3d0e2ed9648e1fb4cf8534c227c09ab1cd1844c
Opcode Fuzzy Hash: a0f04bf23fade4f6e23494a43dcf27bafc515aeeff3737c282953f8535b0306a
Instruction Fuzzy Hash: 45E17B70B00108CBCB04DBA8D5856ADB7F2EF98304B299935E61AEF395DB35DC45CB52

Uniqueness

Uniqueness Score: 7.75%

Function 00EF96A9, Relevance: 1.6, Strings: 1, Instructions: 357
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

l-:, xrefs: 00EF9B86

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: l-:
API String ID: 0-1487562763
Opcode ID: ece65b4c215389a6293d484551c412f7464c35d38eceb8ae2d9c8d17a03b794f
Instruction ID: caf7ff65f03da609fe69e300b4f2e8a106de6653742e973c680dbb384c0ed9d2
Opcode Fuzzy Hash: ece65b4c215389a6293d484551c412f7464c35d38eceb8ae2d9c8d17a03b794f
Instruction Fuzzy Hash: 5ED19D30F002498BDB18DFB5D5906AEB3B2AFD5344F20863AD549AB396EB34DD45CB81

Uniqueness

Uniqueness Score: 100.00%

Function 00EF96B8, Relevance: 1.6, Strings: 1, Instructions: 352
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

l-:, xrefs: 00EF9B86

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: l-:
API String ID: 0-1487562763
Opcode ID: 6c3c383e3baeb64e62cd12cbd63ac7cd68d50160434893f1aa3c561c13d9078e
Instruction ID: 97144a0f29f2fbbda570c660944a9b90adfed095438c30e925489aa22abe583d
Opcode Fuzzy Hash: 6c3c383e3baeb64e62cd12cbd63ac7cd68d50160434893f1aa3c561c13d9078e
Instruction Fuzzy Hash: ADD18D30B002498BDB18DFB5D9506AEB7B2AFD5344F20863AD509BB396EB34DD45CB81

Uniqueness

Uniqueness Score: 100.00%

Function 00ED02BF, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 00ED033F

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 1f0155d82f451cf0ee91170538bbf342717ca0cb7ae38d4b2d5d56a61eb839fa
Instruction ID: 8e1c8208c554024e9bdbf139025e9e69d0a65bb58d65272a3000a7e130c7d8bb
Opcode Fuzzy Hash: 1f0155d82f451cf0ee91170538bbf342717ca0cb7ae38d4b2d5d56a61eb839fa
Instruction Fuzzy Hash: 2C219F765097809FEB12CF25DC45B52BFB4EF17314F0885DAE9858B263D2719908CB61

Uniqueness

Uniqueness Score: 0.29%

Function 00ED0441, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 00ED04AD

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 71f24ee84943bf4934f5e8fd18fdb46da6437013b45cdd551561b611adf6289c
Instruction ID: c486b36d6b79c5ff142b676f60dd2a6c8e78de65510ffc2c91d2e9c68d113a28
Opcode Fuzzy Hash: 71f24ee84943bf4934f5e8fd18fdb46da6437013b45cdd551561b611adf6289c
Instruction Fuzzy Hash: 8B118B724097809FDB228F24DC45A52FFB4EF17324F0980DAE9859B663D265A918CB62

Uniqueness

Uniqueness Score: 0.01%

Function 00ED02F6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 00ED033F

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 050c0b93ad9abba84ed809f90dda55930f970c2af7dfc3853772d84949a6aa08
Instruction ID: 6556ece60e2c9d80b3458fd4b326d8f77790bf591bf2f7a22756b37aeeee3517
Opcode Fuzzy Hash: 050c0b93ad9abba84ed809f90dda55930f970c2af7dfc3853772d84949a6aa08
Instruction Fuzzy Hash: 9811A0325007009FDB20CF55D884B56FBE8EF15320F0888ABED458B711D371E418DB61

Uniqueness

Uniqueness Score: 0.29%

Function 0027A09A, Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 0027A0D5

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: c3c163af81a8ed1c1ef0765eb36f1c66b3712f178e9e44da47dd60cda2563be2
Instruction ID: f4144e93bfae31934af0b8b29e19437e71f605794698e4348751f3738573c899
Opcode Fuzzy Hash: c3c163af81a8ed1c1ef0765eb36f1c66b3712f178e9e44da47dd60cda2563be2
Instruction Fuzzy Hash: BF01B1324107409FEF20CF55D885B66FBA4EF55324F08C8AAED498B216D371E468CFA2

Uniqueness

Uniqueness Score: 0.03%

Function 00ED0472, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 00ED04AD

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 1b60dd28f2fbfa9ad6b9446160ca8300d26379001037c9c66f09fe6e305b198b
Instruction ID: 98e083fdba59cd3f3c1d68f85ac5a80122f911124e9338eeeb1041e2d5faa1a7
Opcode Fuzzy Hash: 1b60dd28f2fbfa9ad6b9446160ca8300d26379001037c9c66f09fe6e305b198b
Instruction Fuzzy Hash: 53018B364007449FEB208F45D985B61FBA0EF65324F08C49AEE895B712D376E818DBA2

Uniqueness

Uniqueness Score: 0.01%

Function 01090011, Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

:@}l, xrefs: 0109008C

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: :@}l
API String ID: 0-282943697
Opcode ID: f478b674b378517f0759fefd7c26b6206bf0bbb088659858cef4948a3095d318
Instruction ID: 3ca572c84dbb55cef7418470c8fc8d5b23ebfbeb581fe5d5900c097fb94c30d7
Opcode Fuzzy Hash: f478b674b378517f0759fefd7c26b6206bf0bbb088659858cef4948a3095d318
Instruction Fuzzy Hash: 7A711B307142408FCF456BB888212AE7BABAFDD304F54847AA409DB3D6DE388C499762

Uniqueness

Uniqueness Score: 7.75%

Function 00EFB8F0, Relevance: 1.5, Strings: 1, Instructions: 213UNIQUE

Download Yara Rule

Strings

#~P, xrefs: 00EFBB6F

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: #~P
API String ID: 0-3374738924
Opcode ID: 5a0f3ecb5cf52409d26a0283eec0e86f66445a5b008acf27c9cb5e374c8bb3e6
Instruction ID: 186ca35d5c43aed2d620d21ad7daf04f352174c53e87966cd63f18e7840806ce
Opcode Fuzzy Hash: 5a0f3ecb5cf52409d26a0283eec0e86f66445a5b008acf27c9cb5e374c8bb3e6
Instruction Fuzzy Hash: DE71F230B101088FCB08EBB8D8551ADB2E7EFD9319B609939E606EB394DF35DC528B51

Uniqueness

Uniqueness Score: 100.00%

Function 00EFB8E0, Relevance: 1.5, Strings: 1, Instructions: 203UNIQUE

Download Yara Rule

Strings

#~P, xrefs: 00EFBB6F

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: #~P
API String ID: 0-3374738924
Opcode ID: 7e1535d2233639e964b3d7dca4b0b39ef2e9fa11d0a8164ea2b22079dac0ff2e
Instruction ID: 1621810f97d7640b943214c84974aad91ea2d5e1bf82ba1c73c79f24b44777e7
Opcode Fuzzy Hash: 7e1535d2233639e964b3d7dca4b0b39ef2e9fa11d0a8164ea2b22079dac0ff2e
Instruction Fuzzy Hash: 7D61F130B101088FCB08DBB8D8556AEB3E3EBD9315B608539E606EB364DF34DC528B91

Uniqueness

Uniqueness Score: 100.00%

Function 01090070, Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

:@}l, xrefs: 0109008C

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: :@}l
API String ID: 0-282943697
Opcode ID: 5361f4e7135079487155ec99abd1f566e9a97d7b7f25edfad240087138931e35
Instruction ID: 262742dee4a06a7131ab300efa36715ae1481fe0bd249b92951265d616cc6be1
Opcode Fuzzy Hash: 5361f4e7135079487155ec99abd1f566e9a97d7b7f25edfad240087138931e35
Instruction Fuzzy Hash: 0451A4317101048FDF486AB988617AEB69FABDC308F508839A909DB7D9DE34CC595762

Uniqueness

Uniqueness Score: 7.75%

Function 00F03EB0, Relevance: .8, Instructions: 815COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cf8cd7a048e3f5b636629ef0ad147413058f8e327dc5d06d39ad53dbae17a5a
Instruction ID: e96b72e39e85379a40944e9c46f554b1f62a7d450a1fc39c447102ac88e5f35b
Opcode Fuzzy Hash: 2cf8cd7a048e3f5b636629ef0ad147413058f8e327dc5d06d39ad53dbae17a5a
Instruction Fuzzy Hash: C2621370B052458FDB14CB68C8807AEFBB2EF95314F14C56AD90A9B291CB34ED46EB91

Uniqueness

Uniqueness Score: 0.00%

Function 00F004E8, Relevance: .7, Instructions: 665COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40373e361b95e696303aac5bde375185d295202449bef6317a8213492f83134f
Instruction ID: 342302961ec780cdfda989b8ca00b4d508ee85223a504ebdbc08c353ae0cde69
Opcode Fuzzy Hash: 40373e361b95e696303aac5bde375185d295202449bef6317a8213492f83134f
Instruction Fuzzy Hash: 50620870A006598FCB64DF28C984A9EB7F2FF98304F1085E9D40DAB755DB34AE859F90

Uniqueness

Uniqueness Score: 0.00%

Function 00EF5365, Relevance: .6, Instructions: 615COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e064bce1dff1360d11ef44eb3960278732c22bc390303d67252dd12bc5a500ba
Instruction ID: da48eef058ee4f0200a0d7deca84d4c78ce41c1db4dabd5744e443242c7dc461
Opcode Fuzzy Hash: e064bce1dff1360d11ef44eb3960278732c22bc390303d67252dd12bc5a500ba
Instruction Fuzzy Hash: 4832AE35B00619CFDB08DB78D9806ADB7F2AF94304F64946AD60AEB391DB34DD45CB81

Uniqueness

Uniqueness Score: 0.00%

Function 00EF02F0, Relevance: .5, Instructions: 492COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd45079c232ea67bd18d6f12195a5de684cec5882beea207fe00468726e6554c
Instruction ID: 05b968c58bf8609eb7c41d6e45e84c15c4dce49a34b4790fd4009c0dad4b7a88
Opcode Fuzzy Hash: fd45079c232ea67bd18d6f12195a5de684cec5882beea207fe00468726e6554c
Instruction Fuzzy Hash: 2B129A31A04249CFCB14DFA4C9949ADFBB2BF84314F25C5AAD519AB356CB34EC85CB81

Uniqueness

Uniqueness Score: 0.00%

Function 00F004D9, Relevance: .5, Instructions: 488COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 062c5eafd350b15a5f3930bb4a8b91d4bbcfa5e0cd430793ddcb448450bf82d0
Instruction ID: d14c857e4fc17601b0575c696ab3aa4cf1200ad3fe74c2fed5b8aefff8304a82
Opcode Fuzzy Hash: 062c5eafd350b15a5f3930bb4a8b91d4bbcfa5e0cd430793ddcb448450bf82d0
Instruction Fuzzy Hash: A7321570A016598FCB64DF28C984A9EB7F2EF98304F10C5E9D44DAB355DB34AE818F90

Uniqueness

Uniqueness Score: 0.00%

Function 00EFC270, Relevance: .4, Instructions: 430COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b0b5f631e774442ea7087c57ec63125bdcd54d9d3791a00edb8d7d8a4963cff
Instruction ID: b7ea7e9606b02160a77867f6b540c4981c7be32d14bf8c620295bf9bd74fbac6
Opcode Fuzzy Hash: 1b0b5f631e774442ea7087c57ec63125bdcd54d9d3791a00edb8d7d8a4963cff
Instruction Fuzzy Hash: 09F1AC34B0010C9FDB04EBB8DA54AADB7A3AF84364F349576E616AB3E4DB30DC518B41

Uniqueness

Uniqueness Score: 0.00%

Function 00F00652, Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d633b8f1e614b69c93448a4013b714c07d6cc4b22553d5f0dfd2c0444dc551e3
Instruction ID: f7c1c1d0d793bfd57594dcbf65f00afbbfbe44ca0766683da7f5f0d65e722f7d
Opcode Fuzzy Hash: d633b8f1e614b69c93448a4013b714c07d6cc4b22553d5f0dfd2c0444dc551e3
Instruction Fuzzy Hash: 2A122770A0165A8FCB60DF28C984A9EF7F2EF98304F10C5A9D44DAB755DB34AD818F91

Uniqueness

Uniqueness Score: 0.00%

Function 00F006A6, Relevance: .4, Instructions: 413COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab52d602e8567380fba563a32524dcac59cbd8b5b3d9ebf8153478d6ab9c19e
Instruction ID: 46bc55ead72cc912b58332db4c6e00b6f3560d7f80f11a1b595feda3d67d8260
Opcode Fuzzy Hash: 8ab52d602e8567380fba563a32524dcac59cbd8b5b3d9ebf8153478d6ab9c19e
Instruction Fuzzy Hash: 91122870A0165A8FCB60DF28C984A9EF7F2EF98304F10C5A9D44DAB755DB34AD818F91

Uniqueness

Uniqueness Score: 0.00%

Function 00F006FA, Relevance: .4, Instructions: 403COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c8ac9bd9a169e2f2792e946a0f71daf28b48cc008a04215e31540afc05dee81
Instruction ID: a263678e08af5f186c5e226852d0a295b64ef0e8aa039d013905a307e888d81d
Opcode Fuzzy Hash: 9c8ac9bd9a169e2f2792e946a0f71daf28b48cc008a04215e31540afc05dee81
Instruction Fuzzy Hash: D1122870A0165A8FCB60DF28C984A9EF7F2EF98304F10C5A9D44E9B755DB34AD818F91

Uniqueness

Uniqueness Score: 0.00%

Function 00F0074E, Relevance: .4, Instructions: 393COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3305f00cf85ad9b0434073eab2afaba803bf2b84110739ff61f7dd971c78a77d
Instruction ID: b2a7a5904be54770e3e74daac2ee7b356c95a83908f0caea2adc9a97781357a9
Opcode Fuzzy Hash: 3305f00cf85ad9b0434073eab2afaba803bf2b84110739ff61f7dd971c78a77d
Instruction Fuzzy Hash: A1022770A0165A8FCB60DF28C984A9EF7F2EF98304F10C5A9D44E9B755DB34AD818F91

Uniqueness

Uniqueness Score: 0.00%

Function 00EF6878, Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 368094df314932e69121eb0c27b695b456221984e6d77e888152b712743a7e76
Instruction ID: c208ba533a46f3bf16f8adf2fbb3caccf3d30a60c45a169c549d0988b45f45d6
Opcode Fuzzy Hash: 368094df314932e69121eb0c27b695b456221984e6d77e888152b712743a7e76
Instruction Fuzzy Hash: F612C170A05229CFDB64CF69C984BDDB7B1BF89304F5085EAD509AB250DB30AE85CF51

Uniqueness

Uniqueness Score: 0.00%

Function 00EF1000, Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5195144875bd100822379a84efc40f43da4673efcdf95a86fb197898660e9ebc
Instruction ID: a7c7bf3daa2cba73da09de95945e337348d3e26fffdef30c66e08afa92cf2a6b
Opcode Fuzzy Hash: 5195144875bd100822379a84efc40f43da4673efcdf95a86fb197898660e9ebc
Instruction Fuzzy Hash: C002D730E1065A8ADB10EB68CD51AD9F3B1BF95304F1086EAE54D77290EB70AAC5CF91

Uniqueness

Uniqueness Score: 0.00%

Function 00EF18E8, Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07a2e9ca888e5ec26f21980fd9da85f713cc4f3a56c7800265b60406086d88f2
Instruction ID: bf1af039f07e9b2acda976cb16cf8af478a760b44ddc000236774573b070b522
Opcode Fuzzy Hash: 07a2e9ca888e5ec26f21980fd9da85f713cc4f3a56c7800265b60406086d88f2
Instruction Fuzzy Hash: E202E630E1066ACADB10EB68CD516D9F3B1BF95304F1086EAE54D7B250EB70AAC5CF91

Uniqueness

Uniqueness Score: 0.00%

Function 00EF3029, Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea68f3ab411390befa2fdf6abf3db90d51aaa92549c3e4e4292cb50fecf0e862
Instruction ID: d040caa686a9c669b282f1addcb4eb9ae9a5a7fb7223774d6102f2ddddba37fb
Opcode Fuzzy Hash: ea68f3ab411390befa2fdf6abf3db90d51aaa92549c3e4e4292cb50fecf0e862
Instruction Fuzzy Hash: E2B1D730A1C2C68FD701EB75C4546ED7FE2AF92244F5984FFC0849B196DBBA8985C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2E4F, Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d8939b06dbd6dd3dc29fd250ca9772362951691966593c317544521d06a5113
Instruction ID: 44563731bde7151aa4090adb496caa864b4e8a7843fcc4db47cc9aa903608103
Opcode Fuzzy Hash: 1d8939b06dbd6dd3dc29fd250ca9772362951691966593c317544521d06a5113
Instruction Fuzzy Hash: 74B1E730B1C3C68FD701EB75C8640ED7FE2AF92294B9945BFC0449B196EA79C986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF34BB, Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1c01e4a9c143f5af8d39e45f3df3c8a86094f225805a1a46114ab540f37e0d6
Instruction ID: 4774c3e0d60214cf3cd3f2f78f35029c1c56aaf8b190aa8dc88b3e276a01e3f7
Opcode Fuzzy Hash: f1c01e4a9c143f5af8d39e45f3df3c8a86094f225805a1a46114ab540f37e0d6
Instruction Fuzzy Hash: CEA10730B1C3C68FD701EB75C8640ED7FE2AF92294B9445BFC045DB196DA798986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2858, Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab254d766ff8e06988d742a04c900ea9566d4059b6a03198395b84a44ac220ce
Instruction ID: 0631db3023cc5ca3072c710cdbaab7d5ddcbc7f80456480b530b099acc48253f
Opcode Fuzzy Hash: ab254d766ff8e06988d742a04c900ea9566d4059b6a03198395b84a44ac220ce
Instruction Fuzzy Hash: A9A11930B1C2C68FDB01EBB5C8640ED7FE29F92294B9444BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2CA5, Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b03bb1e7d7e7333ded5ed0876ab905283d1d38b878efd28272fa1a293a4fe1
Instruction ID: d9b44b05d8ee84d974330820c71f3e452aa2692fd445d651c005c3a80e2719b2
Opcode Fuzzy Hash: 30b03bb1e7d7e7333ded5ed0876ab905283d1d38b878efd28272fa1a293a4fe1
Instruction Fuzzy Hash: 12A11830B1C2C68FD701EBB5C8641ED7FE29F92294B9444BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF328D, Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd297c124789f03127bc3eebfa491af3ef402b3722b9e55871a786febc5126c4
Instruction ID: 305f455d4c3ef382590f075bda57f73f189455e70eee63b5df02af7272b6a7a8
Opcode Fuzzy Hash: dd297c124789f03127bc3eebfa491af3ef402b3722b9e55871a786febc5126c4
Instruction Fuzzy Hash: D5A12730B1C2C68FD701EBB5C8640ED7FE29F92254B9445BFC045DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF3680, Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e11e4ae5c69679bd5b0ab9784200441e9ced9e7d092e3d547f80816622175a0
Instruction ID: d599a2099aa19d5f307571e67bb476c13f3681c088c5e065f2d161526def1f9c
Opcode Fuzzy Hash: 3e11e4ae5c69679bd5b0ab9784200441e9ced9e7d092e3d547f80816622175a0
Instruction Fuzzy Hash: 69A10830B1C2C68FD701EBB5C8641ED7FE29F92294B9444BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF29ED, Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 831386624ce1fcb3f18d025d8262f0c9ed0877913ec0c2149d25b2bce7485dd5
Instruction ID: ff4e75a68fb6d07ffe98ce748bfd1728be842cab20de0d18f1344fd8829324b8
Opcode Fuzzy Hash: 831386624ce1fcb3f18d025d8262f0c9ed0877913ec0c2149d25b2bce7485dd5
Instruction Fuzzy Hash: A9A11830B1C3C68FD701EBB5C8640ED7FE29F92194B9445BFC045DB196EA798986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2990, Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ebac8a55c3db86fc9ea3e9b569bb0bdc12d1cb714045f2b225e9c8347d8ac6d
Instruction ID: 0aba9ebc369e8fc4f433fec4033007aed37c2ecafffaf5b1d7f0b4844f791c94
Opcode Fuzzy Hash: 6ebac8a55c3db86fc9ea3e9b569bb0bdc12d1cb714045f2b225e9c8347d8ac6d
Instruction Fuzzy Hash: E5A12830B1C3C68FD701EBB5C8641ED7FE29F92254B9444BFC044DB196EA798986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF28A3, Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3e9cb07b8a9b604542b3c9844b40ed8d9fadb08933989eb12db7d0ec0137194
Instruction ID: a027168766d2944a773c485feb6457eab9bf3573ecb5c8d8105beac780f2a20b
Opcode Fuzzy Hash: b3e9cb07b8a9b604542b3c9844b40ed8d9fadb08933989eb12db7d0ec0137194
Instruction Fuzzy Hash: EAA11B30B5C2C68FDB01EBB5C8640ED7FE29F92154B9444BFC045DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2A89, Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dc5be6c679dc80cd320cda01e017a29c010fafa2b2af15204acd6b213b555ea
Instruction ID: 45754a58b4d6ded3182dfeed947e1d8186b8583b887fb037fda9b3184d482af0
Opcode Fuzzy Hash: 0dc5be6c679dc80cd320cda01e017a29c010fafa2b2af15204acd6b213b555ea
Instruction Fuzzy Hash: 12A10830B1C2C68FD701EBB5C8640ED7FE29F92194B9444BFC045DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF3635, Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b32f700f20dd3c4010adc521ec5f5289d14434a5164cccfed2596c849763ce2
Instruction ID: 1e5d5b34afe90b765a24a549608d45938436a15926019dca06b329a8bd420fb0
Opcode Fuzzy Hash: 4b32f700f20dd3c4010adc521ec5f5289d14434a5164cccfed2596c849763ce2
Instruction Fuzzy Hash: 2FA11830B1C2C68FDB01EBB5C8640ED7FE29F92194B9445BFC045DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF33CB, Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0145596477e094336abc48c3b8e867ef5a575440f7497b00a3566bc6dd075e57
Instruction ID: 9436d355419c66c3307a5d4815f0c0983f9a60718b6f420af6fe9f83e39015e2
Opcode Fuzzy Hash: 0145596477e094336abc48c3b8e867ef5a575440f7497b00a3566bc6dd075e57
Instruction Fuzzy Hash: 66A13830B1C2C68FDB01EBB5C8641ED7FE29F92294B9444BFC044DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2DB3, Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db6cbf484bf7f67c366b95c89047fb21990b6b1067e90caa921f1cdcdc567765
Instruction ID: ba4d9ca135322d18dbb1a5c85383c893367f380540d536111a946e4434df06ba
Opcode Fuzzy Hash: db6cbf484bf7f67c366b95c89047fb21990b6b1067e90caa921f1cdcdc567765
Instruction Fuzzy Hash: CEA10530B1C2C68FDB01EBB5C8640ED7FE29F9219479845BFC045DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF359C, Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 341e175a784561df1fda34faab981973f68969905722c81f7aab07b2ae5a5040
Instruction ID: ff525dbf11709347498a1ee1b8e3945708e5c15da6d6bbc462520eded05c7d17
Opcode Fuzzy Hash: 341e175a784561df1fda34faab981973f68969905722c81f7aab07b2ae5a5040
Instruction Fuzzy Hash: 72A11730B5C2C68FDB01EBB5C8640ED7FE29F92294B9444BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF3194, Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c70dea638cc4193af03dc336429588b2ef0d5cc39fd4f2b4cd91a28febae29c8
Instruction ID: 7787285843734e2e6384ea563e44a30ffd02967938560d899d4b284cbcb69e33
Opcode Fuzzy Hash: c70dea638cc4193af03dc336429588b2ef0d5cc39fd4f2b4cd91a28febae29c8
Instruction Fuzzy Hash: 8BA11730B1C2C68FDB01EBB5C8640ED7FE29F92294B9444BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF28DC, Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2faef8f2c3894a6988184737706e8503a5dd21ca8cc238759a7ea4fde121d7bb
Instruction ID: 7fce706f8d99e8d8ae87fb65a6001f953d9ac0cb3230ca378bb016e8db04d7de
Opcode Fuzzy Hash: 2faef8f2c3894a6988184737706e8503a5dd21ca8cc238759a7ea4fde121d7bb
Instruction Fuzzy Hash: ECA10730B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2834, Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eb72b0a920aab0ff2525b6ff9b131007b1318c00cb39188b0b3a8314eafc50c
Instruction ID: 7765b4536af403c5daa40dab9748c8f8f9f79f06aea746b6537b5cd79f48d420
Opcode Fuzzy Hash: 9eb72b0a920aab0ff2525b6ff9b131007b1318c00cb39188b0b3a8314eafc50c
Instruction Fuzzy Hash: AFA12A30B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2EE2, Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5c5d842c5baa6872f329e2de1c496e0909c15408850e74dd2f2b16a5c3962ce
Instruction ID: dc61abaec6b1336103475c34db2f9c9b0814ef5df9821a6b04805350688fa71b
Opcode Fuzzy Hash: a5c5d842c5baa6872f329e2de1c496e0909c15408850e74dd2f2b16a5c3962ce
Instruction Fuzzy Hash: 0BA13830B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB196EABD8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2A4A, Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6ebc4e06ff0971b78a07035fd81822717dafa6327d6e5a19b4a91e3904c84a0
Instruction ID: c8d0e0f0a39954e37f8ae97cf1ff82a855031408f1ba59eb9120c5cbc907abb5
Opcode Fuzzy Hash: c6ebc4e06ff0971b78a07035fd81822717dafa6327d6e5a19b4a91e3904c84a0
Instruction Fuzzy Hash: 79A12830B1C2C68FDB01EBB5C8641ED7FE29F92194B9444BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF345B, Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268f9777a87c6e869ae55403e823873878301d79f3f1c2759eaedce0a87e5819
Instruction ID: d8c59961c3390bbcb1f87d57f68e43b262b348f387401b24c000bdd1f4381951
Opcode Fuzzy Hash: 268f9777a87c6e869ae55403e823873878301d79f3f1c2759eaedce0a87e5819
Instruction Fuzzy Hash: BBA13830B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC041DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2C3C, Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b4a4006ac41fab4a8a08709c43af64033ab11c8b88a6c754020ce62ae659ae3
Instruction ID: d129e7f722999833e0bf2e8a5ddec0f1d0d1c4d2fe5c712c7f0ed26af0ffd84f
Opcode Fuzzy Hash: 8b4a4006ac41fab4a8a08709c43af64033ab11c8b88a6c754020ce62ae659ae3
Instruction Fuzzy Hash: 46A12830B1C2C68FDB01EBB5C8641ED7FE29F92194B9444BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF3206, Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d3ba4e68c3ca5e5b31911e7f9f2bf94228cd08e0a0ea086240d19df29a4f80
Instruction ID: 596072576bc430067065f412c58f5620fe515b85c0b2a38a4069e07aff36b47b
Opcode Fuzzy Hash: 09d3ba4e68c3ca5e5b31911e7f9f2bf94228cd08e0a0ea086240d19df29a4f80
Instruction Fuzzy Hash: 0EA12630B1C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF3416, Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b153ab80acc769600482c5dd01fcfd19f451a016c42d9a2fc004ea41cea6f5a
Instruction ID: 81b1bde7ff839f0736feadf0147407e6093bc4e785bbdb722c7e7b4e2f527eb2
Opcode Fuzzy Hash: 7b153ab80acc769600482c5dd01fcfd19f451a016c42d9a2fc004ea41cea6f5a
Instruction Fuzzy Hash: EDA11830B1C2C68FDB01EBB5C8641ED7FE29F92194B9844BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2FF0, Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f5a8c606f8f555b610241115e6357e2c82fdd9e596c7f97d3253583d235d0e5
Instruction ID: ea09778c1a77fe6b931c709051ad86f18fded8b628972cc696ec34c508d61b43
Opcode Fuzzy Hash: 0f5a8c606f8f555b610241115e6357e2c82fdd9e596c7f97d3253583d235d0e5
Instruction Fuzzy Hash: ECA11730B5C2C68FDB01EBB5C8640ED7FE29F9219479444BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF32EA, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de84a24f22a25682be028556329f688df19ec275a4114acd3e0ba9f6ffdc26d4
Instruction ID: f502b28b1e8fe9d8e12ba59f41ef275a4574e6ffedd2005594528b45cc9396a9
Opcode Fuzzy Hash: de84a24f22a25682be028556329f688df19ec275a4114acd3e0ba9f6ffdc26d4
Instruction Fuzzy Hash: BF912730B5C2C68FDB01EBB5C8640ED7FE29F92194B9844BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2AFB, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64404d2a9f4e2cc7ce6bdd13b996bb6227b24a9df41148948221889615bffd60
Instruction ID: eaaa43b9d5c02a5da74340e6d38329f6b54ea1c2945d8df1c4031e95e3022b81
Opcode Fuzzy Hash: 64404d2a9f4e2cc7ce6bdd13b996bb6227b24a9df41148948221889615bffd60
Instruction Fuzzy Hash: 1E912730B5C2C68FDB01EBB5C8641ED7FE29F92194B9444BFC041DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF36DD, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a090df15f1725f163f210162b0f3df214ff93fa799a409f39a8e0fe86f8bee3f
Instruction ID: 140e7d958d1534426c1b8fff0c197fbe724bc8f1dca24675143e50ec89e595d9
Opcode Fuzzy Hash: a090df15f1725f163f210162b0f3df214ff93fa799a409f39a8e0fe86f8bee3f
Instruction Fuzzy Hash: 92911630B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB196EA6D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2AD4, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 983f67df3ebabf7c60b38545c9fe7417a4be65f953d9a9bd4739c2e6a54b79d7
Instruction ID: 079545c17288aaf28142dab5dc582f83973520b942c6e67a77b7983132448262
Opcode Fuzzy Hash: 983f67df3ebabf7c60b38545c9fe7417a4be65f953d9a9bd4739c2e6a54b79d7
Instruction Fuzzy Hash: 49912630B5C2C68FDB01EBB5C8640ED7FE29F9219479844BFC045DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF3494, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d24fe7f11d51a2b5cd22cab39b8517d94c98bbfb3cb913b2c90713f451098b1
Instruction ID: 099cded796c440d547f5db1367b27e75e70312cf89e046f6685457383c6f471b
Opcode Fuzzy Hash: 9d24fe7f11d51a2b5cd22cab39b8517d94c98bbfb3cb913b2c90713f451098b1
Instruction Fuzzy Hash: 69912730B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF3266, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6dd081820e326899741016aacc52dcbbf54e68c5a9db56cae75008db67a7d6e
Instruction ID: a615ec79b728af2f697bf991945ff26fe43677794ea525e89657db201e6c9d85
Opcode Fuzzy Hash: b6dd081820e326899741016aacc52dcbbf54e68c5a9db56cae75008db67a7d6e
Instruction Fuzzy Hash: 6D911730B5C2C68FDB01EBB5C8640ED7FE29F9219479444BFC045DB196EA7D8986C782

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2C7E, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e513d668415d6d2f5d560c90815c17105804d81f286aa10da3d6394ffc3c971e
Instruction ID: 246af079070e108b61d7f449116bb3ef0d2a29727ecc8e915b54054ad9a84ede
Opcode Fuzzy Hash: e513d668415d6d2f5d560c90815c17105804d81f286aa10da3d6394ffc3c971e
Instruction Fuzzy Hash: A5911630B5C2C68FDB01EBB5C8640ED7FE29F9219479444BFC045DB296EA6D8986C782

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2E25, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5114ad51ee880f9cc95a8e8db5fe54e35756e13c1ec507913e6a43b0715e43ec
Instruction ID: 39e19ba496a7cf288cafe67db181c85eebcf3d1fa38ed89f172d6b285b3e40c5
Opcode Fuzzy Hash: 5114ad51ee880f9cc95a8e8db5fe54e35756e13c1ec507913e6a43b0715e43ec
Instruction Fuzzy Hash: C3912730B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB296EE6D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF323F, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba26b6efeb864d38e1922a2220c1f20d9441de3650bc5e393bbd98c508dc0efb
Instruction ID: 8dffe4fb24e5c51357badf5683c6595e8c27e00c9da0d8d72595dbed80c7e87f
Opcode Fuzzy Hash: ba26b6efeb864d38e1922a2220c1f20d9441de3650bc5e393bbd98c508dc0efb
Instruction Fuzzy Hash: 98910630B5C2C68FDB01EBB5C8640ED7FE29F9219479444BFC045DB296EE6D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF360E, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c96a7a7ae495a3d63053e0e7ee3c2df3414519adee55aaa972b61f51fde6559
Instruction ID: 7968179051c1a5880bd5497d579c8b40f2f86c7832fa80c4460f3cb04da58025
Opcode Fuzzy Hash: 2c96a7a7ae495a3d63053e0e7ee3c2df3414519adee55aaa972b61f51fde6559
Instruction Fuzzy Hash: 71911630B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2C15, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aac3c1ec48558a8a73f6b88c067cb0d42844de63fe4bbdab8f2730f48a362ded
Instruction ID: 7d4708a86f13fdd47f0194e1663eb0b1753faa7f32c3a0644560ecd59abc062a
Opcode Fuzzy Hash: aac3c1ec48558a8a73f6b88c067cb0d42844de63fe4bbdab8f2730f48a362ded
Instruction Fuzzy Hash: F3911630B5C2C68FDB01EBB5C8640ED7FE29F9219479844BFC045DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2BEE, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8d65617216398cab7ebc54ddc0312ddd9bb1b3fb125d0e40e42553d55bdfc86
Instruction ID: 9adb5809e78d77f4cb3d9154a114486bc37661242627a125c48a7fae8d7f71c6
Opcode Fuzzy Hash: a8d65617216398cab7ebc54ddc0312ddd9bb1b3fb125d0e40e42553d55bdfc86
Instruction Fuzzy Hash: C2911730B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF35E7, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e49cba83ada27db5d5a161e4af3dbfa8d048b7f0d19f6675c6bfbfdabf791302
Instruction ID: 047a02673c91d60d51f1b7bb2d7bfa9c38ee5cf2cc7d7ddbaf17726bbd276b74
Opcode Fuzzy Hash: e49cba83ada27db5d5a161e4af3dbfa8d048b7f0d19f6675c6bfbfdabf791302
Instruction Fuzzy Hash: 9E912730B5C2C68FDB01EBB5C8640ED7FE29F9219479444BFC045DB296EABD8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2DFE, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41649a25d66d8e793faf33ff80a11104e22978c8e538fd4198c53e4b7aa6a7e5
Instruction ID: f689d49d43d5ba6be41f28ba4d44ab3561d61b56b1da556e41c8af06c6c4cd94
Opcode Fuzzy Hash: 41649a25d66d8e793faf33ff80a11104e22978c8e538fd4198c53e4b7aa6a7e5
Instruction Fuzzy Hash: AF911730B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB296EA6D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2FC3, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 129dc46592a36bd3c4fa1db7ad97e20235f7a123fa61d5892cdc970c2481845f
Instruction ID: 09eb9ac3f73e8e381e6ff6a9bac718cc6fa84394ef0c87ab952ba0a77cdfca2e
Opcode Fuzzy Hash: 129dc46592a36bd3c4fa1db7ad97e20235f7a123fa61d5892cdc970c2481845f
Instruction Fuzzy Hash: CD912630B1C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB196EAAD8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF31DF, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c476d3e5988d7d6fe90d4181c82a75bd16f7307e42b657d3fe99d39d656445a7
Instruction ID: cb5dcf455a4d87ddeda73a8dba0c9503fbefc6f741901b6ca63f02d5b640b162
Opcode Fuzzy Hash: c476d3e5988d7d6fe90d4181c82a75bd16f7307e42b657d3fe99d39d656445a7
Instruction Fuzzy Hash: 07912630B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB296EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF37BB, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d03d048f97fe0b538c3c9ef1f4275e6d9beeb00014c4d6231521f7a8de76799b
Instruction ID: d4b6bbcf550fca9f6606bed15afc91e8486c86d17e690b8ec44377eb87fc9445
Opcode Fuzzy Hash: d03d048f97fe0b538c3c9ef1f4275e6d9beeb00014c4d6231521f7a8de76799b
Instruction Fuzzy Hash: 60911530B5C2C68FDB01EBB5C8640ED7FE29F9219479444BFC045DB296EA6D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2D89, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0125df51b35ff036dc8b23c188c3cd54966a1d1014c3df538ce5bd7f729be9a4
Instruction ID: 5c40b7a21f8ec958d79183356e9b8c6741a0cdac29546bc4b24eb4c2b80724b8
Opcode Fuzzy Hash: 0125df51b35ff036dc8b23c188c3cd54966a1d1014c3df538ce5bd7f729be9a4
Instruction Fuzzy Hash: BA911730B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB296EE6D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF3798, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2dda332164b32e442bda2f559212363b9f0213bc17507fb0996a31029d6a264
Instruction ID: 3767af4d76055c78d0db3cc639e438628a3f51609364575bc3eeb80ce03194aa
Opcode Fuzzy Hash: f2dda332164b32e442bda2f559212363b9f0213bc17507fb0996a31029d6a264
Instruction Fuzzy Hash: E8911730B5C2C68FDB01EBB5C8640ED7FE29F92194B9444BFC045DB196EA7D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF316D, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c0a5404403aeeea80b3212347853e92ba6118d47aaa412df3f116a68d02655c
Instruction ID: 584bdd72f09ceda74510ac2e0a5c63ef4060d7b666e2d6c84167ff8677f4cca6
Opcode Fuzzy Hash: 5c0a5404403aeeea80b3212347853e92ba6118d47aaa412df3f116a68d02655c
Instruction Fuzzy Hash: EC912730B5C2C68FDB01EBB5C8640ED7FE29F9219479444BFC041DB296EA6D8986C742

Uniqueness

Uniqueness Score: 0.00%

Function 00EF2D62, Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0c2825d534f85dcbb1efb4ebbefa25c893445e8758b423f072d3d74c74e03eb
Instruction ID: d4d149b691303cd99d9b86bf1a21356e3973267ad750dea0c55aba2524f6dab4
Opcode Fuzzy Hash: e0c2825d534f85dcbb1efb4ebbefa25c893445e8758b423f072d3d74c74e03eb
Instruction Fuzzy Hash: B6911630B5C2C68FDB01EBB5C8640ED7FE29F9219479844BFC045DB196EA6D8986C782

Uniqueness

Uniqueness Score: 0.00%

Function 00EFBC40, Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78fd7054491dcce880f09d0fe88850d9cf92ec3eb13b50134c00f7c225a93882
Instruction ID: 1a06c07b233910d27c04e3f4ca8c858a70afbfdff4e63e4d066b3abd43c5cda2
Opcode Fuzzy Hash: 78fd7054491dcce880f09d0fe88850d9cf92ec3eb13b50134c00f7c225a93882
Instruction Fuzzy Hash: 66818F31B101198FCB08DBB8D9946ADB7E6EFC8304B254479E60AEB360DF31DC458B92

Uniqueness

Uniqueness Score: 0.00%

Function 00EFBC31, Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5537d2dc0d49d9508c7895ca93c36647f6a3e7b833d23b6c2e8fff671cf05664
Instruction ID: 90499b24df1bf73f15d5285b93fedaae704a05dc08a870d7232255c7ee2377ec
Opcode Fuzzy Hash: 5537d2dc0d49d9508c7895ca93c36647f6a3e7b833d23b6c2e8fff671cf05664
Instruction Fuzzy Hash: 57818D31B101098FCB48DB78D994AADB7E6FFC8304B25447AE60AEB360DB71DC458B42

Uniqueness

Uniqueness Score: 0.00%

Function 00EFE1D8, Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6e46a69857e113ecbc00b430c5395b7f99cd4ca6401e4fd44cbdf115326540a
Instruction ID: 7cc5a787509e39ed2b92fb5d6d44e09b8f3a3717fd583a9cc38be0bc6940e3fa
Opcode Fuzzy Hash: e6e46a69857e113ecbc00b430c5395b7f99cd4ca6401e4fd44cbdf115326540a
Instruction Fuzzy Hash: 8071B670B101498FCB04EBB8D8915ADB7A7EFD8304B149439E61AEB364EF34DD168B51

Uniqueness

Uniqueness Score: 0.00%

Function 0109037A, Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2e679cfd51ca455d66237133d4e38b83962d066deef585036d30897e2f9dd40
Instruction ID: a31f6d11b6676c56d4e692ac4442466458935a501f9d6633ddc34424d64b8419
Opcode Fuzzy Hash: d2e679cfd51ca455d66237133d4e38b83962d066deef585036d30897e2f9dd40
Instruction Fuzzy Hash: AE51E170A11214CFDF54DB78D5612AEB6EAAF88214F24487AE086DB358DF31CD41DB92

Uniqueness

Uniqueness Score: 0.00%

Function 00EF88F2, Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67eff3d1452052ba8d335d521f43083a8ec79ed3484c9ee18797a7f479e76e36
Instruction ID: 82b37fc7fa4ba40c4cde250e7632b07ecb98ee7e473f20c42ceb871edfe9b708
Opcode Fuzzy Hash: 67eff3d1452052ba8d335d521f43083a8ec79ed3484c9ee18797a7f479e76e36
Instruction Fuzzy Hash: E741F531F002598FCB84CBB89A511ADB7E2ABD9304714E43BD60AEB350EE74DC16CB91

Uniqueness

Uniqueness Score: 0.00%

Function 00F01A3A, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 338UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: 48f605611b2c2cd090344d5543fd4dd7782a68c8b93ea9b14272f8365ff8c877
Instruction ID: 36503ff7911abde77f000d3f41a0967db2cc210bf9fdb5914a65628ee0c58255
Opcode Fuzzy Hash: 48f605611b2c2cd090344d5543fd4dd7782a68c8b93ea9b14272f8365ff8c877
Instruction Fuzzy Hash: B50267B4A401288FCBA0DF64DD8469AF7F2FB88325F1082E6A90DA7350DB315E94DF55

Uniqueness

Uniqueness Score: 100.00%

Function 00F01A8E, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 328UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: fcac3303a3a7e26cd6928098e35a60e715878939ae74bee1783373d317db4f9d
Instruction ID: 327d1f9d089ba54cd01cc58acbf4444e91941aac73931ad4ba38916f17338a24
Opcode Fuzzy Hash: fcac3303a3a7e26cd6928098e35a60e715878939ae74bee1783373d317db4f9d
Instruction Fuzzy Hash: A2F167B4A401288FCBA0DF64DD8469AF7F2FB88325F1082E6A90DA7350DB315E94DF55

Uniqueness

Uniqueness Score: 100.00%

Function 00F01AE2, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 318UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: d5c7cb1de3189cf283e9462529e57ffb8101102052d1987c21bbf51436c6ca22
Instruction ID: 316e150cdbdcc322a9c4a9b4554bc59594fb1e2dd3d677642013173bb9cf4848
Opcode Fuzzy Hash: d5c7cb1de3189cf283e9462529e57ffb8101102052d1987c21bbf51436c6ca22
Instruction Fuzzy Hash: A0F177B4A401288FCBA0DF64DD8469AF7F2FB88325F1082E6A90DA7350DB315E94DF55

Uniqueness

Uniqueness Score: 100.00%

Function 00F01B36, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 308UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: bc7dfc1f9c2e61a19726965fa4ec55de05f6662723818eaae9dccda4bbacfc35
Instruction ID: 7c97171a06a9e8a4a1e03237a448221d0493060de43210b0a1af2125413a4f04
Opcode Fuzzy Hash: bc7dfc1f9c2e61a19726965fa4ec55de05f6662723818eaae9dccda4bbacfc35
Instruction Fuzzy Hash: EDF177B4A401288FCBA0DF64DD8469AF7F2FB88325F1082E6A90DA7350DB315E94DF55

Uniqueness

Uniqueness Score: 100.00%

Function 00F01B8A, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 298UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: c006e85c34fe42759e0c4e4a7fb0bfa3a011e900ce64f03eefd20fb519a0bc30
Instruction ID: 0994eab53430eeeef2c13ab79fb1f6a727d679764be4c7f27288cc02bbec8981
Opcode Fuzzy Hash: c006e85c34fe42759e0c4e4a7fb0bfa3a011e900ce64f03eefd20fb519a0bc30
Instruction Fuzzy Hash: 03E177B4A401288FCBA0DF64DD8469AF7F2FB88325F1082E6A90DA7350DB315E94DF55

Uniqueness

Uniqueness Score: 100.00%

Function 00F01BDE, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 288UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: 4439cb3af6b989d8ba03792d21e3d235c766ce7af0dc8accc5e85ead6bfa98c7
Instruction ID: ecc3ca209d5f576a39b1e6932413e55dbd67e7973483883b875f0ce0304054ac
Opcode Fuzzy Hash: 4439cb3af6b989d8ba03792d21e3d235c766ce7af0dc8accc5e85ead6bfa98c7
Instruction Fuzzy Hash: 25E177B4A401288FCBA0DF64DD8469AF7F2FB88325F1082E6A90DA7350DB315E94DF55

Uniqueness

Uniqueness Score: 100.00%

Function 00F01C32, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 278UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: e9eaf2c329fa1f2a0755f2bf1d485517acb65f495f060d3c5f5452a895c724b0
Instruction ID: e9d724e1d3c1eeb5f137a08340ae701f21322e63b39522dfaf0d76fcd3978cda
Opcode Fuzzy Hash: e9eaf2c329fa1f2a0755f2bf1d485517acb65f495f060d3c5f5452a895c724b0
Instruction Fuzzy Hash: 82E187B4A501288FCBA0DF64DD8469AF7F2FB88325F1082E6A90DA7350DB315E94DF15

Uniqueness

Uniqueness Score: 100.00%

Function 00F01C86, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 268UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: 5a31eac51c23c8da05bfd36a45921b8406cbe96f58e68c59122e49833f71a18b
Instruction ID: bd9da2421a0a35b3b9b032f66cefa11eee425d984ddf78205f9780bc64424e08
Opcode Fuzzy Hash: 5a31eac51c23c8da05bfd36a45921b8406cbe96f58e68c59122e49833f71a18b
Instruction Fuzzy Hash: C2D187B4A501288FCBA0DF64DD8469AF7F2FB88325F1082E6A90DA7350DB315E94DF15

Uniqueness

Uniqueness Score: 100.00%

Function 00F01CDA, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 258UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: 007a63048a2b54b6b84c2cc0492c42a39f357f567dde6435b6f378f78fca1d2c
Instruction ID: 1cf3253ef33da22a0261a6bf4825dac4fb3c13dface4ad26ac30118ad8169b49
Opcode Fuzzy Hash: 007a63048a2b54b6b84c2cc0492c42a39f357f567dde6435b6f378f78fca1d2c
Instruction Fuzzy Hash: AFD177B4A501288FCBA0DF64DD8469AF7F2FB88325F1082E6990DA7350DB315E94DF15

Uniqueness

Uniqueness Score: 100.00%

Function 00F01D2E, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 248UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: 7647808c0e5489410428d8e4d48693071a6e98526488326cba7a7a59368cdd52
Instruction ID: 9bf1250353e410bb541d8d17771e27f901ac0555501a79715ca6a2c4469c579c
Opcode Fuzzy Hash: 7647808c0e5489410428d8e4d48693071a6e98526488326cba7a7a59368cdd52
Instruction Fuzzy Hash: A3C176B4A501288FCBA0DF64DD8469AF7F2FB88325F1082E6990DA7350DB319E94DF11

Uniqueness

Uniqueness Score: 100.00%

Function 00F01D82, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: bc88ce6181edb259da5b34f6ae07c0da2a1f8eacaafb30a33ed22f726c6be8ad
Instruction ID: 76a927b19ef1f25bed1990c3bea72a4fbae29952f6378b61dfe87386e33688ba
Opcode Fuzzy Hash: bc88ce6181edb259da5b34f6ae07c0da2a1f8eacaafb30a33ed22f726c6be8ad
Instruction Fuzzy Hash: 30C187B4A502288FCBA0DF64DD8479AB7F2FB88325F1082E6990DA7350DB315E94DF11

Uniqueness

Uniqueness Score: 100.00%

Function 00F01DD6, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: 56c7dba2fc489d4efe49fe1706681200c9aa3a74cd8da87eecaa41ed311a7023
Instruction ID: bed1478e0b02a88821ffd041b7c2a5145d8a0671092785a46c44e917bcd2c82e
Opcode Fuzzy Hash: 56c7dba2fc489d4efe49fe1706681200c9aa3a74cd8da87eecaa41ed311a7023
Instruction Fuzzy Hash: A5B196B4A501288FCBA0CF64DD8469AB7F2FB89325F1082E6990DA7350DB319E94DF51

Uniqueness

Uniqueness Score: 100.00%

Function 00F01E2A, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 218UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: dff7e82c27ae51313b8ce4e7eed132579be058da4f618d6a6dd4647ead5364be
Instruction ID: 0053fdf7cf86e3cfa0d4fcc2c97ab146e732c185895962e68026560b675a3f3d
Opcode Fuzzy Hash: dff7e82c27ae51313b8ce4e7eed132579be058da4f618d6a6dd4647ead5364be
Instruction Fuzzy Hash: E6B197B4E501288FCBA0DF64DD8469AB7F2FB88325F1082E6990DA7350DB319E94DF11

Uniqueness

Uniqueness Score: 100.00%

Function 00F01E7E, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 208UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: 34b6f990f4cb34e03552c58a9eb6059f2019ba66f90ef7172e938bceb3d67013
Instruction ID: 0ee33637a30881b608cb2dee05be7443a18cd76c00b69904e3d70584475807f2
Opcode Fuzzy Hash: 34b6f990f4cb34e03552c58a9eb6059f2019ba66f90ef7172e938bceb3d67013
Instruction Fuzzy Hash: 53A196B4A501288FCBA4CF64DD8479AB7F2FB89325F1082E6990DA7350DB319E94DF11

Uniqueness

Uniqueness Score: 100.00%

Function 00F01F6B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 188UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: 44c6805e67be64daa0c40dc63e29bd804a8c27217548372d691377ac9ef82a71
Instruction ID: 5465a0e6a3602cd9cc49599a242b407fa3e91748e8d4c34193510e48464b1523
Opcode Fuzzy Hash: 44c6805e67be64daa0c40dc63e29bd804a8c27217548372d691377ac9ef82a71
Instruction Fuzzy Hash: 0991A6B4E501688FCBA0CF68DD8469AB7F2FB89315F1082E6990DA7350DB319E94DF11

Uniqueness

Uniqueness Score: 100.00%

Function 00F01FBF, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 178UNIQUE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F01FE3
KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Strings

X, xrefs: 00F01FEB

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: X
API String ID: 6842923-3587144104
Opcode ID: 77418fff6cbcef0ef1c8c20ffa8c052e660619dfa213f2ffafff1522fbffaac5
Instruction ID: e2707bb86f2db8ebc681f1ff132033a2c98ad505902f0f356a33d619a36a52d1
Opcode Fuzzy Hash: 77418fff6cbcef0ef1c8c20ffa8c052e660619dfa213f2ffafff1522fbffaac5
Instruction Fuzzy Hash: 7391B7B4E102688FCBA0CF64DD8469AB7F2FB89315F1082E6990DA7350DB319E949F11

Uniqueness

Uniqueness Score: 100.00%

Function 00F024A0, Relevance: 3.1, APIs: 2, Instructions: 134COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC
KiUserExceptionDispatcher.NTDLL ref: 00F024A6

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 33095ff2a33de4659b9c69c6fa56c0df678f85e99eb1dcbf45404b75f0f7f4a3
Instruction ID: 541dacdba04d8912571f864ec95b48134b01b5d363edda945f1fdd0be0b0d798
Opcode Fuzzy Hash: 33095ff2a33de4659b9c69c6fa56c0df678f85e99eb1dcbf45404b75f0f7f4a3
Instruction Fuzzy Hash: 7151E8B4E402288FCBA4CF24DD8479AB7F2FB89315F1082E69909A7350DB319E95DF11

Uniqueness

Uniqueness Score: 0.06%

Function 00EFB5F8, Relevance: 2.7, Strings: 2, Instructions: 202
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

l-:, xrefs: 00EFB884
l-:, xrefs: 00EFB6DB

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: l-:$l-:
API String ID: 0-157468240
Opcode ID: 3dc43e210059b7b615a7de55c0ebae76ba6a7116fe870a8f474fdb97169390f5
Instruction ID: d9c66aeafd4524503245450953f69e8c143aeb7a0ec5b5d8353d22513d9912a6
Opcode Fuzzy Hash: 3dc43e210059b7b615a7de55c0ebae76ba6a7116fe870a8f474fdb97169390f5
Instruction Fuzzy Hash: 98716C30B102598BCB08EFB4C9946AEB7F2AFD5304B548539E505EB394EB74ED46CB80

Uniqueness

Uniqueness Score: 100.00%

Function 00EFB608, Relevance: 2.7, Strings: 2, Instructions: 195
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

l-:, xrefs: 00EFB884
l-:, xrefs: 00EFB6DB

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: l-:$l-:
API String ID: 0-157468240
Opcode ID: 985e2fdeca379f494ce57c196a6a5ce9d784c42e95b18ee4f3788aaa67d448e9
Instruction ID: ac5c36d62635256120ba4bdfe4ce59f04c903d87637ddf99c3c5daf171f56453
Opcode Fuzzy Hash: 985e2fdeca379f494ce57c196a6a5ce9d784c42e95b18ee4f3788aaa67d448e9
Instruction Fuzzy Hash: AE715D30B102598BCB08EFB4C9906AEB7F6AFD5304B548539E505AB394EF74ED46CB80

Uniqueness

Uniqueness Score: 100.00%

Function 00EF00A0, Relevance: 2.6, Strings: 2, Instructions: 143
UNIQUE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

q1n, xrefs: 00EF01F5
q1n, xrefs: 00EF0201

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: q1n$ q1n
API String ID: 0-2516560063
Opcode ID: f3b4d59c3674ac3d5beb32b331c01f472c0dd7fec3c90ea084ba132fa898b055
Instruction ID: 23691ca0a370e07e36bf10cf1d79e3a54ec74a9dae8112122b06f75bd774a33a
Opcode Fuzzy Hash: f3b4d59c3674ac3d5beb32b331c01f472c0dd7fec3c90ea084ba132fa898b055
Instruction Fuzzy Hash: 7C418F30B112188FDB58DBB8C8546AEB6E7AFD9304B24983AD506EB791DF34DC05CB91

Uniqueness

Uniqueness Score: 100.00%

Function 00F0201F, Relevance: 1.7, APIs: 1, Instructions: 165COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: f4ee69b61e070d136d4e41346270996bd0020e4016ac98507928e80cdb4b16fb
Instruction ID: 0be1065142beb597686f9fd70459f907d5c0bc1d3aa570be0023b8d5886308d9
Opcode Fuzzy Hash: f4ee69b61e070d136d4e41346270996bd0020e4016ac98507928e80cdb4b16fb
Instruction Fuzzy Hash: 0481B8B4E502688FCBA0CF68DD84699B7F2FB89315F1082E6980DA7350DB319E94DF51

Uniqueness

Uniqueness Score: 0.06%

Function 00F02073, Relevance: 1.7, APIs: 1, Instructions: 155COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 199fd13f88eb7c2de8efa19b75cee38aec15e2d28d6123c3f3071054bbae3bda
Instruction ID: ca55c925fb5ba92f1e50887e1bdb8e4ed68ba4f41bb041fad6adc680f7f84773
Opcode Fuzzy Hash: 199fd13f88eb7c2de8efa19b75cee38aec15e2d28d6123c3f3071054bbae3bda
Instruction Fuzzy Hash: 6071C8B4E102288FCBA0CF28DD84699B7F2FB89315F1082E6990DA7350DB319E94DF51

Uniqueness

Uniqueness Score: 0.06%

Function 00F020CA, Relevance: 1.6, APIs: 1, Instructions: 145COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: e19bd8c0bad10439e5a4a4f568dce20afe186eb11bedfc5d5cedee3bc0120761
Instruction ID: 0694076ca73026e5936df3d07b871d79b3bafbf232782ddb58afebc9238485f6
Opcode Fuzzy Hash: e19bd8c0bad10439e5a4a4f568dce20afe186eb11bedfc5d5cedee3bc0120761
Instruction Fuzzy Hash: 2E61D9B4E102288FCBA4CF68DD84699B7F2FB89315F1082E6980DA7350DB319E94DF51

Uniqueness

Uniqueness Score: 0.06%

Function 00F02214, Relevance: 1.6, APIs: 1, Instructions: 135COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 5dd2afeff30267fc6b40736204e02aa4e0c54ef98300cdba50072ece8c37e439
Instruction ID: 329cf52553ea8717eaac731af1d61701df617cebe0711946e0a9be0cbdbb1692
Opcode Fuzzy Hash: 5dd2afeff30267fc6b40736204e02aa4e0c54ef98300cdba50072ece8c37e439
Instruction Fuzzy Hash: 7C51E8B4E502288FCBA4CF68DD84699B7F2FB89315F1082E6980DA7350DB319E95DF11

Uniqueness

Uniqueness Score: 0.06%

Function 00F0240C, Relevance: 1.6, APIs: 1, Instructions: 135COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 15b3096fb68cc46cfafe9be1860f03ce06fdbbff5ff57a0f855f6e3ae8f3c903
Instruction ID: c390b72d6fd63b3f4d4eb366981a4fd7c9ca666629cff137a41d1cee1b805e59
Opcode Fuzzy Hash: 15b3096fb68cc46cfafe9be1860f03ce06fdbbff5ff57a0f855f6e3ae8f3c903
Instruction Fuzzy Hash: B951DBB4E102288FCBA4CF64DD84699B7F2FB89315F1082E6980DA7350DB319E95DF51

Uniqueness

Uniqueness Score: 0.06%

Function 00F023B5, Relevance: 1.6, APIs: 1, Instructions: 135COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: e8ae2cbddf1b1ee92e802056c0a4f75477852186a6b98c3d12571dd57465da5f
Instruction ID: 9e10b33d3ebbf10874636b61c1f99b974c58dafc97dcb5ae49d712eb378f8e0a
Opcode Fuzzy Hash: e8ae2cbddf1b1ee92e802056c0a4f75477852186a6b98c3d12571dd57465da5f
Instruction Fuzzy Hash: 2751DAB4E102288FCBA4CF64DD84699B7F2FB89315F1082E6980DA7350DB319E95DF51

Uniqueness

Uniqueness Score: 0.06%

Function 00F021BD, Relevance: 1.6, APIs: 1, Instructions: 135COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: cce68f2e35114292a078572d77c6bfe320474c0fff71d525cc9d037efcafa73d
Instruction ID: 45c56e7c6ea2c50bfa0c6489f41dcd6fe3ceba8b6ec7bb8adc3d6069550463cb
Opcode Fuzzy Hash: cce68f2e35114292a078572d77c6bfe320474c0fff71d525cc9d037efcafa73d
Instruction Fuzzy Hash: 1351E8B4E502288FCBA4CF68DD84699B7F2FB89315F1082E6980DA7350DB319E94DF11

Uniqueness

Uniqueness Score: 0.06%

Function 00F0235E, Relevance: 1.6, APIs: 1, Instructions: 135COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 6ee6d8ab423451ac934b59fd6e012d6d62232b3c66a81cea968b1d82df87504a
Instruction ID: be0f3d1d6ee6e6d5434fa2c942d5195e1d4fca4d44b66d7a6c36db1c5e107931
Opcode Fuzzy Hash: 6ee6d8ab423451ac934b59fd6e012d6d62232b3c66a81cea968b1d82df87504a
Instruction Fuzzy Hash: A751DAB4E102288FCBA4CF64DD84699B7F2FB89315F1082E6980DA7350DB319E95DF51

Uniqueness

Uniqueness Score: 0.06%

Function 00F02307, Relevance: 1.6, APIs: 1, Instructions: 135COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 2dbbdd32cd6c6b00da9eb7b70f62d83762c47dab0b96c19d8276f62e3c8ce9ff
Instruction ID: 5aa2576550e752988983c4f37c8b3ee528d9660e8b0e4ab0524667185c7db869
Opcode Fuzzy Hash: 2dbbdd32cd6c6b00da9eb7b70f62d83762c47dab0b96c19d8276f62e3c8ce9ff
Instruction Fuzzy Hash: 3E51E9B4E102688FCBA4CF64DD8469AB7F2FB89315F1082E6980DA7350DB319E94DF11

Uniqueness

Uniqueness Score: 0.06%

Function 00F0226B, Relevance: 1.6, APIs: 1, Instructions: 133COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 465cdf6d7bb2965562cb1519d0da8bb297c83040ac59e27a07bda64beb49dbcf
Instruction ID: b179fdf061b623c90c1b4da88a958fca7d5ca2f7ad3c7501b88ec1bbbcf41406
Opcode Fuzzy Hash: 465cdf6d7bb2965562cb1519d0da8bb297c83040ac59e27a07bda64beb49dbcf
Instruction Fuzzy Hash: 1151C8B4E102288FCBA4CF28DD84699B7F2FB89315F1082E6980DA7350DB319E95DF51

Uniqueness

Uniqueness Score: 0.06%

Function 00F02121, Relevance: 1.6, APIs: 1, Instructions: 133COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 86d5a06e08b313f9f46e4496d69b4064518bbae8a31663cd48745e5d88227657
Instruction ID: cf90c1f4daefc7455ee39e862051a33c8fd71814b5c607226df14e12d0f40fca
Opcode Fuzzy Hash: 86d5a06e08b313f9f46e4496d69b4064518bbae8a31663cd48745e5d88227657
Instruction Fuzzy Hash: 6E51D8B4E502288FDBA4CF28DD84699B7F2FB89315F1082E6980DA7350DB319E95DF11

Uniqueness

Uniqueness Score: 0.06%

Function 00F0251B, Relevance: 1.6, APIs: 1, Instructions: 133COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00F023DC

Memory Dump Source

Source File: 00000007.00000002.594159167.00F00000.00000040.00000001.sdmp, Offset: 00F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_f00000_NEW_INVOICE.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 067c91abbd1acc14149e6487d5ecee3b28bd212f3743ad39484d1e96777d913f
Instruction ID: 47f26941e40faf0addc624abce54555f2130c4111d4bcbd7011d5b33663e8c79
Opcode Fuzzy Hash: 067c91abbd1acc14149e6487d5ecee3b28bd212f3743ad39484d1e96777d913f
Instruction Fuzzy Hash: A651EBB4E402688FCB94CF24DD8479AB7F2FB89315F1082E69909A7350DB319E95DF11

Uniqueness

Uniqueness Score: 0.06%

Function 00ED0A02, Relevance: 1.6, APIs: 1, Instructions: 113
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 00ED0AD9

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 8eca093640d237ae6a0a51413fab52c69e9fc07a0c945c04bdf30a3ab4ab2a7a
Instruction ID: d5ef85e029809d3f71dfc76683a714d35731b7d7dedf45d155b4125c18d2fc01
Opcode Fuzzy Hash: 8eca093640d237ae6a0a51413fab52c69e9fc07a0c945c04bdf30a3ab4ab2a7a
Instruction Fuzzy Hash: AE4160715093806FE713CB65CC54B56BFB8EF47214F0944DBE984CB2A3D265A809CB72

Uniqueness

Uniqueness Score: 0.01%

Function 00ED1911, Relevance: 1.6, APIs: 1, Instructions: 107
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 00ED19DA

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 09e0eba3805dde8f84c15e438d3467c87fe940fe4df1a24d3b68971b1ed25796
Instruction ID: ed9a38289e3f2945e3256f617f9f8568fcd746c4b6245802ba945ef3e10e40d9
Opcode Fuzzy Hash: 09e0eba3805dde8f84c15e438d3467c87fe940fe4df1a24d3b68971b1ed25796
Instruction Fuzzy Hash: 86417C7140E7C0AFD7128F618C55B96BFB4EF07214F0984DBE9858F2A3D325A909CB62

Uniqueness

Uniqueness Score: 0.66%

Function 0027AB72, Relevance: 1.6, APIs: 1, Instructions: 100
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(?,00000E38), ref: 0027AC31

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 23de9130cbc35c610bce6aa55936c342c08edd4fe18694c0e2c5e36f00b72e00
Instruction ID: f5a51d661c20a3f46a08f6ff3e1cb25022a7109e8bc25ec66cb991a9fdbd0495
Opcode Fuzzy Hash: 23de9130cbc35c610bce6aa55936c342c08edd4fe18694c0e2c5e36f00b72e00
Instruction Fuzzy Hash: D931A2724093846FE712CB60DC45FABBFBCEF56220F08849BE9858B153D664A909CB71

Uniqueness

Uniqueness Score: 0.01%

Function 00ED27E3, Relevance: 1.6, APIs: 1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E38), ref: 00ED28B7

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: c68f1349afb54334bb68fab607526f0eb542fc54875e9250f2332b136c47779c
Instruction ID: 4f42f18b06c30e91e21d9ea0cdd974c949496424a55249946e8e79a8031c4e93
Opcode Fuzzy Hash: c68f1349afb54334bb68fab607526f0eb542fc54875e9250f2332b136c47779c
Instruction Fuzzy Hash: D031A172404344AFEB21CB60CC85FA7BBACEF46314F04499AFA849B182D775A949CB61

Uniqueness

Uniqueness Score: 0.62%

Function 00ED2B93, Relevance: 1.6, APIs: 1, Instructions: 93encryptionCOMMON

Download Yara Rule

APIs

CertGetCertificateChain.CRYPT32(?,00000E38,?,?), ref: 00ED2C56

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CertCertificateChain
String ID:
API String ID: 3019455780-0
Opcode ID: 1312a2b3453dd5758267b9d28c42f8df01c51c5ddc04adb3cf345e3ed2ee0b97
Instruction ID: 830fccd168f405c2bceaea6822d8253e321aa70061f62bf20e0baf4ef68bdc6b
Opcode Fuzzy Hash: 1312a2b3453dd5758267b9d28c42f8df01c51c5ddc04adb3cf345e3ed2ee0b97
Instruction Fuzzy Hash: 1B31907650D3C45FD7038B658C61AA2BFB4EF47614F0D84CBD8848F2A3D624A919C7A2

Uniqueness

Uniqueness Score: 16.53%

Function 00ED2A95, Relevance: 1.6, APIs: 1, Instructions: 92networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED2B49

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: dad1778ccd8601c5c675b33c23f12808b45aa914925bbc3b99fbb75d73938614
Instruction ID: 6fe4c86949fc8591ca3af97d63993712af33737db956ae94dd3f82d234cf44b2
Opcode Fuzzy Hash: dad1778ccd8601c5c675b33c23f12808b45aa914925bbc3b99fbb75d73938614
Instruction Fuzzy Hash: A3318F71005780AFEB22CF50CC44F96FFB8EF56314F08899BE9859B262D364E909CB61

Uniqueness

Uniqueness Score: 0.86%

Function 00ED255C, Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED25F9

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 104109bb2f460b620d3958b5726955d5c28d783a45eed005ebc3993dd58d5c65
Instruction ID: 389a0b57b0b710c8ea29afcea111c63cf67f252775253e482eb982382010d946
Opcode Fuzzy Hash: 104109bb2f460b620d3958b5726955d5c28d783a45eed005ebc3993dd58d5c65
Instruction Fuzzy Hash: B4310972409380AFEB128F60DC45F96BFB8EF56314F0884DBE985DB193D2249505CB71

Uniqueness

Uniqueness Score: 0.67%

Function 0027AC79, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 0027AD34

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: d14f7bdedd83e7e674cf70867e577eb6f3a7f030ef29c911eea032a97efcb16c
Instruction ID: 7deb42e7d77b249a39051c98a91428c7678b0768ccb60064e7e4e0a4cf98579f
Opcode Fuzzy Hash: d14f7bdedd83e7e674cf70867e577eb6f3a7f030ef29c911eea032a97efcb16c
Instruction Fuzzy Hash: 9431B6725097809FE722CF61CC45F96BFBCEF46720F08849AE949CB152D264E949CB71

Uniqueness

Uniqueness Score: 0.03%

Function 00ED1C52, Relevance: 1.6, APIs: 1, Instructions: 87registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED1CFC

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 509653be9f0c34b894b9749203681d537db8d5b741942b61693f0ff2c5f999cf
Instruction ID: 160069272973df63cf0b90e7285675265dd9af711c644572793cb1f4b851433d
Opcode Fuzzy Hash: 509653be9f0c34b894b9749203681d537db8d5b741942b61693f0ff2c5f999cf
Instruction Fuzzy Hash: 3431A2724097806FE722CB61CC44F96BFB8EF56314F0884DBE9859B293D264E909CB71

Uniqueness

Uniqueness Score: 0.03%

Function 00ED1FF4, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 00ED209A

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: db074e1655a9279455260fd6203c65d2e32b0548f21942ba05ed46a7dfbb5207
Instruction ID: 5450e9a68ee1b8537eb0f745c02c57641e4d576141051471996c7fa9dced3f55
Opcode Fuzzy Hash: db074e1655a9279455260fd6203c65d2e32b0548f21942ba05ed46a7dfbb5207
Instruction Fuzzy Hash: 0F31C272009380AFE722CF60DC45F96FFF8EF16214F08449EE9848B252D365E949CB61

Uniqueness

Uniqueness Score: 0.53%

Function 00ED2EF2, Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED2F8A

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: c2b7538504b59d5fbb908a55f86655c642c0a8b557cc8ae854b466f973eadf3e
Instruction ID: 59a187ca9a4ee3b10e765f112f9c045b06f7261ba9daae00b913ff1c6b2e989e
Opcode Fuzzy Hash: c2b7538504b59d5fbb908a55f86655c642c0a8b557cc8ae854b466f973eadf3e
Instruction Fuzzy Hash: C82106725093806FEB12CB60DC44B96BFB8EF57314F0884DBE984DF252D2249909C771

Uniqueness

Uniqueness Score: 0.70%

Function 00ED229D, Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 00ED233D

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 7a96354e7febe46a3f14bf1408ad7ca01cedbac2ce5c3f25e1af3e24446246a7
Instruction ID: ee1faab2c06759de70b20c194d382d3be4c51bf5c3d839d078ab7f9e3d2f9a92
Opcode Fuzzy Hash: 7a96354e7febe46a3f14bf1408ad7ca01cedbac2ce5c3f25e1af3e24446246a7
Instruction Fuzzy Hash: 953180B1509380AFE711CF65CC45F5AFFF8EF16214F0884AEE9449B292D365E908CB61

Uniqueness

Uniqueness Score: 0.03%

Function 00ED2812, Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E38), ref: 00ED28B7

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: e0a8e0e807961e8a62776f4158c8d8c5adb3ab7c345fbecf87ab0b44889edc31
Instruction ID: 0e65b3c3132a262e08cb20e9593f0efa2a8d7646d645edcb2437e457f36c65d8
Opcode Fuzzy Hash: e0a8e0e807961e8a62776f4158c8d8c5adb3ab7c345fbecf87ab0b44889edc31
Instruction Fuzzy Hash: 1321BF72500204AFEB20DF90CD85FABF7ACEF54314F10485AFA449A281E7B6E9498B71

Uniqueness

Uniqueness Score: 0.62%

Function 00ED1364, Relevance: 1.6, APIs: 1, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED1400

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: eec0e8bf22648fb99b003ba2e5507d12d0d9e11720cc149c1ff300448a625a67
Instruction ID: 8a72582edd8c00c8a1c7d967d9126c51d42bd584fa114762bd98bab34196016e
Opcode Fuzzy Hash: eec0e8bf22648fb99b003ba2e5507d12d0d9e11720cc149c1ff300448a625a67
Instruction Fuzzy Hash: 3F21AC72109380AFD7228F50CC44F96BFB8EF46210F08889BE985DB292D264E948CB61

Uniqueness

Uniqueness Score: 0.03%

Function 0027A120, Relevance: 1.6, APIs: 1, Instructions: 84fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E38,?,?), ref: 0027A1C2

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 6e316151948bf61b611362ce5e3e60c384b9c97b7f6841a4cb551b7ada937e2b
Instruction ID: 6e0e5d49813082e7f5e21cd3d4384c57c3fb79dc67adecc6b51616555f3d48e4
Opcode Fuzzy Hash: 6e316151948bf61b611362ce5e3e60c384b9c97b7f6841a4cb551b7ada937e2b
Instruction Fuzzy Hash: 2731B17140D3C06FD3128B658C55AA6BFB4EF47610F0985CBE8848F293D228A919CBA2

Uniqueness

Uniqueness Score: 0.11%

Function 00ED1262, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E38), ref: 00ED12F6

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: f87cd1e4c044c287fc8602beb6f4e4d433e36b4d3be5b77385a9b4ed8f589ebf
Instruction ID: a02c7aae200b5885e04021297abeada8ea46b3601f3262e75f7862a824b92c77
Opcode Fuzzy Hash: f87cd1e4c044c287fc8602beb6f4e4d433e36b4d3be5b77385a9b4ed8f589ebf
Instruction Fuzzy Hash: 36219172505340AFEB21CB60DC45FABFFACEF45314F04849AF9449B252D264E909CB61

Uniqueness

Uniqueness Score: 0.01%

Function 00ED2FE9, Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED307A

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 439e33a9fa9b46be6674fa693d2861ae67e46df986300604a601b08094cc2198
Instruction ID: f8d103cf39394dc870b85b868b897cdc7bc944bd133f6cfa8a10c537108ad565
Opcode Fuzzy Hash: 439e33a9fa9b46be6674fa693d2861ae67e46df986300604a601b08094cc2198
Instruction Fuzzy Hash: 9421B471505380AFE721CF60CC45FAABFBCEF56324F08849BE944DB252D664E949CB61

Uniqueness

Uniqueness Score: 2.12%

Function 00ED30E0, Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExW.KERNEL32(?,00000E38,?,?), ref: 00ED3186

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 5ff764b1255dd360dd2622bb0db1b0b683bd0943467ba8edf83fbb5884fcdf92
Instruction ID: 7d0e1fa0d7a5173bb4743c953e5f5d97d562a2f3907f314ebbe68fdcd2468a91
Opcode Fuzzy Hash: 5ff764b1255dd360dd2622bb0db1b0b683bd0943467ba8edf83fbb5884fcdf92
Instruction Fuzzy Hash: 0021B4715093C06FD712CB65CC55B66BFB8EF87214F0984DBE8848F293D624A919CBB2

Uniqueness

Uniqueness Score: 0.15%

Function 00ED080B, Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(?,00000E38,?,?), ref: 00ED08B6

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: 053b844371e10e2ddf87ab1fc5a4091fda1c0ae61b44c99981445c7f4c0ceec9
Instruction ID: 1be3cb8f7527fc21c01e4cf8a27d41088a4bc9f4af9058647b7cfea9a16eb441
Opcode Fuzzy Hash: 053b844371e10e2ddf87ab1fc5a4091fda1c0ae61b44c99981445c7f4c0ceec9
Instruction Fuzzy Hash: 3821717540E3C05FD3138B758C55B56BFB4EF87610F1A81CBD8848F6A3D225A919C7A2

Uniqueness

Uniqueness Score: 0.01%

Function 00ED16A7, Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,?,?), ref: 00ED174A

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a66e874e689ed18cbdc45b652f646a5e16d62c0878447c1ba09fc9c282588d88
Instruction ID: 66dc269555102426d3f033ed02b8822962d0df45afbbc23424c019805a1be91a
Opcode Fuzzy Hash: a66e874e689ed18cbdc45b652f646a5e16d62c0878447c1ba09fc9c282588d88
Instruction Fuzzy Hash: D821B57550A3C06FD3138B259C51B62BF74EF87610F0981CBE8848F653D225A919C7B2

Uniqueness

Uniqueness Score: 0.03%

Function 00ED3CCB, Relevance: 1.6, APIs: 1, Instructions: 78encryptionUNIQUE

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED3D52

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: f47c7570a3de11d1debbaa995d6b01459e63852083f8d2e3fc40612be06b5997
Instruction ID: 64df4f06327f27d9e7f1085817d3175ef5e84544089aea0fe05b397133008b43
Opcode Fuzzy Hash: f47c7570a3de11d1debbaa995d6b01459e63852083f8d2e3fc40612be06b5997
Instruction Fuzzy Hash: BA21B572105380AFEB11CF60DC45FA6FFB8EF46314F08849BE9449B252D264E545CB71

Uniqueness

Uniqueness Score: 100.00%

Function 00ED1190, Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E38,?,?), ref: 00ED1236

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 61caa6d942c78acd0f417c5b4d5d0e87e15ce1e274a212756a3f3ae2ac9d35a6
Instruction ID: f4abd87f87ae4710f99e3108534f3c53262bd51fa45194d21a35e526b2b4fcc7
Opcode Fuzzy Hash: 61caa6d942c78acd0f417c5b4d5d0e87e15ce1e274a212756a3f3ae2ac9d35a6
Instruction Fuzzy Hash: AD219F6540E3C06FC3138B768C65A11BFB4EF87610F1D80CFD8848F6A3D225A919C7A2

Uniqueness

Uniqueness Score: 0.05%

Function 00ED1F06, Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 00ED1F91

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: e8e932fb3dbcee6ceef4606159dca86a1c8530de10b4466eb47326b2ae832472
Instruction ID: 5dd673d69a9e66dd447775aadf01903826536b70c927aef8a53a8fffcef7c4e3
Opcode Fuzzy Hash: e8e932fb3dbcee6ceef4606159dca86a1c8530de10b4466eb47326b2ae832472
Instruction Fuzzy Hash: 6C2191B25093806FE711CB65CC45F66FFA8EF46214F0884AAE9449B342D375E904CB61

Uniqueness

Uniqueness Score: 0.68%

Function 00ED0A5A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 00ED0AD9

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 380fc3bfba7100691831687386ae16cfecec457c2c70292cecb050cb97cb13ad
Instruction ID: b260fb1f503c54bb2e5860abc1896f8d155106b4e9ce5cf2580ff7a740470c80
Opcode Fuzzy Hash: 380fc3bfba7100691831687386ae16cfecec457c2c70292cecb050cb97cb13ad
Instruction Fuzzy Hash: 8E21AE71500300AFEB20CFA5CD45BA6FBE8EF19314F08886AE9499B341D371E809CB71

Uniqueness

Uniqueness Score: 0.01%

Function 00ED0B30, Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED0BC5

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: d9d10bb4e6afee30a2b3ebbdeb30bad4b8edc83fddb74957676aea8414656a3c
Instruction ID: 67f00b14e0fbce5ffc423357f7571005d8c8d1a84adc168f54e265843133dcbb
Opcode Fuzzy Hash: d9d10bb4e6afee30a2b3ebbdeb30bad4b8edc83fddb74957676aea8414656a3c
Instruction Fuzzy Hash: 53210AB5408780AFE7128B159C45BA7BFBCEF57324F08859BE9848B253D264A905CB71

Uniqueness

Uniqueness Score: 0.11%

Function 0027BAF8, Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E38), ref: 0027BB93

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a7518a87b3978c994b6d55e1d057bcf772e219ef7fd39802f62456261d8bb29d
Instruction ID: 69a023d29a8bcbff2c4f37efdf0c7851c0b8f21b016f9f2165ba470d51979d4d
Opcode Fuzzy Hash: a7518a87b3978c994b6d55e1d057bcf772e219ef7fd39802f62456261d8bb29d
Instruction Fuzzy Hash: F621C571005380AFE722CF10CC45FA6BFB8EF46724F1884DAED849F192D269A949CB71

Uniqueness

Uniqueness Score: 0.02%

Function 00ED067D, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED0714

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 80d9088bedfb45015c7f093fe56aeade51488a50cdf93796423c02ebde68bc27
Instruction ID: cc98e5ca6e7da7407a05329ba078e8db1366a6303b57769703de544c120363dc
Opcode Fuzzy Hash: 80d9088bedfb45015c7f093fe56aeade51488a50cdf93796423c02ebde68bc27
Instruction Fuzzy Hash: 4F21BDB2504740AFE721CE10CC85F9BBFBCEF55324F08859BE9499B292D260E909CB71

Uniqueness

Uniqueness Score: 0.19%

Function 00ED29C2, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED2A4B

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 5ee99bea69a898699b41d7c79b6c19de319459f216d366020e53189a5f3c8448
Instruction ID: 674124078568115254d3c3e82083bdfd2ee76370dca5fd59b2c39685267cfe01
Opcode Fuzzy Hash: 5ee99bea69a898699b41d7c79b6c19de319459f216d366020e53189a5f3c8448
Instruction Fuzzy Hash: 7F21B671409384AFD712CB50CC45F9AFFB8EF56314F0885DBE944DF292D264A509C761

Uniqueness

Uniqueness Score: 0.45%

Function 0027ABB2, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E38), ref: 0027AC31

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 8c585498d693543648952e18983ce6a304f8a065ac5dbd5813a2f90ad2181f50
Instruction ID: 05a2ff25f5bd46494102480e4cd3fc660bb5233cd295338963d6de97aedc2daa
Opcode Fuzzy Hash: 8c585498d693543648952e18983ce6a304f8a065ac5dbd5813a2f90ad2181f50
Instruction Fuzzy Hash: 2D21D472500604BFEB21CF51DC85FABF7ACEF94724F04895BE905C6241D774E9188AB1

Uniqueness

Uniqueness Score: 0.01%

Function 00ED2C8E, Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED2D12

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 7a111d355523b908cf418e76968da60b1abce758de14cfd15a1246cb70e71f82
Instruction ID: cb79d8eb3d58534757f7898b1e451988f4f77be70be5af33004b041b513114b7
Opcode Fuzzy Hash: 7a111d355523b908cf418e76968da60b1abce758de14cfd15a1246cb70e71f82
Instruction Fuzzy Hash: 5421B072405340AFE721CB50CC44F9BFBBCEF56224F08899BEA44DB242D264E509CBB1

Uniqueness

Uniqueness Score: 0.67%

Function 00ED1282, Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E38), ref: 00ED12F6

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: a9aaf6d6372d12600355ea99c5897e4b8e08d6a326b917aea81678656b16e4d1
Instruction ID: 3c84e34cf431f7f7119bd592f113ae77bd1b6f435f14415048fe8c06100bd895
Opcode Fuzzy Hash: a9aaf6d6372d12600355ea99c5897e4b8e08d6a326b917aea81678656b16e4d1
Instruction Fuzzy Hash: 8521CD72500204BFEB20CFA1DC45FAAFBACEF55724F0488AAFD44DA245D771E9098A71

Uniqueness

Uniqueness Score: 0.01%

Function 00ED2D5C, Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED2DF1

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 73f1d0dfa135c30f8bacdac045e682c567c3564c069570f2ef5549c50aa80478
Instruction ID: e129ffe4a3f3ad5781666f1c157e6f0cb16776579af6d9b3a881632def93738e
Opcode Fuzzy Hash: 73f1d0dfa135c30f8bacdac045e682c567c3564c069570f2ef5549c50aa80478
Instruction Fuzzy Hash: AA21F871409780AFEB228F10DC45FA7FFB8EF56314F09849BE9859B253D264A509CB71

Uniqueness

Uniqueness Score: 0.71%

Function 00ED2ACE, Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED2B49

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: bddbb51c38009844f3933d9a212395dd1228e24efde462ff7f0a41bfacb81327
Instruction ID: 83b45a95a7be6b6fe39bdd63fe31a534b49ceded77b54560518f7dffaad2fe0a
Opcode Fuzzy Hash: bddbb51c38009844f3933d9a212395dd1228e24efde462ff7f0a41bfacb81327
Instruction Fuzzy Hash: 9B21AC71100604AFEB208F51CC84FA6FBECEF68324F04896BEA499B251D771E909CB61

Uniqueness

Uniqueness Score: 0.86%

Function 00ED22CA, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 00ED233D

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 8a22d43d052a066a0c093e35b3565da6fd4991cd4a005a7393797ce47afbb7a5
Instruction ID: f075bb0b55fe5dbe2ffbef58a3d4ee9471b04e4a05820a79457ea450d778bb52
Opcode Fuzzy Hash: 8a22d43d052a066a0c093e35b3565da6fd4991cd4a005a7393797ce47afbb7a5
Instruction Fuzzy Hash: 7121CF71500240AFEB20CF65CD85BAAFBE8EF15324F08886EE948DB341E375E905CA71

Uniqueness

Uniqueness Score: 0.03%

Function 00ED0CE2, Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED0D61

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 31ad1e832a6a18e9921cb1c1f7fe81d1542f18ab76d323f031daa6ced2fe77d9
Instruction ID: 528a46303b15ea6c043126a56aba92096575aa4261627a58e9b46a26a28125ac
Opcode Fuzzy Hash: 31ad1e832a6a18e9921cb1c1f7fe81d1542f18ab76d323f031daa6ced2fe77d9
Instruction Fuzzy Hash: 9321C272405340AFDB21CF50DC44F9BFFB8EF56324F08889BE9449B252D224A508CB71

Uniqueness

Uniqueness Score: 0.42%

Function 00ED2E2E, Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 00ED2EB2

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 06d3f936bb02b9a64835418765bd2c760ea05c42883063598e70a422e8165748
Instruction ID: a6d84e2098ed6c86c4befb36c4e48c2f7a53794226e9fd3b8b1538af1129ca57
Opcode Fuzzy Hash: 06d3f936bb02b9a64835418765bd2c760ea05c42883063598e70a422e8165748
Instruction Fuzzy Hash: 182190764097809FDB22CF60CC45A92BFB4EF17314F0984DFE9858B263D271A809CB61

Uniqueness

Uniqueness Score: 1.18%

Function 00ED138E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED1400

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 87467b93be3dd2b2cd7a8d9a0ebfd40ea099c297bedeb68d2bf06077088cd500
Instruction ID: 5511dec74866261a1ad77dbec4876d159d56a65a6a457b0ebed94a75902a296e
Opcode Fuzzy Hash: 87467b93be3dd2b2cd7a8d9a0ebfd40ea099c297bedeb68d2bf06077088cd500
Instruction Fuzzy Hash: 0221AE72100200AFEB20CF51DC84FAAB7ACEF54714F0489ABE905DB241E770E9498A71

Uniqueness

Uniqueness Score: 0.03%

Function 0027ACBA, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 0027AD34

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 7f828f8f374cdfdd0ee291e7298ab473404184a47a3daf4eab12b9d941da6b9d
Instruction ID: 43efd6311428af2c044cf868712a2356fb7952a766a386f4fda6b1f98d466c34
Opcode Fuzzy Hash: 7f828f8f374cdfdd0ee291e7298ab473404184a47a3daf4eab12b9d941da6b9d
Instruction Fuzzy Hash: A721CD72210200AFEB30CE55CC80FAAB7ACEF94720F04845AE909CB651D770E918CAB2

Uniqueness

Uniqueness Score: 0.03%

Function 00ED04EC, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,?,D6839D4A,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 00ED055F

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 7ecaf060b1b000c72dd7816b1acc76a84bbcc68e373eec67c35a9e6dbf023e0b
Instruction ID: 784b17dfbde9890fece85ff497f712d5ab4bf004b4792143a444789268462a90
Opcode Fuzzy Hash: 7ecaf060b1b000c72dd7816b1acc76a84bbcc68e373eec67c35a9e6dbf023e0b
Instruction Fuzzy Hash: 252192725093809FDB11CB65DC55B96BFA8EF06220F0984EBEC45DB252D224D945CB61

Uniqueness

Uniqueness Score: 0.03%

Function 00ED1F26, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 00ED1F91

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: fb84f33b990bc5b58f1d4e7cddef293bb6a5bacdb369e1c6d70d58927435650d
Instruction ID: 788ab7a272a9d08f1f558393382223800bd560fffa079b1c1ec9989f5ed8a429
Opcode Fuzzy Hash: fb84f33b990bc5b58f1d4e7cddef293bb6a5bacdb369e1c6d70d58927435650d
Instruction Fuzzy Hash: 5B21C671504340AFEB10CF55DC45BAAFBE8EF15314F0484AAED449B341D771E905CA71

Uniqueness

Uniqueness Score: 0.68%

Function 00ED2026, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 00ED209A

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 4f14348361a17e164de4d5076fa3b43c844b43ee1b9c1482e3c7461236526f52
Instruction ID: df23c8b60cf024873c0b60b4d15ad827a24eb7fe54869f4dfa78f7fe46847083
Opcode Fuzzy Hash: 4f14348361a17e164de4d5076fa3b43c844b43ee1b9c1482e3c7461236526f52
Instruction Fuzzy Hash: F021C372000204AFEB21CF55DC45F9AFBE8EF19324F04885EEA459B741D772E559CBA1

Uniqueness

Uniqueness Score: 0.53%

Function 00ED3016, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED307A

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: cd72c2a1bcd340b67e62fef0285cf57c7b4783c4c1f7a1922848ed41aa28d40a
Instruction ID: c8498b544337e3250b7cfe43079aea7487509ff5f566baf0e01cbe1ae63affc0
Opcode Fuzzy Hash: cd72c2a1bcd340b67e62fef0285cf57c7b4783c4c1f7a1922848ed41aa28d40a
Instruction Fuzzy Hash: 8411A271100204AFEB20CF65DC45FAAF7ACEF55324F04896AE905DB241D761E9498A72

Uniqueness

Uniqueness Score: 2.12%

Function 00ED196E, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 00ED19DA

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: b982fbc7732dea426053477e1262224007f21eec106cb982fa38125d5d43abcb
Instruction ID: c05374ba84e8823391fdbd9943d344565eff631bb4d7571090be0bad33353e93
Opcode Fuzzy Hash: b982fbc7732dea426053477e1262224007f21eec106cb982fa38125d5d43abcb
Instruction Fuzzy Hash: F421D171405200BFEB21CF91DD45BAAFBE8EF49324F0488AEE9459B351D371E418CB61

Uniqueness

Uniqueness Score: 0.66%

Function 00ED05B4, Relevance: 1.6, APIs: 1, Instructions: 66fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,?), ref: 00ED0622

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: b1b6bf4f2a07ad375febcbc8ceac4d24f101d5abddf34ff27327a4c5d169590b
Instruction ID: edee4e9e7c33e60fa86b2e0454220bac7a69dd974ac6785f96248c7850f60f5e
Opcode Fuzzy Hash: b1b6bf4f2a07ad375febcbc8ceac4d24f101d5abddf34ff27327a4c5d169590b
Instruction Fuzzy Hash: 682193B25053809FDB11CF65DC49B52BFE8EF56210F0C84ABE945DB652D264D814CB61

Uniqueness

Uniqueness Score: 0.26%

Function 00ED06A2, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED0714

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 8600dbdecef1f955f968b5ca251931ff233ccda2710528f42e2beb3311da750f
Instruction ID: 2035bd8b190fe0ec3d756107153c9aea1e2411896f014321b2748c2e8ae08d73
Opcode Fuzzy Hash: 8600dbdecef1f955f968b5ca251931ff233ccda2710528f42e2beb3311da750f
Instruction Fuzzy Hash: A711B172500700AFEB209E51CC45FABFBACEF55724F08855BE9459A341D760E905CAB1

Uniqueness

Uniqueness Score: 0.19%

Function 00ED1C8A, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED1CFC

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e37bcdb9a092c1fc33c7d2bb1d9487ebda97f8151cf2cd26d37b46765fb73480
Instruction ID: d3132fe79dbf3b8d66d508c1b30d62b0592f11ad6f2873b7790759f57d1c433b
Opcode Fuzzy Hash: e37bcdb9a092c1fc33c7d2bb1d9487ebda97f8151cf2cd26d37b46765fb73480
Instruction Fuzzy Hash: B211B172500604AFEB20CF51CC81FA7F7ECEF55724F04899AE9459B241E760E949CA71

Uniqueness

Uniqueness Score: 0.03%

Function 00ED075C, Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,D6839D4A,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 00ED07C4

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: e37e566f934352b928183cbd5979b8eb640ce28065f8d6df300f8ed3cc8822b7
Instruction ID: e6b84714f477d8a249ff30bbe1ebc3a320c2f33c220dde1fb59a7056f4daf2f7
Opcode Fuzzy Hash: e37e566f934352b928183cbd5979b8eb640ce28065f8d6df300f8ed3cc8822b7
Instruction Fuzzy Hash: E3219D725093809FDB12CB25DC55B52BFA8DF03224F0C80EBED84CF252D265E809CB61

Uniqueness

Uniqueness Score: 0.03%

Function 00ED00B8, Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 00ED0122

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 220b5fd7a66c03dd4ee48d66e33c40f9340c99b92fc0bd4ca43e2c5456ead609
Instruction ID: d3822ad67eca549801da7983d23374c1850a6f553e5044e80a19c7bb51a62424
Opcode Fuzzy Hash: 220b5fd7a66c03dd4ee48d66e33c40f9340c99b92fc0bd4ca43e2c5456ead609
Instruction Fuzzy Hash: F8116D725053809FDB61CF65DC89B57BFE8EF16320F0884AAE949DB252D264E808CB61

Uniqueness

Uniqueness Score: 0.02%

Function 00ED259A, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED25F9

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: c755a6c0662cb9508ae20953ca9b23ffc10bcb30ab882f75f21316b85560ec03
Instruction ID: 9d7a0b1bcc8ede90590dd2c1555555b5e67ed712579667ce9eee9b6a4aa2869c
Opcode Fuzzy Hash: c755a6c0662cb9508ae20953ca9b23ffc10bcb30ab882f75f21316b85560ec03
Instruction Fuzzy Hash: 1E110072100300AFEB208F91DC45FAAFBACEF65324F04886AEA059A241E770E4058BB1

Uniqueness

Uniqueness Score: 0.67%

Function 00ED1774, Relevance: 1.6, APIs: 1, Instructions: 64networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED17EC

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 4ca0029da7226591013270c317747a914d494b7c668c6a46f42c5a1bd5005534
Instruction ID: d5fe827cc1b7467d2182509f4f16d457d26944a014c38a52b328dcdacb5bbc53
Opcode Fuzzy Hash: 4ca0029da7226591013270c317747a914d494b7c668c6a46f42c5a1bd5005534
Instruction Fuzzy Hash: 2711D371405384AFE712CF51DC45F9AFFBCEF46324F0884DBE9449B292D264A949CBA2

Uniqueness

Uniqueness Score: 0.80%

Function 00ED3CF6, Relevance: 1.6, APIs: 1, Instructions: 63encryptionUNIQUE

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED3D52

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: a411d83d52cf8773626079c991dbf06dc27369c9be2ca2753456df432ced8d08
Instruction ID: e27dd03105c2a162cceda742d9e01975fdedf2adaf8b151c2ec06a8fa467ac66
Opcode Fuzzy Hash: a411d83d52cf8773626079c991dbf06dc27369c9be2ca2753456df432ced8d08
Instruction Fuzzy Hash: 9B11D072100200AFEB208F65DC45BAAFBACEF55324F18886BED059A241D770EA058E72

Uniqueness

Uniqueness Score: 100.00%

Function 00ED2CAE, Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED2D12

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 9b93c33d780af492b778671cc98e5a9a47cf13671fa7f69680f1a1b2f0ab61f2
Instruction ID: 36df22eac6c391e8ac32c954e59eb6935ba49da6e56f92ddd290a17b8feaa9b2
Opcode Fuzzy Hash: 9b93c33d780af492b778671cc98e5a9a47cf13671fa7f69680f1a1b2f0ab61f2
Instruction Fuzzy Hash: 2611B272400204AEEB21CF91CC85F9AF7ACEF65324F04896BEA05DB245E774E5058AB1

Uniqueness

Uniqueness Score: 0.67%

Function 00ED2F2E, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED2F8A

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 6f7df04f7b3368c96815da3c0d7bf4f2edd7e3dcfeeb19150628203afffe7231
Instruction ID: 870e33090ab6438f6fbd1cf09da28eba9d35e47c862b3c05e30f194d3bb44a83
Opcode Fuzzy Hash: 6f7df04f7b3368c96815da3c0d7bf4f2edd7e3dcfeeb19150628203afffe7231
Instruction Fuzzy Hash: 7311B672500200AFEB108F55DC45BAAF7ACEF55324F04896BE905DB245D771E5458B71

Uniqueness

Uniqueness Score: 0.70%

Function 0027ADA3, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000E38,?,?), ref: 0027AE26

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: f09a2aabf692e83301f327847ab1011dc97897eb7bc5412462d7d13755c31c34
Instruction ID: 5329637d380986d58cfbc80cafc2feb8fb81ab796d6deb69f97a74dc20569d47
Opcode Fuzzy Hash: f09a2aabf692e83301f327847ab1011dc97897eb7bc5412462d7d13755c31c34
Instruction Fuzzy Hash: E011D3715057406FD311CF15DC42F62BFB8EF86A20F18819AEC488B642D225BA29CBE2

Uniqueness

Uniqueness Score: 0.73%

Function 0027A1F4, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,D6839D4A,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 0027A26C

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 2a192fa793becd139e7075b92ec501a120980f5a77ba3356e2a3a50691f828ca
Instruction ID: bed9a56a50b42e0b08d060acd6fdabbf29f3608c775db62ed60a5d2f62c074e9
Opcode Fuzzy Hash: 2a192fa793becd139e7075b92ec501a120980f5a77ba3356e2a3a50691f828ca
Instruction Fuzzy Hash: A521607540E7C05FD7138B25CC55652BFB4AF57220F0E84DBD9848F263D2699908CB72

Uniqueness

Uniqueness Score: 0.01%

Function 0027AAC7, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNEL32(?,?,?,?,?,?,?), ref: 0027AB32

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5c0cfd0effd0489da97eea24b6eb55f362340ef7698de127961601ce6fae9996
Instruction ID: 56ba87365c35ab2339f085d81e4b3e1645cd7be5b6d0ece360752a215059d02c
Opcode Fuzzy Hash: 5c0cfd0effd0489da97eea24b6eb55f362340ef7698de127961601ce6fae9996
Instruction Fuzzy Hash: 64118472409780AFDB228F54DC44A62FFF4EF5A324F0884DAFD898B652D375A418DB61

Uniqueness

Uniqueness Score: 0.23%

Function 00ED0D02, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED0D61

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 2c590ee54a49e8e0456f65247e0c16b9424be3878951241838aed697bcd7cb4e
Instruction ID: 8aa584ec570a671f84429f9683589610493927c5e356595d4279e7516a737092
Opcode Fuzzy Hash: 2c590ee54a49e8e0456f65247e0c16b9424be3878951241838aed697bcd7cb4e
Instruction Fuzzy Hash: 4C11C472400600AFEB21CF91DC45F9AFBACEF55324F08895BE9459B245D771E509CBB1

Uniqueness

Uniqueness Score: 0.42%

Function 0027A4DA, Relevance: 1.6, APIs: 1, Instructions: 60comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?,00000E38,?,?), ref: 0027A552

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: 74e6c36c77890706688e5dfe33ea8cb9cec44a2a424d0e29d301f98f0e96eb08
Instruction ID: 94a542595db269ab79b983cec71dcc2cf8d723d27cb0349479c1e51bd3760937
Opcode Fuzzy Hash: 74e6c36c77890706688e5dfe33ea8cb9cec44a2a424d0e29d301f98f0e96eb08
Instruction Fuzzy Hash: C911B6755093806FD311CB55CC55F66BFB8EF86610F09819AE8444B652D224B919CBA2

Uniqueness

Uniqueness Score: 6.84%

Function 00ED145A, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?,D6839D4A,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 00ED14B8

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 128952538e7fd3a194664cde27a35f6b214886789d40f4407035c7a411e8d5ae
Instruction ID: b88b4c77889f9078db69df1da16fca5531464518a45fe10e27c703223a2ce7fd
Opcode Fuzzy Hash: 128952538e7fd3a194664cde27a35f6b214886789d40f4407035c7a411e8d5ae
Instruction Fuzzy Hash: DA1190715093C0AFDB128B65DC45B52BFB4EF07320F0884EBED858F262D235A808CB61

Uniqueness

Uniqueness Score: 0.62%

Function 00ED29F2, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED2A4B

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: b842b28bd1fddfcf379a2dfb171ae2b19604e678ec4df79b4a3541fb4af6c7cf
Instruction ID: b2e209d1f7ed1174161791c60c0baf7e88ffb80b1b448aed7bac7a381f0d0bf2
Opcode Fuzzy Hash: b842b28bd1fddfcf379a2dfb171ae2b19604e678ec4df79b4a3541fb4af6c7cf
Instruction Fuzzy Hash: 7B11E372400204AFEB20CF51CC45FAAFBACEF65324F04896BEA089B245D774E505CAB1

Uniqueness

Uniqueness Score: 0.45%

Function 00ED2D92, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED2DF1

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: bf52acf7928ebe2b532678b51fd47c6361393c0d3253f3a724cd5b17a33c076e
Instruction ID: e173319ba352ce915e26aca8e553bb944551a6d4a5092f783356b00902889288
Opcode Fuzzy Hash: bf52acf7928ebe2b532678b51fd47c6361393c0d3253f3a724cd5b17a33c076e
Instruction Fuzzy Hash: A511E031000600AFEB218F41DC81FAAFBA8EF65324F04895BEE459A241D371E509CAB1

Uniqueness

Uniqueness Score: 0.71%

Function 0027BB2A, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E38), ref: 0027BB93

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 77aca04382b261cf64f4ae0ae4fdb4c14d8ddeb54a3a25747355882d9f033c1a
Instruction ID: 361f0a1f941841ff5e30715d6e40e7a579611a6468812148d1ffcea20497ab5a
Opcode Fuzzy Hash: 77aca04382b261cf64f4ae0ae4fdb4c14d8ddeb54a3a25747355882d9f033c1a
Instruction Fuzzy Hash: A8112531510204AFEB21CF01DC85FAAFBACDF45724F14C45AFD489A285D3B5A948CAA1

Uniqueness

Uniqueness Score: 0.02%

Function 0027A078, Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 0027A0D5

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: f65841ab3dca8391f9fee03484bc308f33761ac5a3798528fcb9b55387ae0946
Instruction ID: 8bc182b216390b8ad9d4f4ac8bd53a9a7e2aacd133de7c1c581a504fb69fe23f
Opcode Fuzzy Hash: f65841ab3dca8391f9fee03484bc308f33761ac5a3798528fcb9b55387ae0946
Instruction Fuzzy Hash: 9811C172409380AFDB22CF54DC45B56FFB4EF56224F08C4DAED888B252D275A818CB62

Uniqueness

Uniqueness Score: 0.03%

Function 00ED00DA, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 00ED0122

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 790dc479512bb471d4be9bf7af8d6294ed600d379c6a832c383cb79a22cce7c4
Instruction ID: 1573d4abcf23acb8024a98fcdeb424e080588ae26f4902f4da198dce687a7b29
Opcode Fuzzy Hash: 790dc479512bb471d4be9bf7af8d6294ed600d379c6a832c383cb79a22cce7c4
Instruction Fuzzy Hash: 4E1182726013409FEB50CF55DC85756FBE8EF15324F08846BEC09DB341D671D804CA61

Uniqueness

Uniqueness Score: 0.02%

Function 00ED05DA, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNEL32(?,?,?), ref: 00ED0622

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 790dc479512bb471d4be9bf7af8d6294ed600d379c6a832c383cb79a22cce7c4
Instruction ID: 3152a96f621a40c3d82ac5ea96d76f9c9f5d08ad16d6cb48c704c040969dfbbc
Opcode Fuzzy Hash: 790dc479512bb471d4be9bf7af8d6294ed600d379c6a832c383cb79a22cce7c4
Instruction Fuzzy Hash: 87118EB26003409FEB60CF69D885B56FBD8EF55324F0C84ABEC19DB741E671E814CA62

Uniqueness

Uniqueness Score: 0.26%

Function 00ED1796, Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED17EC

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: a832ab56cc5836eebbb09df318b3b7bfe6f8ad0a45e9afcdc97ebb7afa12d9e7
Instruction ID: 776a43d75b6017661176443c8482aadb16ef751bd4d8fa08107219bd342e59d6
Opcode Fuzzy Hash: a832ab56cc5836eebbb09df318b3b7bfe6f8ad0a45e9afcdc97ebb7afa12d9e7
Instruction Fuzzy Hash: DB010431400244BEEB10CF41DC85FAAFBACEF55324F048497ED049B241D774E545CAB1

Uniqueness

Uniqueness Score: 0.80%

Function 00ED0974, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(?,D6839D4A,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 00ED09C8

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 33ec6b502664e803d63842bcf9f919078e5646194d718a19b194d7b5c227c719
Instruction ID: edfa00e04c489b798d5bd6029d6d62d1ee6d70279a7c54151153023f339f5626
Opcode Fuzzy Hash: 33ec6b502664e803d63842bcf9f919078e5646194d718a19b194d7b5c227c719
Instruction Fuzzy Hash: F011CE725093C09FDB128F25DC99B52BFA4DF53220F0880EBED858B253D264A948CB62

Uniqueness

Uniqueness Score: 0.09%

Function 00ED0B72, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E38,D6839D4A,00000000,00000000,00000000,00000000), ref: 00ED0BC5

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 0c6522666f9e5e65c9165960a090d54bf95124f123fb6757fc5a5d71f47ce2b9
Instruction ID: 59490a2bb0db5d50b8e3fd1295cc067591a344f9b18c18c507799139ecee9980
Opcode Fuzzy Hash: 0c6522666f9e5e65c9165960a090d54bf95124f123fb6757fc5a5d71f47ce2b9
Instruction Fuzzy Hash: 3B010031004200AFEB108F41DC85BAAFBACEF95328F088497ED059B241D775E9098AB1

Uniqueness

Uniqueness Score: 0.11%

Function 00ED051A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,?,D6839D4A,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 00ED055F

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 9c194a63052d1b2b87e916ed13ea20fda37f508d1a964a4bcc9f56da44c74b29
Instruction ID: 5776a5c22f29edd342bee9bb2b27eea73327323c721a9af6a28f8222ecd7108f
Opcode Fuzzy Hash: 9c194a63052d1b2b87e916ed13ea20fda37f508d1a964a4bcc9f56da44c74b29
Instruction Fuzzy Hash: 96118E716002409FEF60CF59E885BA6BBD8EF05224F0C84ABEC09DB341E674E905CF61

Uniqueness

Uniqueness Score: 0.03%

Function 00ED2E66, Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 00ED2EB2

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 24bcfe7cae6057518afc56a6f255c7c1394b8bb868f2c08f92e116fd660b540f
Instruction ID: 45a71bec2e63761b3adbced1c239d9b58d12494375f8a4ce7511f663e59ad826
Opcode Fuzzy Hash: 24bcfe7cae6057518afc56a6f255c7c1394b8bb868f2c08f92e116fd660b540f
Instruction Fuzzy Hash: A8119E31400604AFDB21CF55C844B56FBE4EF19310F0885ABEE459B211D332E418DB61

Uniqueness

Uniqueness Score: 1.18%

Function 00ED2C06, Relevance: 1.5, APIs: 1, Instructions: 47encryptionCOMMON

Download Yara Rule

APIs

CertGetCertificateChain.CRYPT32(?,00000E38,?,?), ref: 00ED2C56

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CertCertificateChain
String ID:
API String ID: 3019455780-0
Opcode ID: c692c3688cc900527e87099cc78bb65c30cb2de15c86131c7bbfa07a0695253c
Instruction ID: 31379f55be20df41a4a071ee666145a1bbb0cf88ba956d82246ae98051f85f61
Opcode Fuzzy Hash: c692c3688cc900527e87099cc78bb65c30cb2de15c86131c7bbfa07a0695253c
Instruction Fuzzy Hash: 0401B172900200AFD350DF16DC46B66FBA8FF89A20F14855AED088B741D731F515CBE1

Uniqueness

Uniqueness Score: 16.53%

Function 00ED078A, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,D6839D4A,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 00ED07C4

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 96876b1fe110c0a6de2a8ccef8d5c14c4858596666d78815f2d8016c1e0487d3
Instruction ID: e8683396bc5a871072cdf16e5216b8378148547cf859d5ff2ded8cd417c5f376
Opcode Fuzzy Hash: 96876b1fe110c0a6de2a8ccef8d5c14c4858596666d78815f2d8016c1e0487d3
Instruction Fuzzy Hash: E9019E726003409FEB10DF69D8897A6BB98EF11224F0884ABEC09DF346D675E844CEA1

Uniqueness

Uniqueness Score: 0.03%

Function 00ED3136, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExW.KERNEL32(?,00000E38,?,?), ref: 00ED3186

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 83209b2c9b94e9da92460078430142904dffe904ac384a10edae58a19ee951c5
Instruction ID: 4116fb5b479d2dfc34fcd31f6e8f03a0d6ced627d5aaa4ae66a72052e3162400
Opcode Fuzzy Hash: 83209b2c9b94e9da92460078430142904dffe904ac384a10edae58a19ee951c5
Instruction Fuzzy Hash: F401B172900200AFD310CF16DC46B66FBA8FF89A20F14855AED088B741D731F515CAE1

Uniqueness

Uniqueness Score: 0.15%

Function 0027A172, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E38,?,?), ref: 0027A1C2

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: acdf95dd992c7e94074fab8eefa451a3c00b9768e0d4b67e5e6347953cbc727f
Instruction ID: 6fb5a465df5f1bcd87c487aa434679fb13a8e7a2bd58ca270c8e366c6c82da8f
Opcode Fuzzy Hash: acdf95dd992c7e94074fab8eefa451a3c00b9768e0d4b67e5e6347953cbc727f
Instruction Fuzzy Hash: 7701D472900200AFD710CF16DC46B66FBA8FF89A20F14855AED088B741D735F515CBE1

Uniqueness

Uniqueness Score: 0.11%

Function 0027AAEE, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNEL32(?,?,?,?,?,?,?), ref: 0027AB32

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 24693d360de3055f116e9a30d0938a8528b642928e94e3a7ea143180681c76f2
Instruction ID: 4eab3e4c7a1984fa5ba60f25ed21707153ef41d4e71516cdbf368bf6ff8fa47b
Opcode Fuzzy Hash: 24693d360de3055f116e9a30d0938a8528b642928e94e3a7ea143180681c76f2
Instruction Fuzzy Hash: 3E01CB32410700AFDF208F95C884B56FBA0EF69324F08C8AAED494A211C372E428CB62

Uniqueness

Uniqueness Score: 0.23%

Function 00ED16FA, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E38,?,?), ref: 00ED174A

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 454ce426a69c4fdd776cbfd0f819fabd6019aff0dbed9f5c1457eba3e083a8af
Instruction ID: df15e47c6b03a7edee14ef732307af75b225cb071179d0b9d7d6c6b12e52e7e8
Opcode Fuzzy Hash: 454ce426a69c4fdd776cbfd0f819fabd6019aff0dbed9f5c1457eba3e083a8af
Instruction Fuzzy Hash: CF01A271900600ABD250CF16DC46B66FBA8FF89B20F14815AED084B741D771F565CAE6

Uniqueness

Uniqueness Score: 0.03%

Function 00ED1486, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?,D6839D4A,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 00ED14B8

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 7fe65e43b5e7b32f31689505e8a9a7965520ef8200e0d539cbc9b89069ef137e
Instruction ID: 47940a59cc88303a1d25a774e410f8ff73adcaf77bb5f4056705a13555f7c597
Opcode Fuzzy Hash: 7fe65e43b5e7b32f31689505e8a9a7965520ef8200e0d539cbc9b89069ef137e
Instruction Fuzzy Hash: C501DF71500280AFEF108F59D8857A6FBA8EF11324F08C4EBEC098B306D275E848CAA1

Uniqueness

Uniqueness Score: 0.62%

Function 00ED0866, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(?,00000E38,?,?), ref: 00ED08B6

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: edbdc4b4349fc9b0744c8a5d4cf0b8cf1dee709103f6cb516eedca95b38f3730
Instruction ID: b6d15b120196ea0011dc12c3265e9e0afce9ecdaa2efe3d4c417d81a19a459b8
Opcode Fuzzy Hash: edbdc4b4349fc9b0744c8a5d4cf0b8cf1dee709103f6cb516eedca95b38f3730
Instruction Fuzzy Hash: FE01A271900600ABD250CF16DC46F66FBA8FF89B20F14815AED084B741D731F565CAE6

Uniqueness

Uniqueness Score: 0.01%

Function 00ED11E6, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.KERNEL32(?,00000E38,?,?), ref: 00ED1236

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 4443e8a2d87b6c69daccdfa166ac248fe27d9ab55c0dbdbc0d118e2bac5f00f1
Instruction ID: 88fe7144ace2a97807a52c24a36d00f5b744bb186cc0ce920cf61e5752d11152
Opcode Fuzzy Hash: 4443e8a2d87b6c69daccdfa166ac248fe27d9ab55c0dbdbc0d118e2bac5f00f1
Instruction Fuzzy Hash: D701A271900600ABD250DF16DC46B66FBA8FF89B20F14815AED084B741D731F565CBE6

Uniqueness

Uniqueness Score: 0.05%

Function 0027A502, Relevance: 1.5, APIs: 1, Instructions: 43comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?,00000E38,?,?), ref: 0027A552

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: 2996f488a4df2819bdf28920e0160e605ab47b5bf1df2a9dfbdc68be7f0b9401
Instruction ID: 606250340af48cdde21d59fa704654dd46a4d44ca000f8ea92c51b526406dc57
Opcode Fuzzy Hash: 2996f488a4df2819bdf28920e0160e605ab47b5bf1df2a9dfbdc68be7f0b9401
Instruction Fuzzy Hash: 3A01A271900600ABD250CF16DC46B66FBA8FF89A20F14815AED084B741D735F555CAE6

Uniqueness

Uniqueness Score: 6.84%

Function 0027ADD6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SetWindowsHookExW.USER32(?,00000E38,?,?), ref: 0027AE26

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 176189e423a9543c7e86f966941913ca884f0672c1335d3d90811ab70bd7616a
Instruction ID: 661b056ee06f09150dd68d68e2cf6bb4545c3e7031d678041b7d629f9179cfe4
Opcode Fuzzy Hash: 176189e423a9543c7e86f966941913ca884f0672c1335d3d90811ab70bd7616a
Instruction Fuzzy Hash: A601A271900600ABD250DF16DC46B66FBA8FF89B20F14815AED084B741D731F565CBE6

Uniqueness

Uniqueness Score: 0.73%

Function 00ED0996, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNEL32(?,D6839D4A,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 00ED09C8

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: efa5afedc7e0f6d431013390da20d9640d0f32ea10a8cdd9d5d451882de9195d
Instruction ID: 4f5cc32f541e1472ceb31bb0d96369d48dae88bb7b883f0504958fa8431deb22
Opcode Fuzzy Hash: efa5afedc7e0f6d431013390da20d9640d0f32ea10a8cdd9d5d451882de9195d
Instruction Fuzzy Hash: 3E01D1355007409FEF108F1AD8857A5FF94EF92324F0CC0ABDD499B352D275E849CAA2

Uniqueness

Uniqueness Score: 0.09%

Function 0027A7B6, Relevance: 1.5, APIs: 1, Instructions: 39clipboardCOMMON

Download Yara Rule

APIs

SetClipboardViewer.USER32(?), ref: 0027A7E8

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: ClipboardViewer
String ID:
API String ID: 1084444317-0
Opcode ID: 70c9c0aafc93e15bbcc953c1cb5e743c4a15aa4c0e8eb8a7dd7f385944bf4455
Instruction ID: 96f4ac0f254521a6f11f4ce4448a2b7fdcc678307965fc2f7b39a41b22af01e8
Opcode Fuzzy Hash: 70c9c0aafc93e15bbcc953c1cb5e743c4a15aa4c0e8eb8a7dd7f385944bf4455
Instruction Fuzzy Hash: B001A2714142409FEF10CF55D885759FBA4EF55330F08C4AADD098F306D375A814CAA3

Uniqueness

Uniqueness Score: 5.54%

Function 0027A23A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,D6839D4A,00000000,?,?,?,?,?,?,?,?,6E923C58), ref: 0027A26C

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: f6e0bc33f4546bf67c492e6181790a1e050dd67954122fc7fbf57dc44613d997
Instruction ID: 1173ced1c7745a352b7666fdd58cf5304ee7b0174d18b4c8eda77d45b5d05f5f
Opcode Fuzzy Hash: f6e0bc33f4546bf67c492e6181790a1e050dd67954122fc7fbf57dc44613d997
Instruction Fuzzy Hash: 14F0AF354247449FEB108F05D885765FBA4EFA6730F08C0AADD094B316D3B6E958CAA3

Uniqueness

Uniqueness Score: 0.01%

Function 00EF25B8, Relevance: 1.4, Strings: 1, Instructions: 169UNIQUE

Download Yara Rule

Strings

\d8, xrefs: 00EF25BF

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: \d8
API String ID: 0-3010730235
Opcode ID: 1a8159bb1a570fb4702d736495ee666fcd4230a2b20ace7967496ee37343694a
Instruction ID: ea868d9306ddb17c4074a8b2db22eb8bb4415813627715be4c2b313db4c279c1
Opcode Fuzzy Hash: 1a8159bb1a570fb4702d736495ee666fcd4230a2b20ace7967496ee37343694a
Instruction Fuzzy Hash: FA511531A082858FCB04EB78D8502EE7BB29F99314B1548BFD246EB391DB359C55C7A2

Uniqueness

Uniqueness Score: 100.00%

Function 01090FB1, Relevance: 1.3, Strings: 1, Instructions: 74UNIQUE

Download Yara Rule

Strings

E$:9, xrefs: 01091042

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: E$:9
API String ID: 0-3362180958
Opcode ID: 4713b334bd8a7147a7839910aeada5244b54e83d0aa57901b1d650fb992d1616
Instruction ID: df65a2210b9c624217b8c1a0c15b8c89bafa33f22425a82c39d31d92bd419a2d
Opcode Fuzzy Hash: 4713b334bd8a7147a7839910aeada5244b54e83d0aa57901b1d650fb992d1616
Instruction Fuzzy Hash: 45212670B001569FCB44CF78C860BAFBAE9EBC4310F14807AE489DB651D776DD118790

Uniqueness

Uniqueness Score: 100.00%

Function 01090FC0, Relevance: 1.3, Strings: 1, Instructions: 72UNIQUE

Download Yara Rule

Strings

E$:9, xrefs: 01091042

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: E$:9
API String ID: 0-3362180958
Opcode ID: 20848082d971b027a5776e10e5d57b7b3374ddfd7e7cfce97c2e5e2a8929dfbe
Instruction ID: 618226c8da33141252149d2f81983a3dd68240ed71911aa3f7e4ee341d0bac4b
Opcode Fuzzy Hash: 20848082d971b027a5776e10e5d57b7b3374ddfd7e7cfce97c2e5e2a8929dfbe
Instruction Fuzzy Hash: 94210570F101828FCF44DFBCD8607AEBAEAAB84614F148076E549DB650EF72D9048791

Uniqueness

Uniqueness Score: 100.00%

Function 00ED038C, Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 00ED03F8

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 683d0fe7612064837fe283f82c903f1d9676c01f4f0f1dc438c34a55583b13bd
Instruction ID: a9bccbe685efa362b6c9d2f3cefcd8e4bf26b83d454b64b2be2bfa129134c6ad
Opcode Fuzzy Hash: 683d0fe7612064837fe283f82c903f1d9676c01f4f0f1dc438c34a55583b13bd
Instruction Fuzzy Hash: 8F219F725093C05FDB028B25DC55A92BFA4AF17324F0980DAE9858F663D2649908CB61

Uniqueness

Uniqueness Score: 0.03%

Function 0027B23D, Relevance: 1.3, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 0027B2AC

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: f322ef678a1563000cad11be35a4ad0e4584f3f053b0c55af2c1cb4494904a55
Instruction ID: 0f5c0e6824050908184576bb71b44d5043c137acaa12e0ce3fe21e3f5677dd70
Opcode Fuzzy Hash: f322ef678a1563000cad11be35a4ad0e4584f3f053b0c55af2c1cb4494904a55
Instruction Fuzzy Hash: A221A1755093C09FDB128F65C849756BFB4EF03224F0880EBEC858F653D2659908CB61

Uniqueness

Uniqueness Score: 0.03%

Function 00ED03C6, Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 00ED03F8

Memory Dump Source

Source File: 00000007.00000002.594112758.00ED0000.00000040.00000001.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ed0000_NEW_INVOICE.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 6c9cf0f4e773748aef2295a3126ef5d9376f2b22f4ef2bb222f74cc4e0dddb4a
Instruction ID: c08e421cb85b646937c9a9943645a956dc36068e2abefa31fe2e28626170d2b6
Opcode Fuzzy Hash: 6c9cf0f4e773748aef2295a3126ef5d9376f2b22f4ef2bb222f74cc4e0dddb4a
Instruction Fuzzy Hash: 3101DF725003409FDB10CF59D885B96FBA8EF51324F08C4ABED098B346D271E858CAA2

Uniqueness

Uniqueness Score: 0.03%

Function 0027B27A, Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 0027B2AC

Memory Dump Source

Source File: 00000007.00000002.592153704.0027A000.00000040.00000001.sdmp, Offset: 0027A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27a000_NEW_INVOICE.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: e3157ad681e2f93aaefc0a49803f2c1c1265e3172c8ef6644b61d03d54812460
Instruction ID: 3116c20d54c12051599b5bd3229ae70795eaba08effeb2dc9154e438e42d2726
Opcode Fuzzy Hash: e3157ad681e2f93aaefc0a49803f2c1c1265e3172c8ef6644b61d03d54812460
Instruction Fuzzy Hash: A901DF755113409FEB118F56D88976AFB98EF12320F08C4AAEC098B306D775E818CAA1

Uniqueness

Uniqueness Score: 0.03%

Function 01090BB3, Relevance: 1.3, Strings: 1, Instructions: 34UNIQUE

Download Yara Rule

Strings

5<U, xrefs: 01090BCF

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID: 5<U
API String ID: 0-2345730039
Opcode ID: 012361a594635fea9cc838ce22a2eaa5cc7783d002826c69154c7f57fa1da7cf
Instruction ID: 08b6ccd310a4eaec9de5e3ae9b0c6458e84f2ded067fc365242c9d751fa4caac
Opcode Fuzzy Hash: 012361a594635fea9cc838ce22a2eaa5cc7783d002826c69154c7f57fa1da7cf
Instruction Fuzzy Hash: 63F0B479314169DBDF208E1988613AC31EB6BC4205F69C42AB5C596189D23CCA85FF91

Uniqueness

Uniqueness Score: 100.00%

Function 00EFDEB8, Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5736ce8c0d1674b1ad007a9c70167b2dc4da5179f3e0bbb11a3669f893d7b0a
Instruction ID: a30ef7b6a35bfca9727059c828468ec078b2631f65b64bb8c055448c5c0e4f0e
Opcode Fuzzy Hash: c5736ce8c0d1674b1ad007a9c70167b2dc4da5179f3e0bbb11a3669f893d7b0a
Instruction Fuzzy Hash: 0461E334B111089FCB04EBA5DC815BDB7A2EFD8304B50893AE906E73A4DF34DC569B91

Uniqueness

Uniqueness Score: 0.00%

Function 00EFDEC8, Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8071ae7cca00306208865b2fba459eaa45cfb64075389ad6d79b58d6dc1f3032
Instruction ID: fab5553047aa39eec48dd6a10add3e6e77e72d4183a88d28881de820b86f827e
Opcode Fuzzy Hash: 8071ae7cca00306208865b2fba459eaa45cfb64075389ad6d79b58d6dc1f3032
Instruction Fuzzy Hash: 1461E734B11108CFCB04EBB5D8415ADB7A2EFD8314B50893AE906E73A4DF34EC569B91

Uniqueness

Uniqueness Score: 0.00%

Function 00EFD7D8, Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da8471f09aaf467ecea74b4b76bf3204a543944dd0cdee842035174bf72b03e4
Instruction ID: 4fb6dca87c611e6699c7e77d75ab95cae7906b5301175b294383307d4ac0aed4
Opcode Fuzzy Hash: da8471f09aaf467ecea74b4b76bf3204a543944dd0cdee842035174bf72b03e4
Instruction Fuzzy Hash: 5051AF30E082488BDB18DBB8D8413BD7AE7ABC8314F249439E509FB290DBB58C44CB55

Uniqueness

Uniqueness Score: 0.00%

Function 00EF38F0, Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 217564f2df3662ddec53e51fd9110d5b5e1f17ff7c0e3e6533eddca0c464e011
Instruction ID: b2949498f6a0068e2d1d200bc71a8bab252037f2b6ee6149372a4b368b22b08f
Opcode Fuzzy Hash: 217564f2df3662ddec53e51fd9110d5b5e1f17ff7c0e3e6533eddca0c464e011
Instruction Fuzzy Hash: 0951AC71B102098FCB48DBB8C8401EEB7E6AFD5208B50457AC10AEB364EB758D52CB81

Uniqueness

Uniqueness Score: 0.00%

Function 00EFD7C8, Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe3e8ce1cb53ee7e3f8f8a5fbf8bdc95f5936ddac2144abaa5d088a7c2c04575
Instruction ID: b936d7ffbd1aae975f95346f690570fe736c695acd6981cb69b921a33df2fb87
Opcode Fuzzy Hash: fe3e8ce1cb53ee7e3f8f8a5fbf8bdc95f5936ddac2144abaa5d088a7c2c04575
Instruction Fuzzy Hash: 4E41A030E082489FDB14DBB8E8547AD7AF3ABC5314F24942AE509BB291DBB58C44CB54

Uniqueness

Uniqueness Score: 0.00%

Function 00EF4AC8, Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9ed76ae69da89584d95b6f2c324ea289e3244e71a0e376acc6c3ff12547282d
Instruction ID: 59861495a24119773749ee66d88119c9c0941b27d71dfa2abe03ee5f94110eed
Opcode Fuzzy Hash: e9ed76ae69da89584d95b6f2c324ea289e3244e71a0e376acc6c3ff12547282d
Instruction Fuzzy Hash: 044128B1B002088BDB08DAB988507BEB6E6AB88304F60543AE705FB3D1EF38CC118755

Uniqueness

Uniqueness Score: 0.00%

Function 00EFC0BC, Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 573d0a8504e008235e971f6b6f527fb91312c8cd10ed79d4c567a222617debaf
Instruction ID: 6c38aa1456c5e9a872ccc4deee4912368f697d3e8f039ad9352bf3b994a44422
Opcode Fuzzy Hash: 573d0a8504e008235e971f6b6f527fb91312c8cd10ed79d4c567a222617debaf
Instruction Fuzzy Hash: 86415E70A0010ECB8B08CBA8D6918BDB7B2FF993447359526D615EB760DB35EC928B91

Uniqueness

Uniqueness Score: 0.00%

Function 00EFED98, Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e6bb1e9417068bb75f4de27489f63ffba301b5a044543763678634ba56320e
Instruction ID: 50ea00cef767092a49ca51755e2629d5b61b6fede7f3955a513663736a62610b
Opcode Fuzzy Hash: c1e6bb1e9417068bb75f4de27489f63ffba301b5a044543763678634ba56320e
Instruction Fuzzy Hash: 5E418F34A10208CFDB54CFA4C9909ADBBB6FF99314F158569D509EB365DB34EC52CB80

Uniqueness

Uniqueness Score: 0.00%

Function 00EFEDA8, Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2151df99feaff8ac064c51df4c60d814f9ed8fda9b87eda3fd5551367d9b0e2b
Instruction ID: bca162f482bfc7eda6ea53810982987bdf47d087a0177ff0d090a027d515d2ff
Opcode Fuzzy Hash: 2151df99feaff8ac064c51df4c60d814f9ed8fda9b87eda3fd5551367d9b0e2b
Instruction Fuzzy Hash: 75416A34A10209CFDB14CFA8D9909ADFBB6FF99314F148566D609AB364DB30EC52CB80

Uniqueness

Uniqueness Score: 0.00%

Function 00EC00AD, Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594100131.00EC0000.00000040.00000001.sdmp, Offset: 00EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ec0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c2360715119917e2172ba2831ad8a6009f2782fbcbcbfd01084a3b559bcc8b6
Instruction ID: 6d085280de63ae2288aa10f6c28244719d18b537e75a558324fe6c348862d10e
Opcode Fuzzy Hash: 2c2360715119917e2172ba2831ad8a6009f2782fbcbcbfd01084a3b559bcc8b6
Instruction Fuzzy Hash: 19317EB6509340AFC750CF05EC41A57FFE8EB85620F04C86EF9499B352D275A908CBA2

Uniqueness

Uniqueness Score: 0.00%

Function 00EFEE6C, Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c82d8296d6b69989181818d89900e66f72a62e5c1522a278449f99d5bd1f2570
Instruction ID: f1f87d855a1d15957272d735ed2fbb01f72f93684bbc46322104fca19b43e567
Opcode Fuzzy Hash: c82d8296d6b69989181818d89900e66f72a62e5c1522a278449f99d5bd1f2570
Instruction Fuzzy Hash: 1B314B34B102088FDF04DBA8D5908ADB7A6EF99328B64D575D609AF365DB30EC42CB81

Uniqueness

Uniqueness Score: 0.00%

Function 00EFF028, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1caf0126d407d67c0034201e4dffd21a113b6e417e9b26aa3adaa5a42c78ea6c
Instruction ID: e25843a52be1a43523d1ebaed9714c86a4ea6616494459743a222af2f58c149f
Opcode Fuzzy Hash: 1caf0126d407d67c0034201e4dffd21a113b6e417e9b26aa3adaa5a42c78ea6c
Instruction Fuzzy Hash: 96319E34B002088FCB04CFA8D5909ADB7B2FF99324B25D669D509AF3A5D634EC06DB40

Uniqueness

Uniqueness Score: 0.00%

Function 00EF3AE0, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df8fc7f59abf30638d484bea0829af5d95547c64c4d65e33472272a4234d1d1f
Instruction ID: f5cc59ebca2ae61a7d647b517aa45ec80a6da2b01a6844094ab97bc8eec8c2c8
Opcode Fuzzy Hash: df8fc7f59abf30638d484bea0829af5d95547c64c4d65e33472272a4234d1d1f
Instruction Fuzzy Hash: D921A070A04158DFDB44DBB8D810AAEB7F6AFA8700F10813AE606EB795DB34DD01CB91

Uniqueness

Uniqueness Score: 0.00%

Function 00EF42B8, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 483a3947143cdd3371002f3da12e265cee87db160dd3d37e8cd9bcfcb605ecac
Instruction ID: 2b32f1939da5baaac915c18ceeb7dee17c7a071eaf869bb139bcf76589e982e6
Opcode Fuzzy Hash: 483a3947143cdd3371002f3da12e265cee87db160dd3d37e8cd9bcfcb605ecac
Instruction Fuzzy Hash: 3521EFB1F5015C8BDB44CBB9D9415AFB7B6ABC8310F608436D606E7390EB308C168B81

Uniqueness

Uniqueness Score: 0.00%

Function 00EF26BB, Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6cba2b5fd7d77e34897399c53ba91555b84832a8988e4f5e23f05f97de6c0cd
Instruction ID: c2eb559bc42efe3ad13b165f772e94baa19eac4dc1d155ce3e6d1e6835f4bad0
Opcode Fuzzy Hash: c6cba2b5fd7d77e34897399c53ba91555b84832a8988e4f5e23f05f97de6c0cd
Instruction Fuzzy Hash: 00219032B041488FCB14EA7898546EE7BF29B99324B24057ED606FB391EB35DC05C7A5

Uniqueness

Uniqueness Score: 0.00%

Function 00EC00D6, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594100131.00EC0000.00000040.00000001.sdmp, Offset: 00EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ec0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4027a04e401f743d1f545abb41e441a4093900f54028c6f90efc3f1431822501
Instruction ID: 94ebb4636e9f7da95dde644f529fe41cbb76c5b45f866d8379900e2009712479
Opcode Fuzzy Hash: 4027a04e401f743d1f545abb41e441a4093900f54028c6f90efc3f1431822501
Instruction Fuzzy Hash: 542130B6508304AFD750CF0AEC41A57FBE8EB89670F14C82EFD4997311E271E9148BA2

Uniqueness

Uniqueness Score: 0.00%

Function 00EFF254, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27d5ea068c2689956df43eb200a5ec70f6cb51c2fe105a4e3bab5827e5f64b89
Instruction ID: 58321b34caf858a96d05258971c1cfcb6ee4bd14dc8355921b0b620897825c89
Opcode Fuzzy Hash: 27d5ea068c2689956df43eb200a5ec70f6cb51c2fe105a4e3bab5827e5f64b89
Instruction Fuzzy Hash: 5A210838B102088FCF04CB98D5808ACB7B2EF99324B24D565D919AF365DB30EC46CB80

Uniqueness

Uniqueness Score: 0.00%

Function 00EF42A7, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b977047ac537175e986658a3e5a79b8ca35cbbf95785df9b28d6477fd0657478
Instruction ID: 2884b4f7dd8640cfe790f94b81028c5a161a6fcab2fdc9c0153dc0d8a56c4f7e
Opcode Fuzzy Hash: b977047ac537175e986658a3e5a79b8ca35cbbf95785df9b28d6477fd0657478
Instruction Fuzzy Hash: 48213470F541588FD748CB7999415BF77F29BC9350F64943ADA06E7390EA348C168B82

Uniqueness

Uniqueness Score: 0.00%

Function 00EF43A9, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adff0b76a7e0b00ee94c12354c578efc1cc87b03edc8df6f0f78472635932610
Instruction ID: b763707055d78001a8adc6e6722b35258c37e961b72b5a328b28ab9e9153a506
Opcode Fuzzy Hash: adff0b76a7e0b00ee94c12354c578efc1cc87b03edc8df6f0f78472635932610
Instruction Fuzzy Hash: E2212571B5015ACFCB08CF79D9410ABB3B2EBC53407A08836D516EB694EB30DD56CB82

Uniqueness

Uniqueness Score: 0.00%

Function 00EF4E5F, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4e35489a9fdb3d8ed01c6c83fa5fee053bfaeb4f501427a7a08d5a423b3ccb8
Instruction ID: aedec644108120bfe22e531d8fb889728c1a535301b8b3bf56c4ffffa0eab572
Opcode Fuzzy Hash: d4e35489a9fdb3d8ed01c6c83fa5fee053bfaeb4f501427a7a08d5a423b3ccb8
Instruction Fuzzy Hash: F0116031B041188FCB44EBB8D8915EFB7F2AB88320B604078E149F7391EE359D518BA0

Uniqueness

Uniqueness Score: 0.00%

Function 00EFEED0, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c104acb882668500574a521f64c16ede9dfdc72a1ea0dd84f605a7189a54abd
Instruction ID: a1c65781d89a25c7c4549c0ef2be2bc550fd4d3a1c46b04bae134c6938a09249
Opcode Fuzzy Hash: 6c104acb882668500574a521f64c16ede9dfdc72a1ea0dd84f605a7189a54abd
Instruction Fuzzy Hash: AB212A39B102098FCF04DBA8D5808ADFBB6EF99324B15D566D509AB365DB30EC52CB81

Uniqueness

Uniqueness Score: 0.00%

Function 00EFC261, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80d308997bf7aa4c8d30bfd2c356199778f988852a3aac9f6d1bc4b4b935a678
Instruction ID: d5e3e9513a84b052bdf83e9ff1283dac0e12c3bbe2f9e46aef1de74f2c0e8cbe
Opcode Fuzzy Hash: 80d308997bf7aa4c8d30bfd2c356199778f988852a3aac9f6d1bc4b4b935a678
Instruction Fuzzy Hash: 5E110270F141686FDB089A789C247BF36E29BD4350F284A39E506E7380EE788D1583D1

Uniqueness

Uniqueness Score: 0.00%

Function 00EF501F, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3636ebb60370f8f979e914a5567dd3914b97d37a923d0dcfbeb588095d43f49
Instruction ID: 426d7fa7abcb6bb2ba2f00ccc1e5e270840ad08883dd6f1c6b13fbd15b05dfbb
Opcode Fuzzy Hash: e3636ebb60370f8f979e914a5567dd3914b97d37a923d0dcfbeb588095d43f49
Instruction Fuzzy Hash: C9115C31F041088FCB44EBB8D8915EEB7F2ABC8320B204078E209F7391EE359C018BA1

Uniqueness

Uniqueness Score: 0.00%

Function 00EF50FF, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c7e4ef6a56065043f1b962a1b62c766fe36798ae3a9fb99d2a80424e2984749
Instruction ID: 20b5b493733635fdf92df16d052e49e87421665a04283882017786cb7bc673b4
Opcode Fuzzy Hash: 8c7e4ef6a56065043f1b962a1b62c766fe36798ae3a9fb99d2a80424e2984749
Instruction Fuzzy Hash: 08116D31B040084FCB44EBB8E8616EE77F2ABC8320B644479E109F7392EE359D1587A1

Uniqueness

Uniqueness Score: 0.00%

Function 00EF41C8, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00b00621893c32e17fc86747ad126d9451a3731718115d75fca35da6e88ee054
Instruction ID: c3983700a2b3988869388ba159a1e163fb6c10dde1cd3ccebd950e7f7aa5865e
Opcode Fuzzy Hash: 00b00621893c32e17fc86747ad126d9451a3731718115d75fca35da6e88ee054
Instruction Fuzzy Hash: 92117231B001088FDB44EBB8E8515EFB7F2ABC8360B205479E149F7391EE355D458BA5

Uniqueness

Uniqueness Score: 0.00%

Function 00EF6788, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11ffa64c9caa1191c06300870d4aa9e793d2250f996f1a8b44e81372ce92c02b
Instruction ID: 01e5e2960111e47f44bed8680e6d05e6a20f42bf2bbf0538fc25b539f0d888b2
Opcode Fuzzy Hash: 11ffa64c9caa1191c06300870d4aa9e793d2250f996f1a8b44e81372ce92c02b
Instruction Fuzzy Hash: 11116D31B001488FCB44EBB8D9519EEB7F2ABC8360B205039E109F7392DE359D118BA5

Uniqueness

Uniqueness Score: 0.00%

Function 00EF51E1, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74324c716bdd629d812b58c42f7b95f391f657ac684274788c2a41db66d5cded
Instruction ID: 2559741e1c0be7c6fdc463dc8f671273a43b8227bc2179a9df2ef96bda2f641f
Opcode Fuzzy Hash: 74324c716bdd629d812b58c42f7b95f391f657ac684274788c2a41db66d5cded
Instruction Fuzzy Hash: 7A114F31B141088FCB44EAB8D8916EEB7F2ABC8350B644039E109F7391EE359D558BA5

Uniqueness

Uniqueness Score: 0.00%

Function 00EF4D80, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7606c7f7b123a157e6a1b57415fdec4f4a215c9e8584dfbd952aef1b15b17fd
Instruction ID: e109636b23a83eaafb7ec95a098c5748a60641cbeccda342838feccb49a10c25
Opcode Fuzzy Hash: f7606c7f7b123a157e6a1b57415fdec4f4a215c9e8584dfbd952aef1b15b17fd
Instruction Fuzzy Hash: 1A116030B041088FCB44EBB8D9A15EFB7F1AB88314B104479E14AF7391EE319C418B91

Uniqueness

Uniqueness Score: 0.00%

Function 00EC2AA2, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594100131.00EC0000.00000040.00000001.sdmp, Offset: 00EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ec0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82b782978973b340135934f9ee8763acfc4889ef6206b5507a77c98cd311d9ba
Instruction ID: 0d9fc62cbb4a481bd6f6f793281992b56243a5e128024127c4d60074dd634050
Opcode Fuzzy Hash: 82b782978973b340135934f9ee8763acfc4889ef6206b5507a77c98cd311d9ba
Instruction Fuzzy Hash: 1721E2B5508341AFD340CF19D881A1BBBE4FF89660F04896EF888D7311E271E908CFA2

Uniqueness

Uniqueness Score: 0.00%

Function 00EF4CA0, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd512451b25cbb0ccbbb05d7e998dbf9e8cc582226eec2bb92506cc49efba46f
Instruction ID: 1ab0a739f6e5e01ef8fa06dbf49ec16cdb431fd72aa62116a55ad19ec6fa803d
Opcode Fuzzy Hash: cd512451b25cbb0ccbbb05d7e998dbf9e8cc582226eec2bb92506cc49efba46f
Instruction Fuzzy Hash: 67115E31B101088BCB44EBB8D8516EE77F2AFCC360B605439E149F7392EE759D5187A5

Uniqueness

Uniqueness Score: 0.00%

Function 00EC3514, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594100131.00EC0000.00000040.00000001.sdmp, Offset: 00EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ec0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2929833b468a32cb0c00c8e42f1a00cb552a50816dc86f4c71cbd1ae648ba3b
Instruction ID: df648a314b71bcbf07e04553a653be370faf50ab6d33687125516b6bcd6b627d
Opcode Fuzzy Hash: f2929833b468a32cb0c00c8e42f1a00cb552a50816dc86f4c71cbd1ae648ba3b
Instruction Fuzzy Hash: 9011B8B5508301AFD340CF19D881A5BFBE4FBD9664F04896EF898D7311E231E9148FA2

Uniqueness

Uniqueness Score: 0.00%

Function 00EF4CB0, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d19fa799e3e093d744c3c2808579183ad19d723b0242e35e1632d7f4b6f6de2f
Instruction ID: 77fc1baf8ce29a8afc1cbb940b43b5a18bb661116cfe73cb3a593ab171f84933
Opcode Fuzzy Hash: d19fa799e3e093d744c3c2808579183ad19d723b0242e35e1632d7f4b6f6de2f
Instruction Fuzzy Hash: 82115171B0010C8B8B44EBB8E9516EFB7F6ABCC360B605438E109F7391EE359D5187A5

Uniqueness

Uniqueness Score: 0.00%

Function 00EF4E70, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04a8ee7ba2d3657050ceb94047d5bdb38b9dbee618ae8423114040cb571d313d
Instruction ID: 34332eb59ed60ffd70943a6119710e67d8e7e02d1cacba18087d3849b4ec66e5
Opcode Fuzzy Hash: 04a8ee7ba2d3657050ceb94047d5bdb38b9dbee618ae8423114040cb571d313d
Instruction Fuzzy Hash: 4F114F71B001088B8B44EBB8D9516EEB7F6ABCC360F605038E109F7391EE359C458BA5

Uniqueness

Uniqueness Score: 0.00%

Function 00EF5030, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2683bc2309980d08ea6b87d433db4c5f761a4329de727444568720f22b6e0a9d
Instruction ID: 2901252bb53e7ba51ae4831e661f97b52305f5d01d35f95a6d9f7d1968ffd442
Opcode Fuzzy Hash: 2683bc2309980d08ea6b87d433db4c5f761a4329de727444568720f22b6e0a9d
Instruction Fuzzy Hash: 17114F31F000088BCB44EBB8D9516EEB7F2ABCC320B605078E209F7391EE359C018BA5

Uniqueness

Uniqueness Score: 0.00%

Function 00EF51F0, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc4558791ffd2f515d7ed547fe015774f1ea43a71c34c0de29b59b5546557927
Instruction ID: 39d407dfa42233ed3d001a7f01ed9434927086fdd28e665725fd1547e33a98f7
Opcode Fuzzy Hash: dc4558791ffd2f515d7ed547fe015774f1ea43a71c34c0de29b59b5546557927
Instruction Fuzzy Hash: D4111F31B1050C8BCB44EBB8D8916EEB7F6ABCC360B605439E109F7391EE359C5587A5

Uniqueness

Uniqueness Score: 0.00%

Function 00EF41D8, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50f51e79c21af3c678e735697a8875a839f286d42733b2e86247f28eb7ccebf8
Instruction ID: 0223f55e6f5d4928087ee4fd7a0be5af2d6de985d6a68fee8bdf2145fa0ff05b
Opcode Fuzzy Hash: 50f51e79c21af3c678e735697a8875a839f286d42733b2e86247f28eb7ccebf8
Instruction Fuzzy Hash: 59114C71B000088B9B44EBB8E8516EFB7F2ABCC360B605439E109F7391EE359D458BA5

Uniqueness

Uniqueness Score: 0.00%

Function 00EF6798, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9621c63ebfea49d79e163712471454d7c03efb9ed90759688172595f8d1a05e4
Instruction ID: 0ae90a027feedf2360d49fd9b2aee5f4d87ff10ef0a80d28e37144c25d17d180
Opcode Fuzzy Hash: 9621c63ebfea49d79e163712471454d7c03efb9ed90759688172595f8d1a05e4
Instruction Fuzzy Hash: 5A115131F000488B8B44EBBCD9516EEB7F2ABCC360B605439E209F7391EE359D118BA5

Uniqueness

Uniqueness Score: 0.00%

Function 00EF4D90, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 936c34d1c51164928a4a88a725c31b15c76b08bce52193f8316c4610bbac1866
Instruction ID: 1d7bf3b0eeff7d8eaf28f09ffe26afac9e82088a12a5a3859e325b4578ba5d19
Opcode Fuzzy Hash: 936c34d1c51164928a4a88a725c31b15c76b08bce52193f8316c4610bbac1866
Instruction Fuzzy Hash: B8115171B001088B8B44EBBCD9516EFB7F6ABCC360B605438E10AF7391EE359C5587A5

Uniqueness

Uniqueness Score: 0.00%

Function 00EFA560, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7159c0e53558df05e0c843a792786651f3258b9a287c427e4362dd40a8c566d
Instruction ID: 7190bf3601724729951fbd3735bafdd5c8e49ef07b1043f180f08290b46be06c
Opcode Fuzzy Hash: b7159c0e53558df05e0c843a792786651f3258b9a287c427e4362dd40a8c566d
Instruction Fuzzy Hash: 7B115471B0010C8F8B44EBB8E8516EE77F2ABCD350B505039E109F7391DE359D0187A5

Uniqueness

Uniqueness Score: 0.00%

Function 00220E5C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.592103064.00220000.00000040.00000040.sdmp, Offset: 00220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_220000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83b6f71758c27ba8a48dd89fe12b540a787edb5ac41bf01c0c1a7b0c0f28b91a
Instruction ID: 9c8c88c177e33bdd8c883136179940f3ca3bd39bdf3792b9f2e738180cc5178e
Opcode Fuzzy Hash: 83b6f71758c27ba8a48dd89fe12b540a787edb5ac41bf01c0c1a7b0c0f28b91a
Instruction Fuzzy Hash: 91110631128285EFC711CB90E9C0F26BB95EB99708F28C9ACE4490B653C777D863CA51

Uniqueness

Uniqueness Score: 0.00%

Function 00EF6867, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 721d76994fc515525d439900a75318001eff736b8d11339032d45cc1280fe732
Instruction ID: 54d5ad168b6724d7f4f4acac4ae5c9d1b3efbb90dc91b9a38f533fa0834e49d7
Opcode Fuzzy Hash: 721d76994fc515525d439900a75318001eff736b8d11339032d45cc1280fe732
Instruction Fuzzy Hash: 8A119730A012589FDB54DF74D8947AA7BB2AB8A300F5004BDE149E7340DB798E94CF11

Uniqueness

Uniqueness Score: 0.00%

Function 00EFEEFE, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1526949f69550163ec5c98b4a04b4f0841207cb0d357866cd0cedd1bce106d7
Instruction ID: 9ff737b9906277cb0bc10b590225a0369b30069729643991b461b8be8cf0d741
Opcode Fuzzy Hash: a1526949f69550163ec5c98b4a04b4f0841207cb0d357866cd0cedd1bce106d7
Instruction Fuzzy Hash: DE21F734A103098FCB44CB94D5908ADF7B6FF99314B15D565D909AF369CB34EC42CB80

Uniqueness

Uniqueness Score: 0.00%

Function 00220E31, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.592103064.00220000.00000040.00000040.sdmp, Offset: 00220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_220000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d426ffa17e6e0f74a9e5559e713f70e1a878b9c9c05cc0af329bce3379bed58
Instruction ID: 2b239f06ee2a11c3cd4f9363d4c3d9f4a8388d1a55ac2e60aeb4ab770ca3778e
Opcode Fuzzy Hash: 3d426ffa17e6e0f74a9e5559e713f70e1a878b9c9c05cc0af329bce3379bed58
Instruction Fuzzy Hash: 11219A311492C19FC713CB60D890B55BFB1EB47314F298AEED4884B6A3C33A9853DB41

Uniqueness

Uniqueness Score: 0.00%

Function 01090518, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8279e26e13d65bdf71b7b20d7c071be1aff0ea477904dad2115098c484d5e631
Instruction ID: b517affc21a0e25d1438398aff1923839ec4b0ba3dbee22a33a82016953b5061
Opcode Fuzzy Hash: 8279e26e13d65bdf71b7b20d7c071be1aff0ea477904dad2115098c484d5e631
Instruction Fuzzy Hash: 9B110231E10400CBCF14AB6CE5651ADB7BABF98314F14886AE19A97658DB31CC66CB91

Uniqueness

Uniqueness Score: 0.00%

Function 00EFEEE9, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20a40abc7e76f1ea2f70c60ffb7d3af91c1558d880b978a5f2bed036ef83a269
Instruction ID: defb2d77a29dd007c9b2eb7a62b8be711d0dbc88881273182bbc7d037d92efaf
Opcode Fuzzy Hash: 20a40abc7e76f1ea2f70c60ffb7d3af91c1558d880b978a5f2bed036ef83a269
Instruction Fuzzy Hash: 54210334A102098FCB44CB98D9908ADFBB6FF99324B15D566D909AF369D734EC42CB80

Uniqueness

Uniqueness Score: 0.00%

Function 00EFEFFB, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9998f28bc71595eca41ebc5a9d2952b0aaf0b5368c0f2f83ea2ebf9badb6e7f
Instruction ID: 19e20d089b2d1fb17828bf8e321a7a3efb7a3db89eeb39275bc48463961498d9
Opcode Fuzzy Hash: a9998f28bc71595eca41ebc5a9d2952b0aaf0b5368c0f2f83ea2ebf9badb6e7f
Instruction Fuzzy Hash: 5511E734A10209CFDB44CB94C5908ADBBB6EF99324B15D5A5D909AF365DB34EC42CB80

Uniqueness

Uniqueness Score: 0.00%

Function 01090525, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbee9189d049f26c6dc98a59db7a4bff1b24362d1108307df5bb4078c29c5ed5
Instruction ID: dc9427e25b66fe4ac3d329585841fe1579da6e810c0477aaa3ea2cc7102a8e32
Opcode Fuzzy Hash: fbee9189d049f26c6dc98a59db7a4bff1b24362d1108307df5bb4078c29c5ed5
Instruction Fuzzy Hash: 12110231E00400CBCF14AB6CA5661ADB7F6AB8C314F14886AE19697658DB31CC66C791

Uniqueness

Uniqueness Score: 0.00%

Function 00EC33B8, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594100131.00EC0000.00000040.00000001.sdmp, Offset: 00EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ec0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1065f261fcf0766d82242a70ebca4339fb6ad0cdeb83e830bf047df824089374
Instruction ID: 8f15a9698f1f5cdc7acfa0e410ca8fe2c653136877db837caf72c8d10874ddbb
Opcode Fuzzy Hash: 1065f261fcf0766d82242a70ebca4339fb6ad0cdeb83e830bf047df824089374
Instruction Fuzzy Hash: 1A11FAB5508301AFD750CF09DC85A5BFBE8EBC8660F04882EF95997311E271E908CFA2

Uniqueness

Uniqueness Score: 0.00%

Function 00EFF80E, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84bf54884bb5fc846f4292d5a1ee3f048eab939d159bf63867ce236dd32d091b
Instruction ID: 31338fd3c410b1d1bee4226a934ba7e49136e1951ad50688650243ec5db619a3
Opcode Fuzzy Hash: 84bf54884bb5fc846f4292d5a1ee3f048eab939d159bf63867ce236dd32d091b
Instruction Fuzzy Hash: AA01F535B042148FCB04E6F894601BDB7969FD4208B25943ACA06EB391EF31DC22DB66

Uniqueness

Uniqueness Score: 0.00%

Function 00EF3B6F, Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5169c25155a72fb7ce41149f4e19d6d18883dcb6dc7de219ad656847157d58d9
Instruction ID: 4feabfc470e4d49541c7d5820be8662d67032c4caa32d6e3babe04c3edfeef0d
Opcode Fuzzy Hash: 5169c25155a72fb7ce41149f4e19d6d18883dcb6dc7de219ad656847157d58d9
Instruction Fuzzy Hash: D2115A71B04019CBDB04CBA8D950AAEB3B6EBA8700F259165D706FB795DB30DD40CB95

Uniqueness

Uniqueness Score: 0.00%

Function 01090660, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 487af39ddf774ab01de3d79441dbc30ef3492108e6e4a7c8da18cc8a4553f5fd
Instruction ID: feeaf966d9d596f72d80556101b0c9eaba7db6e98921a40bf286884a9a1ac4db
Opcode Fuzzy Hash: 487af39ddf774ab01de3d79441dbc30ef3492108e6e4a7c8da18cc8a4553f5fd
Instruction Fuzzy Hash: 60017CB1B0035C8BDB149FB8D8506DEB7BABB89304F10443ED606EB385DA329C15CBA1

Uniqueness

Uniqueness Score: 0.00%

Function 01090D1C, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 535961504b47175ad67daba64cb06eba674395efad9674462d4b8e90b8c136c9
Instruction ID: 9ed5d5bb3f64616dbd423193b0be992e465f711efd34725a0516efbae7f6fc68
Opcode Fuzzy Hash: 535961504b47175ad67daba64cb06eba674395efad9674462d4b8e90b8c136c9
Instruction Fuzzy Hash: 3201693158A350AFC75B9F7498555E63FF0EF5332431A21EEE846CB271E2660906CF60

Uniqueness

Uniqueness Score: 0.00%

Function 002207FB, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.592103064.00220000.00000040.00000040.sdmp, Offset: 00220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_220000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af8882266257e23e4f0f5e1e53d26fb07163577ebdcb2f69148eb66ed2803123
Instruction ID: ad93ecee2881e07423bcd5dedaf32163e38fc7b8a8649d1da93cbeb7edf17d18
Opcode Fuzzy Hash: af8882266257e23e4f0f5e1e53d26fb07163577ebdcb2f69148eb66ed2803123
Instruction Fuzzy Hash: 1F0186765097806FD7128F159C45862FFB8DE86530709C4AFEC498B712D225A909CBB2

Uniqueness

Uniqueness Score: 0.00%

Function 01090643, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06115dd8c6b82520cc3564b753f80d0f18d15abcfe5e66073b6693db88e793de
Instruction ID: 795b77db978594b94ff0b621c086fb20656659aa3304825111caf89241128146
Opcode Fuzzy Hash: 06115dd8c6b82520cc3564b753f80d0f18d15abcfe5e66073b6693db88e793de
Instruction Fuzzy Hash: 5D01D470A093D88FD7568BB4886466EBFB6BB87300F0540BFE585DB297DA344C04C7A2

Uniqueness

Uniqueness Score: 0.00%

Function 00EFF0A2, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41a490c0a832ec70c66627b0fda415e9d2218ea1bec1064238d9866cdf3fd3a8
Instruction ID: 42daced231b785cda75ec04371595aa7173422761aa19933d4c08a9ded9bf943
Opcode Fuzzy Hash: 41a490c0a832ec70c66627b0fda415e9d2218ea1bec1064238d9866cdf3fd3a8
Instruction Fuzzy Hash: 6A01A1B1E1010DAFDB05EFD4E9519EEBBF9AB48310F20503AB119F7351DA7459448F24

Uniqueness

Uniqueness Score: 0.00%

Function 00EF7DD7, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef0a8b4d6836c9110f0a9e5b5d422befeed3ada4f42ec1e6ba24377b12f11846
Instruction ID: 7acd1388869b6f6cf8d987a2aaedf1af91f229f3fb0d10d2d2ac8ee90f4e5a8f
Opcode Fuzzy Hash: ef0a8b4d6836c9110f0a9e5b5d422befeed3ada4f42ec1e6ba24377b12f11846
Instruction Fuzzy Hash: 9EF02270B002088BDB08AB399DA06BE32A2AFE5304BA40939D20DE7381EE74CD589751

Uniqueness

Uniqueness Score: 0.00%

Function 00EF7AFF, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91faa20e29828a8934139df84278251b05ef637579fac3562cdedf56119a4707
Instruction ID: 67fb452b69ee513cad8fb84b2eafafb6626a950ed39b23065bf0b09b17d13fce
Opcode Fuzzy Hash: 91faa20e29828a8934139df84278251b05ef637579fac3562cdedf56119a4707
Instruction Fuzzy Hash: D3F0E974B001048BEB08677959243BE21D3AFF9304B684838D64AFB384EF74CD549792

Uniqueness

Uniqueness Score: 0.00%

Function 00EFFA43, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca4a79d662e93606aaca607f5c438cae6a0aeecd793fb9ff24890104c19dd154
Instruction ID: 808ce84518cd0e098d269126b6c1510b2301e5d7c2ac374c1f04d792b5074cf1
Opcode Fuzzy Hash: ca4a79d662e93606aaca607f5c438cae6a0aeecd793fb9ff24890104c19dd154
Instruction Fuzzy Hash: 78F0B431F150688B4F04EBF895511ECB7A69F843187209176D62AFB351DF318D128BA5

Uniqueness

Uniqueness Score: 0.00%

Function 00220F18, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.592103064.00220000.00000040.00000040.sdmp, Offset: 00220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_220000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46debe57896ac666fbdd8b357651a768cc350afad20f7cf280d2b96e708a9c95
Instruction ID: 4ab446cc36cd2600197c49097fc85458ebf935447c00722ba5c0a2b6adb98646
Opcode Fuzzy Hash: 46debe57896ac666fbdd8b357651a768cc350afad20f7cf280d2b96e708a9c95
Instruction Fuzzy Hash: 09F01D35154645DFC316CF40D580B16FBA2FB89718F24CAADE9490B762C737E823DA81

Uniqueness

Uniqueness Score: 0.00%

Function 00EF4ED7, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01dc3f2fa9f558ebcab2b37f21f28bc9c9aa7637a147c5e41b311525d1d28326
Instruction ID: 85d3063e5f8e6ae415bdbb3c699a4a4feb09dd311b6695cdbcde840ecb09e816
Opcode Fuzzy Hash: 01dc3f2fa9f558ebcab2b37f21f28bc9c9aa7637a147c5e41b311525d1d28326
Instruction Fuzzy Hash: 02F0F836B000488B8F44EBA8E5915EDB7F2ABC8224B609075E109F7352EE319C568B10

Uniqueness

Uniqueness Score: 0.00%

Function 00EF5097, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a48b0c8da1f76649ebe6a048b240e383be3c4416535cedb54e62f2ee5cba73c
Instruction ID: 76d38bb270f3563d802df8a99b0dc6df3049d2d3f237193d155a1b7a38f00166
Opcode Fuzzy Hash: 4a48b0c8da1f76649ebe6a048b240e383be3c4416535cedb54e62f2ee5cba73c
Instruction Fuzzy Hash: C3F0F836F000488B8F44EBB8E5915EDB7F2AFC8228B609075E209F7352EE329C118B10

Uniqueness

Uniqueness Score: 0.00%

Function 00EF5257, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82d0b008f50368b151b72c9ce86f49895c28bec3909c7abdcaa755ea2f970a20
Instruction ID: 4ca50a0e02f98cb844e343e2fa284df2b91be98248ebc37468c235cfb615e56a
Opcode Fuzzy Hash: 82d0b008f50368b151b72c9ce86f49895c28bec3909c7abdcaa755ea2f970a20
Instruction Fuzzy Hash: FCF0F836B000488B8F44EBB8E5915EDB7F2ABC8224B609075E109F7362EE319C158B50

Uniqueness

Uniqueness Score: 0.00%

Function 00EF423F, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62d607baca993276ab41e1aab102151331789f2462edcbf3705b5635635845d7
Instruction ID: 283932b9c9e4f6bb69f8490b6f4a1419b496651f98313395431b4d723e56de08
Opcode Fuzzy Hash: 62d607baca993276ab41e1aab102151331789f2462edcbf3705b5635635845d7
Instruction Fuzzy Hash: 19F0F836F000088B9B44EBF8E5915EDB7F2ABC8224B609475E109F7362EE319D158B15

Uniqueness

Uniqueness Score: 0.00%

Function 00EF67FF, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6afca40c71bdc17134808b7370115f7787150d4a71575462d69692985f81a047
Instruction ID: edb334cfc3b30ed91f7b8525b13976faba8fa878ba88484f40b902e1bc22eff2
Opcode Fuzzy Hash: 6afca40c71bdc17134808b7370115f7787150d4a71575462d69692985f81a047
Instruction Fuzzy Hash: 46F0F836F000488B8B44EBB8E5915EDB7F2ABC8328B609079E109F7352EE319D118B25

Uniqueness

Uniqueness Score: 0.00%

Function 00EF4DF7, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4448d359d55759ff7646014daf6202ee9932916ce045ffbb7c56435b0bb81fd
Instruction ID: 5f4651a9b5b2674ac3501f5e82a3600c01dc0bac0db42b9198ffd4c8a2ef00cf
Opcode Fuzzy Hash: d4448d359d55759ff7646014daf6202ee9932916ce045ffbb7c56435b0bb81fd
Instruction Fuzzy Hash: B6F0F835B000488B8F44EBA8E5915EDB7F2ABC8224B609075E109F7352EE319D158B10

Uniqueness

Uniqueness Score: 0.00%

Function 00EFA5C7, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fad13522f684ff8318da042861395b4615b777a736dc1efe0cb3fac85fe33403
Instruction ID: 47544053169ecd29585c1cf0fc0b06d963a0ead83eafe13beea9aa24d33d58fd
Opcode Fuzzy Hash: fad13522f684ff8318da042861395b4615b777a736dc1efe0cb3fac85fe33403
Instruction Fuzzy Hash: 70F0F875B000488F8F44EBB8E9915EDB7F2ABC8224B609075E109F7362EE359D158B11

Uniqueness

Uniqueness Score: 0.00%

Function 00EF4FB7, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d50794888cad913f492d9b699027e4fb6940acfe4ffe9f924f37b91b1f98cc1
Instruction ID: 4e006bd3f740acea24444149a5bd39ec879471a730a6191a2b2a74a4aabdbb45
Opcode Fuzzy Hash: 7d50794888cad913f492d9b699027e4fb6940acfe4ffe9f924f37b91b1f98cc1
Instruction Fuzzy Hash: E4F0F836B000488B8F44EBA8E9915EDB7F2ABC8224B609075E109F7362EE319C11CB65

Uniqueness

Uniqueness Score: 0.00%

Function 0022081E, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.592103064.00220000.00000040.00000040.sdmp, Offset: 00220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_220000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a12e90fcd2dc3bff5bffb77dc2f4937bcdc0f3db6754dabd5d28669fe687c2cc
Instruction ID: 64dab13f41cdd1fe292349436ca2d074a4e35e538b1d3a94a0cee2deb1ac9f78
Opcode Fuzzy Hash: a12e90fcd2dc3bff5bffb77dc2f4937bcdc0f3db6754dabd5d28669fe687c2cc
Instruction Fuzzy Hash: 6CE092766007009F9A50CF0AEC42452F798EB84630B18C47FDC0D8B700E635F504CAA1

Uniqueness

Uniqueness Score: 0.00%

Function 00EC0063, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594100131.00EC0000.00000040.00000001.sdmp, Offset: 00EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ec0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0e1106d8e465b2d299432538d390c87797b4ea6ebbf792d0418f46afc8eaf00
Instruction ID: 02106ec63f6350a7100262bc5cbc1e00df79f6005cc49a564444bee025f98932
Opcode Fuzzy Hash: f0e1106d8e465b2d299432538d390c87797b4ea6ebbf792d0418f46afc8eaf00
Instruction Fuzzy Hash: ECE0D8725403046BD6508E069C46B53FB98EB91931F08C567ED095B341E162B51489E1

Uniqueness

Uniqueness Score: 0.00%

Function 00EC2E2B, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594100131.00EC0000.00000040.00000001.sdmp, Offset: 00EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ec0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6e291873b8126eefef768bf9f90863b2618260ebe94240253a7fa128e94f635
Instruction ID: 4eb4623562f2f1a00e2a17643d6da01709d626d30e4555f226a479a476a21c93
Opcode Fuzzy Hash: d6e291873b8126eefef768bf9f90863b2618260ebe94240253a7fa128e94f635
Instruction Fuzzy Hash: 24E0D8725003006BD2508E069C46B53FB98EB91930F08C467ED095B306E176B514C9E1

Uniqueness

Uniqueness Score: 0.00%

Function 00EC3407, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594100131.00EC0000.00000040.00000001.sdmp, Offset: 00EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ec0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48128ff2fc55cd99976f4415349580358c7f6c817d4ad32b1230670496c5a439
Instruction ID: c36426a72bedcd13eaa7e8ec99204718d4a82d9597e8c1d69a752f0338910d4b
Opcode Fuzzy Hash: 48128ff2fc55cd99976f4415349580358c7f6c817d4ad32b1230670496c5a439
Instruction Fuzzy Hash: 97E0D8725003046BD2508E069C4AB53FB98EB91930F08C467ED095B302E172B51489F1

Uniqueness

Uniqueness Score: 0.00%

Function 00EC357F, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594100131.00EC0000.00000040.00000001.sdmp, Offset: 00EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ec0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a32e94109d522f7e24591c96fb71260c50015dee52abe13b5060bc34571df4c
Instruction ID: 8cba74a45e111b6f64752f7578478fb7e482990817e1f59e4b3c1638395a0b3c
Opcode Fuzzy Hash: 2a32e94109d522f7e24591c96fb71260c50015dee52abe13b5060bc34571df4c
Instruction Fuzzy Hash: 96E0D8725403006BD2508E069C46B52FB98EB91930F08C467ED085B701E162B5148AE1

Uniqueness

Uniqueness Score: 0.00%

Function 00EC2B17, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594100131.00EC0000.00000040.00000001.sdmp, Offset: 00EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ec0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 612cf213333232adb60d9ec5df661ef9327dec38aa4bd8bc896e3d0b51a4e1e7
Instruction ID: 0c140eeafd75a5782fa5413e6ed144067fbc258aea51345d9743ea32c3800561
Opcode Fuzzy Hash: 612cf213333232adb60d9ec5df661ef9327dec38aa4bd8bc896e3d0b51a4e1e7
Instruction Fuzzy Hash: 1AE0DFB29003006BD2508F06AC4AB62FB98EBA1A30F08C46BED085B302E162B5148AE1

Uniqueness

Uniqueness Score: 0.00%

Function 01090929, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c74fd988652b3faf2818c9d10d9946e89ea55de18f619e3fbb99197f634b0eb
Instruction ID: e22ecfc4cc6e64f56421858916591dd3d8c7085d1cfb22827f4855ce17e31c23
Opcode Fuzzy Hash: 3c74fd988652b3faf2818c9d10d9946e89ea55de18f619e3fbb99197f634b0eb
Instruction Fuzzy Hash: 29E02235F00144CFCB49EF3485A182FBBAA6FC5208B20545FDC47DF2A9D6308C01AA81

Uniqueness

Uniqueness Score: 0.00%

Function 00EFF1FF, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da5cf6f5c37a9a9c0024ff56755fee1b97fc6dad34d654f0c2444947800ec323
Instruction ID: 50d83e1a90ce90828c76d6fa1f184047e22492b061865a5fd60dc67baaca3808
Opcode Fuzzy Hash: da5cf6f5c37a9a9c0024ff56755fee1b97fc6dad34d654f0c2444947800ec323
Instruction Fuzzy Hash: 5BE0DF30B403184BD304E7A0CC637EDB2679B8A304F308428960AFFB92C9B4EC401752

Uniqueness

Uniqueness Score: 0.00%

Function 010908B0, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f44bd6579e46dfde57373ad648550ff7059bf4063c8b11615f08f3e7c8951bd2
Instruction ID: 0161a762c0b6b5554fb6f2b919f0def651c85aa5cf5de7f93863cd1e840e3416
Opcode Fuzzy Hash: f44bd6579e46dfde57373ad648550ff7059bf4063c8b11615f08f3e7c8951bd2
Instruction Fuzzy Hash: E6E05E70A000A98FCB48BBB4D86236E76A77BC4700F24557DA60EAF346CE348D556B66

Uniqueness

Uniqueness Score: 0.00%

Function 002723F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.592144548.00272000.00000040.00000001.sdmp, Offset: 00272000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_272000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86823b1b3d9e6b547844e4304d522c00e456ce454c54ecf6417ff0b6b0b161c3
Instruction ID: 572f9e929778da6d9e5cc5a302da2e052c57a4f7fdc63609c620e0664f369445
Opcode Fuzzy Hash: 86823b1b3d9e6b547844e4304d522c00e456ce454c54ecf6417ff0b6b0b161c3
Instruction Fuzzy Hash: 3BD05E79215692CFD3168E1CC1A8B953B94AF92B04F4684FAE804DB6A3C378D9A5D600

Uniqueness

Uniqueness Score: 0.00%

Function 010906C5, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1fedf0726cab42a352aa7aa3f62a4119c722afd564b8bfaed4be76031f125c3
Instruction ID: 2da3026cb08d2b26ea206e95fbbd7b7fb6bb5bd84d119e5d4fba7d453a70805e
Opcode Fuzzy Hash: a1fedf0726cab42a352aa7aa3f62a4119c722afd564b8bfaed4be76031f125c3
Instruction Fuzzy Hash: 1AD023B071016DC7CF148B58847055D214F33C8304B19853FA547D334DD9308C029790

Uniqueness

Uniqueness Score: 0.00%

Function 002723BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.592144548.00272000.00000040.00000001.sdmp, Offset: 00272000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_272000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cad5a95a0f7c214587247b49f7e95e4af96d5b3e8a0809185200f0935add1617
Instruction ID: 465514035d0d32d6c44ce4a6f5222299d0c79f09c281bc3b396bb33701ca3db1
Opcode Fuzzy Hash: cad5a95a0f7c214587247b49f7e95e4af96d5b3e8a0809185200f0935add1617
Instruction Fuzzy Hash: 5AD05E342105828BD715CF0DC294F5977E4AF81704F1684EDBC008B266C3B8DD94CB00

Uniqueness

Uniqueness Score: 0.00%

Function 01090D60, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594305031.01090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1090000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd907982df40a0674acbbcb67bd799a667279c2a440c7e8068b99c124072399d
Instruction ID: d840adf4ec64f61bc6911a909c7d72db0b40a6f79ae0feaefb4b5b1b3d96c772
Opcode Fuzzy Hash: fd907982df40a0674acbbcb67bd799a667279c2a440c7e8068b99c124072399d
Instruction Fuzzy Hash: ADC012316182244B8B08AAB9A0058A97BDCAA4962030000ABE50ACB711E9A2AC008B94

Uniqueness

Uniqueness Score: 0.00%

Function 00EFF96A, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.594139557.00EF0000.00000040.00000001.sdmp, Offset: 00EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_ef0000_NEW_INVOICE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bd80c55b4a528c3ef0badbbe0cb25443b9b4590074902f8d4a01b6338f87010
Instruction ID: b269dea98cd59bab392971d24e36f8caa93287a0de482a8dc0fa2afb1ecb4d8c
Opcode Fuzzy Hash: 4bd80c55b4a528c3ef0badbbe0cb25443b9b4590074902f8d4a01b6338f87010
Instruction Fuzzy Hash: 28C08071B0414D9B57049AD884511FD35A15F5435CF702035D615FA700DD34DC83EB01

Uniqueness

Uniqueness Score: 0.00%

Non-executed Functions

Description:	Windows Management Instrumentation (WMI) is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Command-line interfaces provide a way of interacting with computer systems and is a common feature across many types of operating system platforms. One example command-line interface on Windows systems is cmd , which can be used to perform a number of tasks including execution of other software. Command-line interfaces can be interacted with locally or remotely via a remote desktop application, reverse shell session, etc. Commands that are executed run with the current permission level of the command-line interface process unless the command includes process invocation that changes permissions context for that execution (e.g. Scheduled Task ).
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Utilities such as at and schtasks , along with the Windows Task Scheduler, can be used to schedule programs or scripts to be executed at a date and time. A task can also be scheduled on a remote system, provided the proper authentication is met to use RPC and file and printer sharing is turned on. Scheduling a task on a remote system typically required being a member of the Administrators group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion, Persistence
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token. For example, Microsoft promotes the use of access tokens as a security best practice. Administrators should log in as a standard user but run their tools with administrator privileges using the built-in access token manipulation command `runas` . Adversaries may use access tokens to operate under a different user or system security context to perform actions and evade detection. An adversary can use built-in Windows API functions to copy access tokens from existing processes; this is known as token stealing. An adversary must already be in a privileged user context (i.e. administrator) to steal a token. However, adversaries commonly use token stealing to elevate their security context from the administrator level to the SYSTEM level. An adversary can use a token to authenticate to a remote system as the account for that token if the account has appropriate permissions on the remote system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security scanning or event reporting.
Tactics:	Defense Evasion
Data Sources:	API monitoring, Anti-virus, File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Masquerading occurs when the name or location of an executable, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. Several different variations of this technique have been observed.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may check for the presence of a virtual machine environment (VME) or sandbox to avoid potential detection of tools and activities. If the adversary detects a VME, they may alter their malware to conceal the core functions of the implant or disengage from the victim. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information from learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Credential dumping is the process of obtaining account login and password information, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries can use methods of capturing user input for obtaining credentials for Valid Accounts and information Collection that include keylogging and user input field interception.
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Kernel drivers, Process monitoring, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of local system or domain accounts.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	Azure AD, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report NEW_INVOICE.exe

Overview

General Information

Detection

Confidence

Classification

Analysis Advice

Mitre Att&ck Matrix

Signature Overview

AV Detection:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Malware Configuration

Threatname: Agenttesla

Signature Similarity

Similar Samples

Behavior Graph

Simulations

Behavior and APIs

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Screenshots

Thumbnails

Startup

Created / dropped Files

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Function 00780A50, Relevance: 8.6, Strings: 5, Instructions: 2398
UNIQUE

Function 00780A3F, Relevance: 8.6, Strings: 5, Instructions: 2398
UNIQUE

Function 0078335F, Relevance: 2.7, Strings: 2, Instructions: 170
UNIQUE

Function 00780280, Relevance: 5.1, Strings: 4, Instructions: 117
UNIQUE

Function 007805A8, Relevance: 4.0, Strings: 3, Instructions: 201
UNIQUE

Function 007839DE, Relevance: 3.9, Strings: 3, Instructions: 158
UNIQUE

Function 00783B26, Relevance: 3.9, Strings: 3, Instructions: 155
UNIQUE

Function 007800F7, Relevance: 2.6, Strings: 2, Instructions: 56
UNIQUE

Description:	### Windows
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries will likely attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used. Adversaries may also use local host files in order to discover the hostname to IP address mappings of remote systems.
Tactics:	Discovery
Data Sources:	Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Files may be copied from one system to another to stage adversary tools or other files over the course of an operation. Files may be copied from an external adversary-controlled system through the Command and Control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP . Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control, Lateral Movement
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Sensitive data can be collected from local system sources, such as the file system or databases of information residing on the system prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information from a target.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the Windows clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Data is encrypted before being exfiltrated in order to hide the information that is being exfiltrated from detection or to make the exfiltration less conspicuous upon inspection by a defender. The encryption is performed by a utility, programming library, or custom algorithm on the data itself and is considered separate from any encryption performed by the command and control or file transfer protocol. Common file archive formats that can encrypt files are RAR and zip.
Tactics:	Exfiltration
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate over a commonly used port to bypass firewalls or network detection systems and to blend with normal network activity to avoid more detailed inspection. They may use commonly open ports such as
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may explicitly employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if necessary secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Use of a standard non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive. Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre