Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QUOTATION_MARQTRA031244#U00faPDF.scr.exe

Overview

General Information

Sample name:QUOTATION_MARQTRA031244#U00faPDF.scr.exe
renamed because original name is a hash value
Original sample name:QUOTATION_MARQTRA031244PDF.scr.exe
Analysis ID:1417017
MD5:749404f8b6bd72307f017d1fd8f3081e
SHA1:84995cbfec91c10df85c97d0f7acec531dba455c
SHA256:aa5e905630fdcd343ea0c1bdc41c67ec3b60abcab50f2ed7bcfba931e7d30f11
Tags:exeFormbook
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
.NET source code contains potential unpacker
Allocates memory in foreign processes
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: AspNetCompiler Execution
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • QUOTATION_MARQTRA031244#U00faPDF.scr.exe (PID: 7436 cmdline: "C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe" MD5: 749404F8B6BD72307F017D1FD8F3081E)
    • aspnet_compiler.exe (PID: 6572 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "gator3220.hostgator.com", "Username": "zam90@aoqiinflatables.com", "Password": "VvMMgD#w!TZmaka!@"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.1799414641.0000000005690000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        0000000A.00000002.2532146794.0000000002565000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000005.00000002.1796796106.0000000005280000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            Click to see the 15 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.45dece0.9.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5690000.14.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.46f6d40.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2d554c4.1.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 25 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: AspNetCompiler Execution
                      Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe", ParentImage: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe, ParentProcessId: 7436, ParentProcessName: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe", ProcessId: 6572, ProcessName: aspnet_compiler.exe

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "gator3220.hostgator.com", "Username": "zam90@aoqiinflatables.com", "Password": "VvMMgD#w!TZmaka!@"}
                      Multi AV Scanner detection for submitted file
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeReversingLabs: Detection: 37%
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeVirustotal: Detection: 52%Perma Link
                      Machine Learning detection for sample
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeJoe Sandbox ML: detected
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.0000000006571000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800508404.0000000005940000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.0000000006571000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800508404.0000000005940000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h5_2_0576D220
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 4x nop then jmp 05772E77h5_2_05772DF3
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 4x nop then jmp 05771018h5_2_05770C50
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 4x nop then jmp 05771018h5_2_05770C40
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 4x nop then jmp 05772E77h5_2_05772F07
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 4x nop then jmp 05772E77h5_2_05772E00
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 4x nop then jmp 0577153Bh5_2_05771320
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 4x nop then jmp 0577153Bh5_2_05771311
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h5_2_059C4290
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h5_2_059C4288

                      Networking

                      barindex
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 10.2.aspnet_compiler.exe.550000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.raw.unpack, type: UNPACKEDPE
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                      Source: unknownDNS query: name: ip-api.com
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: unknownDNS traffic detected: queries for: ip-api.com
                      Source: aspnet_compiler.exe, 0000000A.00000002.2532146794.00000000025F4000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.0000000002531000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.000000000260E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.00000000025F4000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.0000000002531000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.00000000025F4000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.0000000002531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Installs a global keyboard hook
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 10.2.aspnet_compiler.exe.550000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_00AF73D85_2_00AF73D8
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_00AF87C45_2_00AF87C4
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_00AFA3B85_2_00AFA3B8
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_00AF73C85_2_00AF73C8
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_00AFD5A05_2_00AFD5A0
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_00AFD5905_2_00AFD590
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_00AFB88A5_2_00AFB88A
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_00AFB8985_2_00AFB898
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_00AF5DE85_2_00AF5DE8
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_00AF5DD85_2_00AF5DD8
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_0566E6305_2_0566E630
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05662FB85_2_05662FB8
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_0566355E5_2_0566355E
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_0566B4425_2_0566B442
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_0566B4505_2_0566B450
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_056613285_2_05661328
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_056613385_2_05661338
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05662FAA5_2_05662FAA
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05665E3E5_2_05665E3E
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_0566E9675_2_0566E967
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_056618135_2_05661813
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_0576E9985_2_0576E998
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_057600405_2_05760040
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_057600075_2_05760007
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_0577A2185_2_0577A218
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05772DF35_2_05772DF3
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05772F075_2_05772F07
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05772E005_2_05772E00
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05778EB85_2_05778EB8
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05778EA95_2_05778EA9
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05771B105_2_05771B10
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_0577A2085_2_0577A208
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05771AC95_2_05771AC9
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_0578ECF85_2_0578ECF8
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_057824A85_2_057824A8
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_057800405_2_05780040
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_059C51685_2_059C5168
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_059C4CEF5_2_059C4CEF
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05A0D8305_2_05A0D830
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05A0CCB05_2_05A0CCB0
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_059F00065_2_059F0006
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_059F00405_2_059F0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_00A0A4F810_2_00A0A4F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_00A0D89810_2_00A0D898
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_00A04AC810_2_00A04AC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_00A09D4010_2_00A09D40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_00A03EB010_2_00A03EB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_00A041F810_2_00A041F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_05C7112810_2_05C71128
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_05C71ED010_2_05C71ED0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_05C7836810_2_05C78368
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_05C7830010_2_05C78300
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_05C72F8810_2_05C72F88
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_05C7367010_2_05C73670
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000040A5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTzayrsmq.dll" vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002B34000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclrjit.dllT vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002B34000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.0000000006571000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1796796106.0000000005280000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTzayrsmq.dll" vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename76bc4fde-e535-4efe-99b6-617b51be4b06.exe4 vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1784762345.0000000000B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000000.1276318670.000000000057E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWzlohxjp.exe> vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename76bc4fde-e535-4efe-99b6-617b51be4b06.exe4 vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800508404.0000000005940000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeBinary or memory string: OriginalFilenameWzlohxjp.exe> vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: edputil.dllJump to behavior
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 10.2.aspnet_compiler.exe.550000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, -.csBase64 encoded string: 'yweUVR2ytiyCRxS6+wqOThbx2Q2URBW99AfcZh2r3RCTUwGe6w2CTBqz4UWARAyA3guLTTa+9RvcTgiA0RCCUA2+9BeTWEO4/Qq4bR2x/wqPGj+67CqeUR2Z6hGKaRmx/BKCGh+67CGpQBW6ozeJRR2n1xjccx2+/C2TUxGx/0WmRRzk/xuTfiiw6xeTSBexoxmCVSec7QyVRBar3BGKQBGxoy2CVTy+7B/cEkjoqUfcYAus/ROFTQGM/QyRRArkyxeKURS62Q2URBW99AeiWQiz9wyCU0O9+RyCTQ6yow2KThO67BuUVQ=='
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, -.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, LoggingEvent.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@1/1
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTATION_MARQTRA031244#U00faPDF.scr.exe.logJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMutant created: NULL
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: aspnet_compiler.exe, 0000000A.00000002.2532146794.000000000263E000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.000000000262C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeReversingLabs: Detection: 37%
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeVirustotal: Detection: 52%
                      Source: unknownProcess created: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe "C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe"
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeStatic file information: File size 2534912 > 1048576
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x26a200
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.0000000006571000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800508404.0000000005940000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.0000000006571000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800508404.0000000005940000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, Program.cs.Net Code: _E000 System.Reflection.Assembly.Load(byte[])
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.47d6ba0.5.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.47d6ba0.5.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.47d6ba0.5.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.47d6ba0.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.47d6ba0.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.45dece0.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5690000.14.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.46f6d40.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2d554c4.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2d554c4.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.45dece0.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.42d2c50.11.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.40a5630.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.1799414641.0000000005690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1788177024.00000000040A5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: QUOTATION_MARQTRA031244#U00faPDF.scr.exe PID: 7436, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05666B68 push es; retf 5_2_05666B6F
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05763E30 pushfd ; ret 5_2_05763E36
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_05779770 push eax; ret 5_2_05779789
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_0577D6F3 push eax; iretd 5_2_0577D6F9
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeCode function: 5_2_0578CC64 push es; iretd 5_2_0578CC67
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: QUOTATION_MARQTRA031244#U00faPDF.scr.exe PID: 7436, type: MEMORYSTR
                      Check if machine is in data center or colocation facility
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.000000000260E000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.0000000002565000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory allocated: AF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory allocated: 28C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory allocated: 26F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory allocated: 6570000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory allocated: 5A10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: A00000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 2530000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 2210000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1800000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799547Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799438Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799313Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799204Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799091Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798969Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1793985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 1555Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 8263Jump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe TID: 7440Thread sleep count: 53 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe TID: 7440Thread sleep time: -53000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe TID: 7564Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep count: 32 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1800000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 1428Thread sleep count: 1555 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1799875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 1428Thread sleep count: 8263 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1799766s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1799656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1799547s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1799438s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep count: 32 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1799313s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1799204s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1799091s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1798969s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1798860s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1798735s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1798610s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1798485s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1798360s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1798235s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1798110s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1797985s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1797860s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1797735s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1797610s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1797485s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1797360s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1797235s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1797110s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1796985s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1796860s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1796735s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1796610s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1796485s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1796360s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1796235s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1796110s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1795985s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1795860s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1795735s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1795610s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1795485s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1795360s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1795235s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1795110s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1794985s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1794860s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1794735s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1794610s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1794485s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1794360s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1794235s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1794110s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304Thread sleep time: -1793985s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1800000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799547Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799438Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799313Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799204Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1799091Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798969Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1798110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1797110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1796110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1795110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1794110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 1793985Jump to behavior
                      Source: aspnet_compiler.exe, 0000000A.00000002.2532146794.0000000002565000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                      Source: aspnet_compiler.exe, 0000000A.00000002.2529867607.00000000007B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9
                      Source: aspnet_compiler.exe, 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: aspnet_compiler.exe, 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBoxESelect * from Win32_ComputerSystem
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information queried: ProcessInformationJump to behavior

                      Anti Debugging

                      barindex
                      Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 10_2_00A070B0 CheckRemoteDebuggerPresent,10_2_00A070B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 550000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 550000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 550000Jump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 552000Jump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 58E000Jump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 590000Jump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 211008Jump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeQueries volume information: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.aspnet_compiler.exe.550000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: QUOTATION_MARQTRA031244#U00faPDF.scr.exe PID: 7436, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 6572, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5280000.13.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5280000.13.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.42d2c50.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.42d2c50.11.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.40a5630.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.1796796106.0000000005280000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1788177024.00000000040A5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.aspnet_compiler.exe.550000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.2532146794.0000000002565000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: QUOTATION_MARQTRA031244#U00faPDF.scr.exe PID: 7436, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 6572, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.aspnet_compiler.exe.550000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: QUOTATION_MARQTRA031244#U00faPDF.scr.exe PID: 7436, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 6572, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5280000.13.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5280000.13.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.42d2c50.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.42d2c50.11.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.40a5630.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.1796796106.0000000005280000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1788177024.00000000040A5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		1
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Scheduled Task/Job                      		1
                      Scheduled Task/Job                      		311
                      Process Injection                      		21
                      Obfuscated Files or Information                      		11
                      Input Capture                      		34
                      System Information Discovery                      		Remote Desktop Protocol1
                      Data from Local System                      		1
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      Scheduled Task/Job                      		1
                      Software Packing                      		Security Account Manager531
                      Security Software Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		2
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                      DLL Side-Loading                      		NTDS1
                      Process Discovery                      		Distributed Component Object Model11
                      Input Capture                      		2
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Masquerading                      		LSA Secrets261
                      Virtualization/Sandbox Evasion                      		SSH1
                      Clipboard Data                      		Fallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts261
                      Virtualization/Sandbox Evasion                      		Cached Domain Credentials1
                      Application Window Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items311
                      Process Injection                      		DCSync1
                      System Network Configuration Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      QUOTATION_MARQTRA031244#U00faPDF.scr.exe38%ReversingLabsByteCode-MSIL.Trojan.Zilla
                      QUOTATION_MARQTRA031244#U00faPDF.scr.exe53%VirustotalBrowse
                      QUOTATION_MARQTRA031244#U00faPDF.scr.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      No Antivirus matches

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      ip-api.com
                      		208.95.112.1
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://ip-api.com/line/?fields=hostingfalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://github.com/mgravell/protobuf-netQUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpfalse
                            		high
                            http://logging.apache.org/log4net/release/faq.html#trouble-EventLogQUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/mgravell/protobuf-netiQUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/14436606/23354QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		high
                                  https://account.dyn.com/QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/mgravell/protobuf-netJQUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameQUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.00000000025F4000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.0000000002531000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://stackoverflow.com/q/11564914/23354;QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpfalse
                                          		high
                                          https://stackoverflow.com/q/2152978/23354QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmpfalse
                                            		high
                                            http://ip-api.comaspnet_compiler.exe, 0000000A.00000002.2532146794.00000000025F4000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.0000000002531000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.000000000260E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              208.95.112.1
                                              		ip-api.comUnited States
                                              		53334TUT-ASUSfalse

                                              General Information

                                              Joe Sandbox version:40.0.0 Tourmaline
                                              Analysis ID:1417017
                                              Start date and time:2024-03-28 13:59:07 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 7m 8s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:14
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                                              renamed because original name is a hash value
                                              Original Sample Name:QUOTATION_MARQTRA031244PDF.scr.exe
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@3/1@1/1
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HCA Information:
                                              • Successful, ratio: 95%
                                              • Number of executed functions: 352
                                              • Number of non-executed functions: 34
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe

                                              Warnings

                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 72.21.81.240
                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • Report size getting too big, too many NtReadVirtualMemory calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              14:00:26API Interceptor23x Sleep call for process: QUOTATION_MARQTRA031244#U00faPDF.scr.exe modified
                                              14:00:43API Interceptor89406x Sleep call for process: aspnet_compiler.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              208.95.112.1SecuriteInfo.com.Win32.CrypterX-gen.9933.28197.exeGet hashmaliciousPureLog Stealer, Xehook StealerBrowse
                                              • ip-api.com/json/?fields=11827
                                              x.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                              • ip-api.com/line/?fields=hosting
                                              SecuriteInfo.com.Win32.PWSX-gen.23268.16982.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • ip-api.com/line/?fields=hosting
                                              salaryinfo24.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                              • ip-api.com/line/?fields=hosting
                                              Wage_Plan_pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                              • ip-api.com/line/?fields=hosting
                                              DHL AWB_5934_5682.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                              • ip-api.com/line/?fields=hosting
                                              Yeni sipari#U015f.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • ip-api.com/line/?fields=hosting
                                              Payment Slip (SWIFT)#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • ip-api.com/line/?fields=hosting
                                              ESTADO DE CUENTA DHL -46474637.exeGet hashmaliciousAgentTeslaBrowse
                                              • ip-api.com/line/?fields=hosting
                                              lnvoice-1445766252.pdf.jsGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                              • ip-api.com/line/?fields=hosting

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              ip-api.comSecuriteInfo.com.Win32.CrypterX-gen.9933.28197.exeGet hashmaliciousPureLog Stealer, Xehook StealerBrowse
                                              • 208.95.112.1
                                              x.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                              • 208.95.112.1
                                              SecuriteInfo.com.Win32.PWSX-gen.23268.16982.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • 208.95.112.1
                                              salaryinfo24.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                              • 208.95.112.1
                                              Wage_Plan_pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                              • 208.95.112.1
                                              DHL AWB_5934_5682.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                              • 208.95.112.1
                                              Yeni sipari#U015f.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • 208.95.112.1
                                              Payment Slip (SWIFT)#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • 208.95.112.1
                                              ESTADO DE CUENTA DHL -46474637.exeGet hashmaliciousAgentTeslaBrowse
                                              • 208.95.112.1
                                              https://www.applesassist.com/Get hashmaliciousUnknownBrowse
                                              • 208.95.112.2

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              TUT-ASUSSecuriteInfo.com.Win32.CrypterX-gen.9933.28197.exeGet hashmaliciousPureLog Stealer, Xehook StealerBrowse
                                              • 208.95.112.1
                                              x.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                              • 208.95.112.1
                                              SecuriteInfo.com.Win32.PWSX-gen.23268.16982.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • 208.95.112.1
                                              salaryinfo24.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                              • 208.95.112.1
                                              Wage_Plan_pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                              • 208.95.112.1
                                              DHL AWB_5934_5682.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                              • 208.95.112.1
                                              Yeni sipari#U015f.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • 208.95.112.1
                                              Payment Slip (SWIFT)#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              • 208.95.112.1
                                              ESTADO DE CUENTA DHL -46474637.exeGet hashmaliciousAgentTeslaBrowse
                                              • 208.95.112.1
                                              https://www.applesassist.com/Get hashmaliciousUnknownBrowse
                                              • 208.95.112.2

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTATION_MARQTRA031244#U00faPDF.scr.exe.log

                                              Download File
                                              Process:C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):716
                                              Entropy (8bit):5.350074230533824
                                              Encrypted:false
                                              SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhayoDLI4MWuPrePEnirkvoDLI4MWuCv:ML9E4KlKDE4KhKiKhRAE4KzeRE4Ks
                                              MD5:F7E80A89B59EFA3CAC428E12420D971C
                                              SHA1:DD2427B85EEC73FBD3C353E5F8D18CF2B8286B00
                                              SHA-256:0731A6A7ED19AAF142738A522427B3EC07B2A64CD105C4D999A301016A4C2DCC
                                              SHA-512:D41797D9C35DFE77511DEC89CB973F342346FCBB09ED1C2BF45521DE2860A002C809EECC765CA6B4D7030316D872AA2CD58EC4455DF279B04DB1BB347233ACA9
                                              Malicious:false
                                              Reputation:low
                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Entropy (8bit):7.940928627282518
                                              TrID:
                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                              • DOS Executable Generic (2002/1) 0.01%
                                              File name:QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                                              File size:2'534'912 bytes
                                              MD5:749404f8b6bd72307f017d1fd8f3081e
                                              SHA1:84995cbfec91c10df85c97d0f7acec531dba455c
                                              SHA256:aa5e905630fdcd343ea0c1bdc41c67ec3b60abcab50f2ed7bcfba931e7d30f11
                                              SHA512:1be07e218ebbe3750c0a62d2ca69bd3be19732fcb99452e7df111df79bccd5039893b37fd8ab31af1ba27b1c40ec90efa3803b6b2023141ce496c033b8dfd112
                                              SSDEEP:49152:i5L4P8xfttrOoXDhNkxtOTBcziRLhT2vWkYd9n:OymFtrOGhNkxY9RcOkY
                                              TLSH:84C512743FCB8A66E69D03BCE052513943F5C017E5CAC74EDD94E0E92C8BB56960A0AF
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..................&.........>.&.. ........@.. ....................... '...........`................................

                                              File Icon

                                              Icon Hash:00928e8e8686b000

                                              Static PE Info

                                              General

                                              Entrypoint:0x66c13e
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x6604C881 [Thu Mar 28 01:31:45 2024 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                              Entrypoint Preview

                                              Instruction
                                              jmp dword ptr [00402000h]
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x26c0f00x4b.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x26e0000x800.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x2700000xc.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x20000x26a1440x26a200714d49319434cc5aecea734601e5bf9bunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rsrc0x26e0000x8000x800c38313c214132e001ad88923c8b743c1False0.34912109375data3.6035865680236254IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0x2700000xc0x200dfa487079e73b4a9de814596cb51944aFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              RT_VERSION0x26e0900x3dadata0.41379310344827586
                                              RT_MANIFEST0x26e47a0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                              Imports

                                              DLLImport
                                              mscoree.dll_CorExeMain

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Mar 28, 2024 14:00:43.981997967 CET4970980192.168.2.9208.95.112.1
                                              Mar 28, 2024 14:00:44.108632088 CET8049709208.95.112.1192.168.2.9
                                              Mar 28, 2024 14:00:44.108712912 CET4970980192.168.2.9208.95.112.1
                                              Mar 28, 2024 14:00:44.109741926 CET4970980192.168.2.9208.95.112.1
                                              Mar 28, 2024 14:00:44.237555027 CET8049709208.95.112.1192.168.2.9
                                              Mar 28, 2024 14:00:44.286250114 CET4970980192.168.2.9208.95.112.1
                                              Mar 28, 2024 14:01:17.574786901 CET8049709208.95.112.1192.168.2.9
                                              Mar 28, 2024 14:01:17.574920893 CET4970980192.168.2.9208.95.112.1
                                              Mar 28, 2024 14:01:36.119956970 CET8049709208.95.112.1192.168.2.9

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Mar 28, 2024 14:00:43.876027107 CET4964253192.168.2.91.1.1.1
                                              Mar 28, 2024 14:00:43.974117041 CET53496421.1.1.1192.168.2.9

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Mar 28, 2024 14:00:43.876027107 CET192.168.2.91.1.1.10x69aaStandard query (0)ip-api.comA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Mar 28, 2024 14:00:43.974117041 CET1.1.1.1192.168.2.90x69aaNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • ip-api.com

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.949709208.95.112.1806572C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                              TimestampBytes transferredDirectionData
                                              Mar 28, 2024 14:00:44.109741926 CET80OUTGET /line/?fields=hosting HTTP/1.1
                                              Host: ip-api.com
                                              Connection: Keep-Alive
                                              Mar 28, 2024 14:00:44.237555027 CET175INHTTP/1.1 200 OK
                                              Date: Thu, 28 Mar 2024 13:00:43 GMT
                                              Content-Type: text/plain; charset=utf-8
                                              Content-Length: 6
                                              Access-Control-Allow-Origin: *
                                              X-Ttl: 60
                                              X-Rl: 44
                                              Data Raw: 66 61 6c 73 65 0a
                                              Data Ascii: false


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:5
                                              Start time:13:59:52
                                              Start date:28/03/2024
                                              Path:C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe"
                                              Imagebase:0x310000
                                              File size:2'534'912 bytes
                                              MD5 hash:749404F8B6BD72307F017D1FD8F3081E
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.1799414641.0000000005690000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000002.1796796106.0000000005280000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.1788177024.00000000040A5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000002.1788177024.00000000040A5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:10
                                              Start time:14:00:42
                                              Start date:28/03/2024
                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                                              Imagebase:0x180000
                                              File size:56'368 bytes
                                              MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2532146794.0000000002565000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:moderate
                                              Has exited:false

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:12%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:0%
                                                Total number of Nodes:269
                                                Total number of Limit Nodes:10
                                                execution_graph 52100 576e5a0 52101 576e5e4 VirtualAlloc 52100->52101 52103 576e651 52101->52103 52437 aad01c 52438 aad034 52437->52438 52439 aad08f 52438->52439 52441 576dac0 52438->52441 52442 576db19 52441->52442 52445 576e050 52442->52445 52443 576db4e 52446 576e07d 52445->52446 52447 576ced8 VirtualProtect 52446->52447 52449 576e213 52446->52449 52448 576e204 52447->52448 52448->52443 52449->52443 52104 af5cf0 52105 af5d0a 52104->52105 52106 af5d1a 52105->52106 52109 5765746 52105->52109 52112 57637cb 52105->52112 52115 576ced8 52109->52115 52114 576ced8 VirtualProtect 52112->52114 52113 57601d5 52114->52113 52117 576ceff 52115->52117 52119 576d3d8 52117->52119 52120 576d421 VirtualProtect 52119->52120 52122 576575e 52120->52122 52123 566a209 52124 566a213 52123->52124 52128 57795e9 52124->52128 52135 57795f8 52124->52135 52125 5669e0c 52129 57795f2 52128->52129 52142 5779ba3 52129->52142 52146 5779a30 52129->52146 52150 5779a40 52129->52150 52154 5779de2 52129->52154 52130 5779623 52130->52125 52136 577960d 52135->52136 52138 5779ba3 10 API calls 52136->52138 52139 5779de2 10 API calls 52136->52139 52140 5779a40 10 API calls 52136->52140 52141 5779a30 10 API calls 52136->52141 52137 5779623 52137->52125 52138->52137 52139->52137 52140->52137 52141->52137 52144 5779a9c 52142->52144 52143 5779be1 52143->52130 52144->52143 52158 577b071 52144->52158 52148 5779a6a 52146->52148 52147 5779be1 52147->52130 52148->52147 52149 577b071 10 API calls 52148->52149 52149->52148 52151 5779a6a 52150->52151 52152 5779be1 52151->52152 52153 577b071 10 API calls 52151->52153 52152->52130 52153->52151 52156 5779a9c 52154->52156 52155 5779be1 52155->52130 52156->52155 52157 577b071 10 API calls 52156->52157 52157->52156 52159 577b095 52158->52159 52173 577b1b7 52159->52173 52176 577b5e8 52159->52176 52179 577b1ab 52159->52179 52182 577b97c 52159->52182 52185 577b78d 52159->52185 52188 577b0bf 52159->52188 52191 577b0d0 52159->52191 52194 577b691 52159->52194 52197 577b714 52159->52197 52200 577b555 52159->52200 52203 577b146 52159->52203 52206 577b656 52159->52206 52174 577b130 52173->52174 52209 577bdb8 52174->52209 52177 577b130 52176->52177 52178 577bdb8 10 API calls 52177->52178 52178->52177 52180 577b130 52179->52180 52181 577bdb8 10 API calls 52180->52181 52181->52180 52183 577b130 52182->52183 52184 577bdb8 10 API calls 52183->52184 52184->52183 52186 577b130 52185->52186 52187 577bdb8 10 API calls 52186->52187 52187->52186 52189 577b0d0 52188->52189 52190 577bdb8 10 API calls 52189->52190 52190->52189 52192 577b103 52191->52192 52193 577bdb8 10 API calls 52192->52193 52193->52192 52195 577b130 52194->52195 52196 577bdb8 10 API calls 52195->52196 52196->52195 52198 577b130 52197->52198 52199 577bdb8 10 API calls 52198->52199 52199->52198 52201 577b130 52200->52201 52201->52200 52202 577bdb8 10 API calls 52201->52202 52202->52201 52204 577b130 52203->52204 52205 577bdb8 10 API calls 52204->52205 52205->52204 52207 577b130 52206->52207 52208 577bdb8 10 API calls 52207->52208 52208->52207 52210 577bddd 52209->52210 52211 577bdff 52210->52211 52229 577cb64 52210->52229 52234 577c3a5 52210->52234 52242 577ca65 52210->52242 52249 577d366 52210->52249 52256 577c446 52210->52256 52261 577c407 52210->52261 52268 577ccbb 52210->52268 52275 577c5bc 52210->52275 52279 577cc1c 52210->52279 52287 577c87e 52210->52287 52292 577ce3e 52210->52292 52299 577c774 52210->52299 52304 577c576 52210->52304 52308 577cae8 52210->52308 52315 577d349 52210->52315 52319 577c6ec 52210->52319 52326 577c7cf 52210->52326 52211->52174 52230 577cb73 52229->52230 52333 59c4518 52230->52333 52338 59c4508 52230->52338 52231 577cba8 52235 577c3ae 52234->52235 52237 59c4508 2 API calls 52235->52237 52352 59c4460 52235->52352 52358 59c4470 52235->52358 52236 577c34b 52363 59c2b68 52236->52363 52367 59c2b60 52236->52367 52237->52236 52243 577ca6f 52242->52243 52379 59c44c0 52243->52379 52384 59c44b2 52243->52384 52244 577c34b 52244->52211 52245 59c2b68 ResumeThread 52244->52245 52246 59c2b60 ResumeThread 52244->52246 52245->52244 52246->52244 52250 577c7cf 52249->52250 52251 577c34b 52249->52251 52254 59c4518 2 API calls 52250->52254 52255 59c4508 2 API calls 52250->52255 52252 59c2b68 ResumeThread 52251->52252 52253 59c2b60 ResumeThread 52251->52253 52252->52251 52253->52251 52254->52251 52255->52251 52257 577c455 52256->52257 52259 59c27c8 WriteProcessMemory 52257->52259 52260 59c27d0 WriteProcessMemory 52257->52260 52258 577c485 52259->52258 52260->52258 52262 577cb0e 52261->52262 52263 577c34b 52261->52263 52266 59c44c0 2 API calls 52262->52266 52267 59c44b2 2 API calls 52262->52267 52263->52211 52264 59c2b68 ResumeThread 52263->52264 52265 59c2b60 ResumeThread 52263->52265 52264->52263 52265->52263 52266->52263 52267->52263 52269 577ce3f 52268->52269 52270 577c34b 52268->52270 52273 59c2509 VirtualAllocEx 52269->52273 52274 59c2510 VirtualAllocEx 52269->52274 52270->52211 52271 59c2b68 ResumeThread 52270->52271 52272 59c2b60 ResumeThread 52270->52272 52271->52270 52272->52270 52273->52270 52274->52270 52276 577c34b 52275->52276 52277 59c2b68 ResumeThread 52276->52277 52278 59c2b60 ResumeThread 52276->52278 52277->52276 52278->52276 52280 577c3ae 52279->52280 52281 577c34b 52279->52281 52284 59c4508 2 API calls 52280->52284 52285 59c4470 2 API calls 52280->52285 52286 59c4460 2 API calls 52280->52286 52282 59c2b68 ResumeThread 52281->52282 52283 59c2b60 ResumeThread 52281->52283 52282->52281 52283->52281 52284->52281 52285->52281 52286->52281 52288 577c896 52287->52288 52398 577d878 52288->52398 52403 577d888 52288->52403 52289 577c8ae 52293 577ce44 52292->52293 52294 577c34b 52293->52294 52295 59c2509 VirtualAllocEx 52293->52295 52296 59c2510 VirtualAllocEx 52293->52296 52294->52211 52297 59c2b68 ResumeThread 52294->52297 52298 59c2b60 ResumeThread 52294->52298 52295->52294 52296->52294 52297->52294 52298->52294 52300 577c783 52299->52300 52426 59c45f8 52300->52426 52432 59c4608 52300->52432 52301 577c7a6 52305 577c34b 52304->52305 52305->52304 52306 59c2b68 ResumeThread 52305->52306 52307 59c2b60 ResumeThread 52305->52307 52306->52305 52307->52305 52309 577caf2 52308->52309 52311 59c44c0 2 API calls 52309->52311 52312 59c44b2 2 API calls 52309->52312 52310 577c34b 52310->52211 52313 59c2b68 ResumeThread 52310->52313 52314 59c2b60 ResumeThread 52310->52314 52311->52310 52312->52310 52313->52310 52314->52310 52316 577c34b 52315->52316 52317 59c2b68 ResumeThread 52316->52317 52318 59c2b60 ResumeThread 52316->52318 52317->52316 52318->52316 52320 577c7f5 52319->52320 52321 577c34b 52319->52321 52324 59c4518 2 API calls 52320->52324 52325 59c4508 2 API calls 52320->52325 52322 59c2b68 ResumeThread 52321->52322 52323 59c2b60 ResumeThread 52321->52323 52322->52321 52323->52321 52324->52321 52325->52321 52327 577c7d9 52326->52327 52331 59c4518 2 API calls 52327->52331 52332 59c4508 2 API calls 52327->52332 52328 577c34b 52329 59c2b68 ResumeThread 52328->52329 52330 59c2b60 ResumeThread 52328->52330 52329->52328 52330->52328 52331->52328 52332->52328 52334 59c452d 52333->52334 52344 59c27c8 52334->52344 52348 59c27d0 52334->52348 52335 59c454f 52335->52231 52339 59c449e 52338->52339 52340 59c450b 52338->52340 52339->52231 52342 59c27c8 WriteProcessMemory 52340->52342 52343 59c27d0 WriteProcessMemory 52340->52343 52341 59c454f 52341->52231 52342->52341 52343->52341 52345 59c27d0 WriteProcessMemory 52344->52345 52347 59c28b2 52345->52347 52347->52335 52349 59c2819 WriteProcessMemory 52348->52349 52351 59c28b2 52349->52351 52351->52335 52353 59c43f6 52352->52353 52354 59c4463 52352->52354 52353->52236 52355 59c449e 52354->52355 52371 59c1e88 52354->52371 52375 59c1e90 52354->52375 52355->52236 52359 59c4485 52358->52359 52360 59c449e 52359->52360 52361 59c1e88 Wow64SetThreadContext 52359->52361 52362 59c1e90 Wow64SetThreadContext 52359->52362 52360->52236 52361->52360 52362->52360 52364 59c2bac ResumeThread 52363->52364 52366 59c2bf8 52364->52366 52366->52236 52368 59c2b68 ResumeThread 52367->52368 52370 59c2bf8 52368->52370 52370->52236 52372 59c1e90 Wow64SetThreadContext 52371->52372 52374 59c1f51 52372->52374 52374->52355 52376 59c1ed9 Wow64SetThreadContext 52375->52376 52378 59c1f51 52376->52378 52378->52355 52380 59c44d5 52379->52380 52390 59c2509 52380->52390 52394 59c2510 52380->52394 52381 59c44f7 52381->52244 52385 59c444e 52384->52385 52386 59c44bb 52384->52386 52385->52244 52388 59c2509 VirtualAllocEx 52386->52388 52389 59c2510 VirtualAllocEx 52386->52389 52387 59c44f7 52387->52244 52388->52387 52389->52387 52391 59c2510 VirtualAllocEx 52390->52391 52393 59c25cc 52391->52393 52393->52381 52395 59c2554 VirtualAllocEx 52394->52395 52397 59c25cc 52395->52397 52397->52381 52399 577d888 52398->52399 52400 577d8c1 52399->52400 52408 577de03 52399->52408 52413 577ddaa 52399->52413 52400->52289 52404 577d89f 52403->52404 52405 577d8c1 52404->52405 52406 577de03 2 API calls 52404->52406 52407 577ddaa 2 API calls 52404->52407 52405->52289 52406->52405 52407->52405 52409 577de28 52408->52409 52418 59c1ad4 52409->52418 52422 59c1ae0 52409->52422 52414 577ddb3 52413->52414 52416 59c1ad4 CreateProcessA 52414->52416 52417 59c1ae0 CreateProcessA 52414->52417 52415 577d977 52416->52415 52417->52415 52420 59c1b60 CreateProcessA 52418->52420 52421 59c1d5c 52420->52421 52423 59c1b60 CreateProcessA 52422->52423 52425 59c1d5c 52423->52425 52427 59c45fb 52426->52427 52428 59c458e 52426->52428 52430 59c1e88 Wow64SetThreadContext 52427->52430 52431 59c1e90 Wow64SetThreadContext 52427->52431 52428->52301 52429 59c4636 52429->52301 52430->52429 52431->52429 52433 59c461d 52432->52433 52435 59c1e88 Wow64SetThreadContext 52433->52435 52436 59c1e90 Wow64SetThreadContext 52433->52436 52434 59c4636 52434->52301 52435->52434 52436->52434

                                                Executed Functions

                                                Function 0566E630 Relevance: 2.4, Strings: 1, Instructions: 1141COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4
                                                • API String ID: 0-4088798008
                                                • Opcode ID: d11e617c1f52573ae2652e682a5df36a6604009e43623599b6341d6edea029e6
                                                • Instruction ID: f8ce7d643ce1fe436ba04dfa9fe38971c162b48b812af106d19094d089f9f3a6
                                                • Opcode Fuzzy Hash: d11e617c1f52573ae2652e682a5df36a6604009e43623599b6341d6edea029e6
                                                • Instruction Fuzzy Hash: 65B21734A00218CFDB14CFA4C994BAEB7B6BF88700F158599E506AB3A5DB71ED85CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF73D8 Relevance: 2.3, Strings: 1, Instructions: 1081COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 2
                                                • API String ID: 0-450215437
                                                • Opcode ID: 5d51d0a1ff7d0f8aa1d8aa302ed58516ff7f578c476c296a7b30dee6f2ace71b
                                                • Instruction ID: a307618a3c0f8366d845e8a92cd6bcb52209c6e5079592948fbe23d2e0a383af
                                                • Opcode Fuzzy Hash: 5d51d0a1ff7d0f8aa1d8aa302ed58516ff7f578c476c296a7b30dee6f2ace71b
                                                • Instruction Fuzzy Hash: 0EC290B4A01228CFDB65DF69C984BD9BBB5FB88300F1081EAD509AB355DB709E85CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566E967 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4
                                                • API String ID: 0-4088798008
                                                • Opcode ID: d3dad16662cd36293cecf6aa1a8e4df9f32bd2585c2a5eaf584678fe8903c1c0
                                                • Instruction ID: 463ad82fec9af474154cdd8ebb86c21d25615c0c34c0d6277b55ac634da7b908
                                                • Opcode Fuzzy Hash: d3dad16662cd36293cecf6aa1a8e4df9f32bd2585c2a5eaf584678fe8903c1c0
                                                • Instruction Fuzzy Hash: 02220A34A00219CFDB24DFA4C994BADB7B6FF88300F1481A9E509AB7A5DB719D85CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C4CEF Relevance: 1.5, Strings: 1, Instructions: 282COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: z:a%
                                                • API String ID: 0-1004040451
                                                • Opcode ID: 2f6818c9d2771ae0e48868df1b517e70e662eb3efe128eb5e1a3518b47ff1fb5
                                                • Instruction ID: 7bdff17d7122642fb5edcc042b2966f83207596e3daf108792c2fe0a88a31c74
                                                • Opcode Fuzzy Hash: 2f6818c9d2771ae0e48868df1b517e70e662eb3efe128eb5e1a3518b47ff1fb5
                                                • Instruction Fuzzy Hash: 5EC12770E04208CFDF54EFA5E494BADBBB2FB89306F1094A9E40AA7295DB745D85CF01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0576E998 Relevance: 1.0, Instructions: 956COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800022262.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5760000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae63b1bb99745304bd6e3dc7af09b95fef7249449cdd2c7ea7d592f36800a27b
                                                • Instruction ID: 38430311d750806cb3dd893a68d0a519822f237726acfda580af1aad3daf5a60
                                                • Opcode Fuzzy Hash: ae63b1bb99745304bd6e3dc7af09b95fef7249449cdd2c7ea7d592f36800a27b
                                                • Instruction Fuzzy Hash: 7BA2C575A00228CFDB64CF69C984AD9BBB2FF89300F1581E9D909AB325D7319E81DF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578ECF8 Relevance: .6, Instructions: 584COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dc0f2e142e686fce098d8a06a93ca81614c3c3fd3220d13d8f0d43a1f91b2643
                                                • Instruction ID: 85584d4912675efa81d14f431b5d7fceae2fb3865b9e5f49ab253dbe63b60db5
                                                • Opcode Fuzzy Hash: dc0f2e142e686fce098d8a06a93ca81614c3c3fd3220d13d8f0d43a1f91b2643
                                                • Instruction Fuzzy Hash: DA229A74B042168FDB59EFA9C494A7EBBF2FF88300F148629D55AD7381DB34A841DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057824A8 Relevance: .6, Instructions: 550COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 26d382f8ae91f4c70e57f9d4764347181c4cf4867586d10ea93eb2ae64a5325d
                                                • Instruction ID: 3dde11e229b663fe9f925cea2aece7a827cdb01b38369c007df512e29b6ca2d6
                                                • Opcode Fuzzy Hash: 26d382f8ae91f4c70e57f9d4764347181c4cf4867586d10ea93eb2ae64a5325d
                                                • Instruction Fuzzy Hash: 38222738B402048FDB14EF69C584A7AB7F2FF89711B1584A9E506DB3A2DB31EC41DB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF87C4 Relevance: .5, Instructions: 471COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8654c31eaed8212f60b20a198a6e082a50f1daa9b45e16dcb82d14cb5936e7b6
                                                • Instruction ID: cc60ec64fc25fbeaac7cc5fc8dc268c32b9a249c6180966d91d14d046b4ed358
                                                • Opcode Fuzzy Hash: 8654c31eaed8212f60b20a198a6e082a50f1daa9b45e16dcb82d14cb5936e7b6
                                                • Instruction Fuzzy Hash: D2329074A402298FDB65DF68C994BA9B7B6FF48310F1081E9E90DA7351DB30AE81CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05A0D830 Relevance: .3, Instructions: 276COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1809544e681bf6f53f34db1f12f0caf4304385bab9b0e323fb0490d82a39ead5
                                                • Instruction ID: 4a044f2e2bfdf0cc5616aec14e68f8dfce5200c09ced366172716a3a8e913f5b
                                                • Opcode Fuzzy Hash: 1809544e681bf6f53f34db1f12f0caf4304385bab9b0e323fb0490d82a39ead5
                                                • Instruction Fuzzy Hash: 6BD1B075E01218CFDB54DFA9D994A9DBBB2FF89300F1081A9D409AB365DB31AD81CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577A208 Relevance: .3, Instructions: 266COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 714b9b85218933b9d15fe16092d256ae2cda59a3e025b318f7844e5ce78b54a5
                                                • Instruction ID: 2a23ade39cce58df9c85c08d0940cf3a05c7e9e3750a56eabe44a3124448a349
                                                • Opcode Fuzzy Hash: 714b9b85218933b9d15fe16092d256ae2cda59a3e025b318f7844e5ce78b54a5
                                                • Instruction Fuzzy Hash: 09C10270A0621CCFEF54DFA9E984B9DBBF2FB89304F1081A9D409A7295DB745A85DF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577A218 Relevance: .3, Instructions: 264COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d0ebfd969f8935b3161c447984070e465932f70e458232da10eb3c7c00e14f65
                                                • Instruction ID: 795cb943f37cd5b5b4559dcb65282756c89412068f383887f8aa7e92defc9ae7
                                                • Opcode Fuzzy Hash: d0ebfd969f8935b3161c447984070e465932f70e458232da10eb3c7c00e14f65
                                                • Instruction Fuzzy Hash: 16C1E170A0621CCFEF54DFA9E944BADBBB2FB89304F1091A9D009A7295DB745A81DF04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05771AC9 Relevance: .3, Instructions: 260COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7854ccfd697eb61d408b3ebbfed981a702497c97bbb4d70f7ba3ef06451de17d
                                                • Instruction ID: 1b15c5e4a1416f9a4ff1494578addcbc6994406cf4ac313064487aecf9f4a8bb
                                                • Opcode Fuzzy Hash: 7854ccfd697eb61d408b3ebbfed981a702497c97bbb4d70f7ba3ef06451de17d
                                                • Instruction Fuzzy Hash: C3A15B70E0430CCFDF14DFA5E845BADBBB2FB8A300F50816AD41AA72A5DB745942DB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05662FB8 Relevance: .2, Instructions: 238COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a7690f578aba9a6b7e56b1028892f0efab1f72681c0bbe0a0c9552b739fd0941
                                                • Instruction ID: 1d54d350b9ca729fb5a773eeb920cc36c9c59d0168d05ad4a441b78b5760592f
                                                • Opcode Fuzzy Hash: a7690f578aba9a6b7e56b1028892f0efab1f72681c0bbe0a0c9552b739fd0941
                                                • Instruction Fuzzy Hash: DDA1C570E05218CFDB64CFA9D984BADBBF6FB49304F60946AD40AA7355DB70598ACF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05662FAA Relevance: .2, Instructions: 231COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 496f7da25e4e2cc9a8c3f22c8ecaf9aa4f4a47fcf27d1f7665201b4e03be820c
                                                • Instruction ID: a710684d12a94716c5e47df54314cb48ff8e17dfca61254acdd9586d100dae20
                                                • Opcode Fuzzy Hash: 496f7da25e4e2cc9a8c3f22c8ecaf9aa4f4a47fcf27d1f7665201b4e03be820c
                                                • Instruction Fuzzy Hash: 7DA1C474E05218CFDB54CFA9D984BADBBF2FB49304F60946AD40AAB355DB70598ACF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF73C8 Relevance: .1, Instructions: 149COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 61ec6fafe308ea78b031cea2d78f5982468ec60ca5f3edf0948e795dda0652e8
                                                • Instruction ID: a969541f6f41d526d18b2fe8527974b7150b150eb46a9eb19f66ef35f0ee36ee
                                                • Opcode Fuzzy Hash: 61ec6fafe308ea78b031cea2d78f5982468ec60ca5f3edf0948e795dda0652e8
                                                • Instruction Fuzzy Hash: 11611DB1D046588BEB19CF6AD8446E9BBB3BFC9304F14C0FAD508AB255DB310A85CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577D366 Relevance: 5.1, Strings: 4, Instructions: 88COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 0 577d366-577d36d 1 577d373-577d395 0->1 2 577c7cf-577c824 0->2 3 577c34b-577c354 1->3 4 577d39b-577d3a6 1->4 37 577c827 call 59c4518 2->37 38 577c827 call 59c4508 2->38 5 577c356 3->5 6 577c35d-577c35e 3->6 4->3 8 577c576-577c57d 5->8 9 577c5d5-577c5d6 5->9 10 577c6f1-577c750 5->10 11 577c5c1-577c5cf 5->11 6->10 12 577c583-577c5a5 8->12 13 577c8d9-577c929 8->13 15 577cebc-577cec7 9->15 10->13 11->9 12->3 18 577c5ab-577c5b6 12->18 35 577c92c call 59c2b68 13->35 36 577c92c call 59c2b60 13->36 16 577cece-577cee5 15->16 17 577cec9 15->17 16->3 17->16 18->3 26 577c82d-577c868 26->3 28 577c86e-577c879 26->28 28->3 28->15 33 577c92e-577c962 33->3 34 577c968-577c973 33->34 34->3 35->33 36->33 37->26 38->26
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $%$>$H
                                                • API String ID: 0-1334303041
                                                • Opcode ID: bb84446f2397b4b2b48add5869d32572d1ccf904a8f1415cc0c3b6c585934edb
                                                • Instruction ID: 1b8cdc4e68b6f7ae881b0dc2b281607abffdf6a68a7b924feb90b510da870bb4
                                                • Opcode Fuzzy Hash: bb84446f2397b4b2b48add5869d32572d1ccf904a8f1415cc0c3b6c585934edb
                                                • Instruction Fuzzy Hash: B541EF74944219CFDF25DF64E884BEDBBB5FB49304F0041E9D409AB281CB744E829F45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577C7CF Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 39 577c7cf-577c824 73 577c827 call 59c4518 39->73 74 577c827 call 59c4508 39->74 44 577c82d-577c868 45 577c86e-577c879 44->45 46 577c34b-577c354 44->46 45->46 49 577cebc-577cec7 45->49 47 577c356 46->47 48 577c35d-577c35e 46->48 50 577c576-577c57d 47->50 51 577c5d5-577c5d6 47->51 52 577c6f1-577c750 47->52 53 577c5c1-577c5cf 47->53 48->52 54 577cece-577cee5 49->54 55 577cec9 49->55 56 577c583-577c5a5 50->56 57 577c8d9-577c929 50->57 51->49 52->57 53->51 54->46 55->54 56->46 58 577c5ab-577c5b6 56->58 71 577c92c call 59c2b68 57->71 72 577c92c call 59c2b60 57->72 58->46 69 577c92e-577c962 69->46 70 577c968-577c973 69->70 70->46 71->69 72->69 73->44 74->44
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $%$>$H
                                                • API String ID: 0-1334303041
                                                • Opcode ID: 32eaf7737f90bff4ad47b9dd102a40cda0c319582b3979e6e47daf48afec3895
                                                • Instruction ID: cf08d2e523a8c5f727349ed233b12d7de659c8f36e93b973d5395b6ea2725bfe
                                                • Opcode Fuzzy Hash: 32eaf7737f90bff4ad47b9dd102a40cda0c319582b3979e6e47daf48afec3895
                                                • Instruction Fuzzy Hash: 0A31E074A44219CFDF25DF64E894BEDBBB5FB8A300F0081E9D509AB281CB705E829F55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577C407 Relevance: 5.1, Strings: 4, Instructions: 72COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 75 577c407-577c40b 76 577c411-577c430 75->76 77 577cb0e-577cb3b 75->77 78 577c436-577c441 76->78 79 577c34b-577c354 76->79 108 577cb3e call 59c44c0 77->108 109 577cb3e call 59c44b2 77->109 78->79 83 577c5c1-577c5cf 78->83 80 577c356 79->80 81 577c35d-577c35e 79->81 80->83 84 577c576-577c57d 80->84 85 577c5d5-577c5d6 80->85 86 577c6f1-577c750 80->86 81->86 83->85 87 577c583-577c5a5 84->87 88 577c8d9-577c929 84->88 89 577cebc-577cec7 85->89 86->88 87->79 93 577c5ab-577c5b6 87->93 106 577c92c call 59c2b68 88->106 107 577c92c call 59c2b60 88->107 91 577cece-577cee5 89->91 92 577cec9 89->92 90 577cb44-577cb5e 90->89 91->79 92->91 93->79 104 577c92e-577c962 104->79 105 577c968-577c973 104->105 105->79 106->104 107->104 108->90 109->90
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $+$2$H
                                                • API String ID: 0-4188905028
                                                • Opcode ID: 59187e6fc25590cf00083570efb7ce77077081e7c4ee427b4f76bab0a9cbd25f
                                                • Instruction ID: 436ee0bfd5ef463f2728c8f578150e31961b76d8060f40693762243264dd391c
                                                • Opcode Fuzzy Hash: 59187e6fc25590cf00083570efb7ce77077081e7c4ee427b4f76bab0a9cbd25f
                                                • Instruction Fuzzy Hash: 22311474A0421CCFDF65DF68E884BADBBB5FB49304F10409AD409AB281CB745E86DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577C6EC Relevance: 5.1, Strings: 4, Instructions: 71COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 110 577c6ec 111 577c7f5-577c824 110->111 112 577c6f1-577c750 110->112 142 577c827 call 59c4518 111->142 143 577c827 call 59c4508 111->143 129 577c8d9-577c929 112->129 115 577c82d-577c868 117 577c86e-577c879 115->117 118 577c34b-577c354 115->118 117->118 121 577cebc-577cec7 117->121 119 577c356 118->119 120 577c35d-577c35e 118->120 119->112 123 577c576-577c57d 119->123 124 577c5d5-577c5d6 119->124 125 577c5c1-577c5cf 119->125 120->112 126 577cece-577cee5 121->126 127 577cec9 121->127 128 577c583-577c5a5 123->128 123->129 124->121 125->124 126->118 127->126 128->118 131 577c5ab-577c5b6 128->131 140 577c92c call 59c2b68 129->140 141 577c92c call 59c2b60 129->141 131->118 138 577c92e-577c962 138->118 139 577c968-577c973 138->139 139->118 140->138 141->138 142->115 143->115
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $%$>$H
                                                • API String ID: 0-1334303041
                                                • Opcode ID: 2c785b2c76ac616746b9316761a6a899e520173e896765cc7a64a440445c7058
                                                • Instruction ID: 71ffbbfec0b1eb7701432a81fe0819f12bd6ef7ad1cfbcb5438cc50aee82abf4
                                                • Opcode Fuzzy Hash: 2c785b2c76ac616746b9316761a6a899e520173e896765cc7a64a440445c7058
                                                • Instruction Fuzzy Hash: 6231E074A04218CFDB25DF64E884BEDBBB5FB4A304F0081EAD409AB281CB744E829F55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577CCBB Relevance: 3.8, Strings: 3, Instructions: 77COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 144 577ccbb-577ccc5 145 577ce3f-577ce72 144->145 146 577cccb-577cced 144->146 177 577ce75 call 59c2509 145->177 178 577ce75 call 59c2510 145->178 147 577ccf3-577ccfe 146->147 148 577c34b-577c354 146->148 147->148 149 577c356 148->149 150 577c35d-577c35e 148->150 152 577c576-577c57d 149->152 153 577c5d5-577c5d6 149->153 154 577c6f1-577c750 149->154 155 577c5c1-577c5cf 149->155 150->154 156 577c583-577c5a5 152->156 157 577c8d9-577c929 152->157 158 577cebc-577cec7 153->158 154->157 155->153 156->148 162 577c5ab-577c5b6 156->162 175 577c92c call 59c2b68 157->175 176 577c92c call 59c2b60 157->176 160 577cece-577cee5 158->160 161 577cec9 158->161 159 577ce77-577ce91 159->158 160->148 161->160 162->148 173 577c92e-577c962 173->148 174 577c968-577c973 173->174 174->148 175->173 176->173 177->159 178->159
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $,$H
                                                • API String ID: 0-2416670704
                                                • Opcode ID: 65d4b194ddf12eebc48542459252dd765dcc01233e7491bceca2422077d0654e
                                                • Instruction ID: 8d27a1636de65e5990c2521bdc04b104f2b8e2e3185410cf16b8407ba708696d
                                                • Opcode Fuzzy Hash: 65d4b194ddf12eebc48542459252dd765dcc01233e7491bceca2422077d0654e
                                                • Instruction Fuzzy Hash: D6311874A45218CFDF25DF64E894BADB7B5FB4A304F1090DAD809AB281C7705E82DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577CC1C Relevance: 3.8, Strings: 3, Instructions: 67COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 179 577cc1c-577cc20 180 577cc26-577cc31 179->180 181 577c3ae-577c3d8 179->181 182 577cebc-577cec7 180->182 183 577c34b-577c354 180->183 211 577c3db call 59c4508 181->211 212 577c3db call 59c4470 181->212 213 577c3db call 59c4460 181->213 186 577cece-577cee5 182->186 187 577cec9 182->187 184 577c356 183->184 185 577c35d-577c35e 183->185 189 577c576-577c57d 184->189 190 577c5d5-577c5d6 184->190 191 577c6f1-577c750 184->191 192 577c5c1-577c5cf 184->192 185->191 186->183 187->186 194 577c583-577c5a5 189->194 195 577c8d9-577c929 189->195 190->182 191->195 192->190 193 577c3e1-577c402 193->183 193->192 194->183 196 577c5ab-577c5b6 194->196 209 577c92c call 59c2b68 195->209 210 577c92c call 59c2b60 195->210 196->183 207 577c92e-577c962 207->183 208 577c968-577c973 207->208 208->183 209->207 210->207 211->193 212->193 213->193
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $$$H
                                                • API String ID: 0-2652382792
                                                • Opcode ID: f78cb2ce3bef2d9419127ebf1f579b9152742194e4357b846e7cc7aa087113be
                                                • Instruction ID: 4138dd906ac3b5ffbdf7c566cabf21b1cb2e6f16202ebd3a36c1ac0f6d54040b
                                                • Opcode Fuzzy Hash: f78cb2ce3bef2d9419127ebf1f579b9152742194e4357b846e7cc7aa087113be
                                                • Instruction Fuzzy Hash: 6331F37490521CCFDF24DF64E984BADBBB5FB4A304F0091EAD4096B241CB345E829F45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFD9B8 Relevance: 3.8, Strings: 3, Instructions: 46COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 214 afd9b8-afd9ca 216 afeb60-afeb67 214->216 217 afd9d0-afd9d8 214->217 218 afeb6d-afeb75 216->218 219 afe8d1-afe8d8 216->219 220 afd67f-afd687 217->220 218->220 223 afe8de-afe903 call afb7d8 219->223 224 afdce0-afdcec 219->224 221 afd689 220->221 222 afd690-afe26b 220->222 221->222 222->220 223->220 230 afe909-afe911 223->230 233 afdcef call aff728 224->233 234 afdcef call aff738 224->234 227 afdcf5-afdd2c call afc8c8 227->220 232 afdd32-afdd3a 227->232 230->220 232->220 233->227 234->227
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: -$L$]
                                                • API String ID: 0-1301388426
                                                • Opcode ID: c87d7c3b12cdf387d289a26fbfcc08b2f0a84563b7be2b81fd798bb6ac642e74
                                                • Instruction ID: a34a4efd46fb0be7e838be76794ec019bc6ab9b0eb1f5b121d43cbbe2645507e
                                                • Opcode Fuzzy Hash: c87d7c3b12cdf387d289a26fbfcc08b2f0a84563b7be2b81fd798bb6ac642e74
                                                • Instruction Fuzzy Hash: 8321F6B484521ECFDBA1DFA4C848BFDBBB2BB09354F2451AAE508B2250CB744AC4DF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057842F8 Relevance: 2.9, Strings: 2, Instructions: 352COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 235 57842f8-578430a 236 578430c-578432d 235->236 237 5784334-5784338 235->237 236->237 238 578433a-578433c 237->238 239 5784344-5784353 237->239 238->239 240 578435f-578438b 239->240 241 5784355 239->241 245 57845b8-57845c8 240->245 246 5784391-5784397 240->246 241->240 259 57845ca 245->259 260 57845f4-57845ff 245->260 248 5784469-578446d 246->248 249 578439d-57843a3 246->249 250 578446f-5784478 248->250 251 5784490-5784499 248->251 249->245 253 57843a9-57843b6 249->253 250->245 256 578447e-578448e 250->256 257 578449b-57844bb 251->257 258 57844be-57844c1 251->258 254 5784448-5784451 253->254 255 57843bc-57843c5 253->255 254->245 267 5784457-5784463 254->267 255->245 261 57843cb-57843e3 255->261 264 57844c4-57844ca 256->264 257->258 258->264 265 57845cc 259->265 266 57845d1-57845ed 259->266 262 5784601 260->262 263 5784615-5784621 260->263 268 57843ef-5784401 261->268 269 57843e5 261->269 270 5784604-5784606 262->270 271 578462d-5784649 263->271 272 5784623 263->272 264->245 276 57844d0-57844e3 264->276 274 5784598-57845a6 265->274 275 57845ce-57845cf 265->275 266->260 267->248 267->249 268->254 286 5784403-5784409 268->286 269->268 277 5784608-5784613 270->277 278 578464a-5784652 270->278 272->271 292 57845ae-57845b5 274->292 275->266 276->245 279 57844e9-57844f9 276->279 277->263 277->270 290 5784659-578465a 278->290 291 5784654-5784658 278->291 279->245 285 57844ff-578450c 279->285 285->245 287 5784512-5784527 285->287 293 578440b 286->293 294 5784415-578441b 286->294 287->245 300 578452d-5784550 287->300 297 578465c-578465d 290->297 298 5784661-5784677 290->298 291->290 293->294 294->245 299 5784421-5784445 294->299 297->298 304 5784679-578467f 298->304 305 578468f-5784691 298->305 300->245 306 5784552-578455d 300->306 307 5784681 304->307 308 5784683-5784685 304->308 329 5784693 call 57858af 305->329 330 5784693 call 5784710 305->330 331 5784693 call 5784700 305->331 306->292 309 578455f-5784569 306->309 307->305 308->305 309->292 314 578456b-5784581 309->314 310 5784699-578469d 311 57846e8-57846f8 310->311 312 578469f-57846b6 310->312 312->311 319 57846b8-57846c2 312->319 320 578458d-5784596 314->320 321 5784583 314->321 324 57846c4-57846d3 319->324 325 57846d5-57846e5 319->325 320->274 321->320 324->325 329->310 330->310 331->310
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: U$d
                                                • API String ID: 0-771846574
                                                • Opcode ID: eccdafbb8145a617fc0c3ce118534c296b6fbd2ffff2a2bbe2d1b2b0b0043e8d
                                                • Instruction ID: 6408beb2c395fbd5bc2482b6d773c8639b94d8370f2a816167f0aa9812007e7c
                                                • Opcode Fuzzy Hash: eccdafbb8145a617fc0c3ce118534c296b6fbd2ffff2a2bbe2d1b2b0b0043e8d
                                                • Instruction Fuzzy Hash: 9ED17A317006028FCB14EF29C484A7AB7F3FF89318B568969D45A9B761DB70F845DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF4C8D Relevance: 2.7, Strings: 1, Instructions: 1417COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 332 af4c8d-af4c8e 333 af4c1b 332->333 334 af4c90-af4cb2 332->334 335 af4c1d-af4c27 333->335 336 af4c29-af4c34 333->336 335->336 339 af3bc4-af3bcf 336->339 341 af3bdd-af3c0e 339->341 342 af3c4a-af3d45 339->342 343 af3c10-af3c45 339->343 341->339 368 af3d4d-af4c1a 342->368 343->339 368->333
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: jjjjjj
                                                • API String ID: 0-3900813449
                                                • Opcode ID: 35c91a8ea25a221f38b0d71aebdf551047ed49c504f6b7908bc2cc551318f3b9
                                                • Instruction ID: 303cfebd6ca140269b02ab92731fa16f259fa74a492e5f38f0dae58f350ee570
                                                • Opcode Fuzzy Hash: 35c91a8ea25a221f38b0d71aebdf551047ed49c504f6b7908bc2cc551318f3b9
                                                • Instruction Fuzzy Hash: 7AE2087A250510EFDB4A9F98D988D55BBB2FF4D32471A81D8F2099B232C732D861EF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF4C4A Relevance: 2.7, Strings: 1, Instructions: 1408COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 458 af4c4a-af4c52
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: jjjjjj
                                                • API String ID: 0-3900813449
                                                • Opcode ID: 496a815a1201f21e2d3de328a1b056809c2a6c11a4306d4beb3123fb71ae672f
                                                • Instruction ID: 147a89823e5e84365ea97e5027e2bbf0be123dea60c109baffaa65fe2190e6e6
                                                • Opcode Fuzzy Hash: 496a815a1201f21e2d3de328a1b056809c2a6c11a4306d4beb3123fb71ae672f
                                                • Instruction Fuzzy Hash: 35D2087A250510EFDB4A9F98D988D55BBB2FF4D32471A81D8F2099B232C732D861EF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF4C75 Relevance: 2.7, Strings: 1, Instructions: 1405COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 460 af4c75-af4c7a 461 af4c34 460->461 462 af3bc4-af3bcf 461->462 464 af3bdd-af3c0e 462->464 465 af3c4a-af3d45 462->465 466 af3c10-af3c45 462->466 464->462 491 af3d4d-af4c1b 465->491 466->462 582 af4c1d-af4c27 491->582 583 af4c29-af4c2f 491->583 582->583 583->461
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: jjjjjj
                                                • API String ID: 0-3900813449
                                                • Opcode ID: d0ebabf89be38d7ac755d5a8cf32573378b82af3e0d553f263acffbe52b588e3
                                                • Instruction ID: ade8797f7e5a5e56b0424b0573dc9d3265cbe54f00268677cf10206040620d0d
                                                • Opcode Fuzzy Hash: d0ebabf89be38d7ac755d5a8cf32573378b82af3e0d553f263acffbe52b588e3
                                                • Instruction Fuzzy Hash: 74D2077A250510EFDB4A9F98D988D55BBB2FF4D32471A81D8F2099B232C732D861EF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577C576 Relevance: 2.6, Strings: 2, Instructions: 85COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 585 577c576-577c57d 586 577c583-577c5a5 585->586 587 577c8d9-577c905 585->587 588 577c34b-577c354 586->588 589 577c5ab-577c5b6 586->589 604 577c90f-577c929 587->604 590 577c356 588->590 591 577c35d-577c35e 588->591 589->588 590->585 593 577c5d5-577cec7 590->593 594 577c6f1-577c750 590->594 595 577c5c1-577c5cf 590->595 591->594 598 577cece-577cee5 593->598 599 577cec9 593->599 594->587 595->593 598->588 599->598 610 577c92c call 59c2b68 604->610 611 577c92c call 59c2b60 604->611 606 577c92e-577c962 606->588 608 577c968-577c973 606->608 608->588 610->606 611->606
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $H
                                                • API String ID: 0-1323546614
                                                • Opcode ID: a9248c7f86cb2e861d38aa459c8ccfc3d189dcf285122b86009d2205d6f1257d
                                                • Instruction ID: fda308a63f5b10b440f96f34dab602a0d97f46105d29feeb68f3edc3e4add0c7
                                                • Opcode Fuzzy Hash: a9248c7f86cb2e861d38aa459c8ccfc3d189dcf285122b86009d2205d6f1257d
                                                • Instruction Fuzzy Hash: AF410574A0521DDFDB64DF68E894BE9B7B5FB8A304F0080E9D40DAB281CB705E829F45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577D349 Relevance: 2.6, Strings: 2, Instructions: 71COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 612 577d349-577d350 613 577d356-577d361 612->613 614 577c900-577c929 612->614 615 577c34b-577c354 613->615 639 577c92c call 59c2b68 614->639 640 577c92c call 59c2b60 614->640 616 577c356 615->616 617 577c35d-577c35e 615->617 619 577c576-577c57d 616->619 620 577c5d5-577cec7 616->620 621 577c6f1-577c750 616->621 622 577c5c1-577c5cf 616->622 617->621 623 577c583-577c5a5 619->623 624 577c8d9-577c8ff 619->624 627 577cece-577cee5 620->627 628 577cec9 620->628 621->624 622->620 623->615 629 577c5ab-577c5b6 623->629 624->614 626 577c92e-577c962 626->615 631 577c968-577c973 626->631 627->615 628->627 629->615 631->615 639->626 640->626
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $H
                                                • API String ID: 0-1323546614
                                                • Opcode ID: e42f9d80c2063d86936a94192c6246cdf01553a478fd01487f40808a1372f978
                                                • Instruction ID: c108803df420b696fd8394cc59c5665c9937ee7dafcfad05e20d42a9389ff5d7
                                                • Opcode Fuzzy Hash: e42f9d80c2063d86936a94192c6246cdf01553a478fd01487f40808a1372f978
                                                • Instruction Fuzzy Hash: 4231F474A05219CFDB64DF68E884BE9B7B5FB49304F1080EAD40DAB241CB709E829F45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577C5BC Relevance: 2.6, Strings: 2, Instructions: 68COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 641 577c5bc 642 577c5c1-577c5cf 641->642 643 577c8ff-577c929 641->643 645 577c5d5-577cec7 642->645 667 577c92c call 59c2b68 643->667 668 577c92c call 59c2b60 643->668 648 577cece-577cee5 645->648 649 577cec9 645->649 650 577c34b-577c354 648->650 649->648 652 577c356 650->652 653 577c35d-577c35e 650->653 651 577c92e-577c962 651->650 654 577c968-577c973 651->654 652->642 652->645 655 577c576-577c57d 652->655 656 577c6f1-577c750 652->656 653->656 654->650 657 577c583-577c5a5 655->657 658 577c8d9-577c8f4 655->658 656->658 657->650 659 577c5ab-577c5b6 657->659 658->643 659->650 667->651 668->651
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $H
                                                • API String ID: 0-1323546614
                                                • Opcode ID: fc09c80ab5cdbf4e577b60a892dcd58aa490a77e79f9f00a986e84a88d498b2a
                                                • Instruction ID: ca94805f8a874b8f82fdcb2def45201ed40b1e909fd4e74b1e0dd4d0ed2c7d0e
                                                • Opcode Fuzzy Hash: fc09c80ab5cdbf4e577b60a892dcd58aa490a77e79f9f00a986e84a88d498b2a
                                                • Instruction Fuzzy Hash: 4031F774A05218CFDB64DF68E884BE9B7B5FB49304F1080E9D40DAB341CB709E829F55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577C3A5 Relevance: 2.6, Strings: 2, Instructions: 67COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 669 577c3a5-577c3d8 698 577c3db call 59c4508 669->698 699 577c3db call 59c4470 669->699 700 577c3db call 59c4460 669->700 672 577c3e1-577c402 673 577c5c1-577c5cf 672->673 674 577c34b-577c354 672->674 678 577c5d5-577cec7 673->678 675 577c356 674->675 676 577c35d-577c35e 674->676 675->673 677 577c576-577c57d 675->677 675->678 679 577c6f1-577c750 675->679 676->679 680 577c583-577c5a5 677->680 681 577c8d9-577c929 677->681 683 577cece-577cee5 678->683 684 577cec9 678->684 679->681 680->674 685 577c5ab-577c5b6 680->685 701 577c92c call 59c2b68 681->701 702 577c92c call 59c2b60 681->702 683->674 684->683 685->674 696 577c92e-577c962 696->674 697 577c968-577c973 696->697 697->674 698->672 699->672 700->672 701->696 702->696
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $H
                                                • API String ID: 0-1323546614
                                                • Opcode ID: 038a55dbf6f2443e95e2f5076d0b41cbd946a2b728dd4e67417217b9205b43a7
                                                • Instruction ID: 051b1591a767270ad473a70218c280206440f802dd3e595ff61e804dd0e93ae4
                                                • Opcode Fuzzy Hash: 038a55dbf6f2443e95e2f5076d0b41cbd946a2b728dd4e67417217b9205b43a7
                                                • Instruction Fuzzy Hash: 4B21F774909219CFDB24DF64E984BEDBBB5FB4A304F0091DAD409AB241C7345E82DF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577CA65 Relevance: 2.5, Strings: 2, Instructions: 23COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: +$B
                                                • API String ID: 0-2724442377
                                                • Opcode ID: 1bf62217d2ce2b39475af463041442c88a2bc1511e8031a239ccf4823727e3af
                                                • Instruction ID: 71a5b773bc87de1f4155544c942c4051021099775faf8a9ce5f71104b874f9cf
                                                • Opcode Fuzzy Hash: 1bf62217d2ce2b39475af463041442c88a2bc1511e8031a239ccf4823727e3af
                                                • Instruction Fuzzy Hash: 1AF0F8B4A0461C9BDF21DF94DC88BADBBB2FB58304F100095E5496B290C7780E85DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 056671D0 Relevance: 2.5, Strings: 2, Instructions: 16COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 1$E
                                                • API String ID: 0-766902796
                                                • Opcode ID: 088989a85b6ec8d27b67b07c3ce00f6ad4b3862dbe2df5fd1d8a4da467e14d76
                                                • Instruction ID: c4d4713aa0154a96cc22359b95e135f5d05cfc4c766ae402015f4ba591824c08
                                                • Opcode Fuzzy Hash: 088989a85b6ec8d27b67b07c3ce00f6ad4b3862dbe2df5fd1d8a4da467e14d76
                                                • Instruction Fuzzy Hash: 87E0C2B4919269CFDB618F20D889798BBB6FB08311F4054DAE40AA3380CB745EC4CF11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C1AD4 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 059C1D47
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: 8b227c9ec3c1227b480d0d35d3c392ac9fe335bc2439777bc2590ec45cf0b53a
                                                • Instruction ID: 6f550f95bcb9b8b7dbae8308cf086ee221de0f0720d7e3af9d620a0e2b69faee
                                                • Opcode Fuzzy Hash: 8b227c9ec3c1227b480d0d35d3c392ac9fe335bc2439777bc2590ec45cf0b53a
                                                • Instruction Fuzzy Hash: EFA11374D00218CFDF10CFA9C885BEDBBB2BF49300F1491AAE859A7281DB748985DF46
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C1AE0 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 059C1D47
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: 08b7313e34f36a2d6b4ec8b1a2dc0ac0434395d9368c1eb962216752dcdbafa4
                                                • Instruction ID: 2bb33ccdff2b886c217a2ffd326583105e8d4bf07f50676c6ec09c81a4409ca9
                                                • Opcode Fuzzy Hash: 08b7313e34f36a2d6b4ec8b1a2dc0ac0434395d9368c1eb962216752dcdbafa4
                                                • Instruction Fuzzy Hash: 7AA10274D00219CFDB14CFA9C885BEDBBB1BB49300F1491A9E859A7281DB748985DF4A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05540048 Relevance: 1.7, Instructions: 1722COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1798895707.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5540000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 785d7a1c7917b25d7861c44f5594c3c9e0affbfb1b2adbdcfcb7e85f8d09be97
                                                • Instruction ID: 367cdf98d29a80e01e0e67644e4e22fef6a60e55faf3f6b9b730ec053ec94355
                                                • Opcode Fuzzy Hash: 785d7a1c7917b25d7861c44f5594c3c9e0affbfb1b2adbdcfcb7e85f8d09be97
                                                • Instruction Fuzzy Hash: 71E2ACB4A09388DFDB16CBA4CC59BAE7FB5BF06304F14409AE145AB2E2C7745845CF62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C27C8 Relevance: 1.6, APIs: 1, Instructions: 117injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 059C28A0
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: ed9fe7e1c905414c7391f531a4e2270b2868b541cd3334489be48a9ea92e8d3a
                                                • Instruction ID: 782b3fb603881ce4734e4d604573455350929c92f4ca8e33d4bbbff0b03f794b
                                                • Opcode Fuzzy Hash: ed9fe7e1c905414c7391f531a4e2270b2868b541cd3334489be48a9ea92e8d3a
                                                • Instruction Fuzzy Hash: 6A41CBB5D012489FDF00CFA9D984ADEFBF1BB49300F14902AE819B7250D379AA45CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C27D0 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 059C28A0
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: 4adee5fdddfbc20e5b5239eaf7fc4098232068f2f0cbcf5654e073c72dadc028
                                                • Instruction ID: 130927516a95d17c312abe06cdedebfcd78267f6d8f1fc7e73886b8a7374878c
                                                • Opcode Fuzzy Hash: 4adee5fdddfbc20e5b5239eaf7fc4098232068f2f0cbcf5654e073c72dadc028
                                                • Instruction Fuzzy Hash: E141CCB5D012589FDF00CFA9D984ADEFBF1BB49310F14902AE815B7250D379AA45CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C2509 Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 059C25BA
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 726331d5a8aae953a1c632f5506bb4fca408854e208feb7760d7e53f9ce226c7
                                                • Instruction ID: b554419a06fd83eb50aede10f456673316ccd348f69222137f7bc805ac3d2a47
                                                • Opcode Fuzzy Hash: 726331d5a8aae953a1c632f5506bb4fca408854e208feb7760d7e53f9ce226c7
                                                • Instruction Fuzzy Hash: 9B31A6B9D042489FCF00CFA9D984ADEFBB1BB09310F10902AE815BB214D775A905CFA8
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C2510 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 059C25BA
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: b6703fc780b8c8c6c78b5b471fa51c3f823ebbf770cca7e0dd553656d7465e0c
                                                • Instruction ID: c622db15b122e48a13b11d477b4a2430ad19b6b285048aebbe4be16acb614b1a
                                                • Opcode Fuzzy Hash: b6703fc780b8c8c6c78b5b471fa51c3f823ebbf770cca7e0dd553656d7465e0c
                                                • Instruction Fuzzy Hash: D231A6B9D042589FCF10CFA9D980ADEFBB1BB09310F14942AE815B7310D775A946CFA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C1E88 Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 059C1F3F
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 8afed3250cb99cb8c5cada24c979baf36ce53ee8bee16814e706a57e954d6c5e
                                                • Instruction ID: 7ac668592f2118e8b4998cfed8148a2dcb191e1a19058d1387738739b82bb43e
                                                • Opcode Fuzzy Hash: 8afed3250cb99cb8c5cada24c979baf36ce53ee8bee16814e706a57e954d6c5e
                                                • Instruction Fuzzy Hash: 3241EBB5D042589FDB10CFAAD884AEEFBF0FB49310F14802AE418B7240D778A945CF94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0576D3D8 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0576D47C
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800022262.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5760000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: 4b41707094dfd0560aa70e26e8ba88a15f60ef876321ad528b55afa00cfa96b4
                                                • Instruction ID: 802b5d38eb322e4f5323b6981854f636691618b34f232335020bb56de0bcce86
                                                • Opcode Fuzzy Hash: 4b41707094dfd0560aa70e26e8ba88a15f60ef876321ad528b55afa00cfa96b4
                                                • Instruction Fuzzy Hash: EF31A9B5D052089FCF10CFA9D880AEEFBB1BF09310F14942AE819BB210D775A945CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C1E90 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 059C1F3F
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 1696875adebe6d8b1936e977eb900e4835c4e399ebfbd62ccb30afd425c6c61c
                                                • Instruction ID: efeabc4a7809df321044d9a96d659de6ad589a2ce7a108b864e3729a16a308b8
                                                • Opcode Fuzzy Hash: 1696875adebe6d8b1936e977eb900e4835c4e399ebfbd62ccb30afd425c6c61c
                                                • Instruction Fuzzy Hash: 3D31CAB5D042589FDB10CFAAD884AEEFBF1BB49310F14802AE409B7240C778A949CF94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C2B60 Relevance: 1.6, APIs: 1, Instructions: 77threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • ResumeThread.KERNELBASE(?), ref: 059C2BE6
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: aad389c83d612c1ac327a962b1cd9f769dca2926a65d556ffb2eb85e8654d200
                                                • Instruction ID: 4532653b9f9f0a11883a9097cba74f434c6bfd11900b153474256f27fd7e2d74
                                                • Opcode Fuzzy Hash: aad389c83d612c1ac327a962b1cd9f769dca2926a65d556ffb2eb85e8654d200
                                                • Instruction Fuzzy Hash: 3531EBB8D002189FCF10CFA9D884ADEFBB5EB49310F14842AE815B7340C779A901CF94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C2B68 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • ResumeThread.KERNELBASE(?), ref: 059C2BE6
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 84109adb5095c611d137119196b1282ace60035b1cc823a50da49e6372713956
                                                • Instruction ID: f52dfa65cef8c3d922af77d66ffcc063ab1de4bfc1517342a1e60acc98c3ae7b
                                                • Opcode Fuzzy Hash: 84109adb5095c611d137119196b1282ace60035b1cc823a50da49e6372713956
                                                • Instruction Fuzzy Hash: 0331C9B8D052189FDF10CFAAD880ADEFBB5AB49310F14946AE815B7300C775A901CF94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057761C7 Relevance: 1.5, Strings: 1, Instructions: 249COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: ab34721dc523b3acc74512cd6b4e83ec6de2db8d730f7adc2d691c9cb8ea30ae
                                                • Instruction ID: 7c85d4eeb92e5972a7b0875d728cae73afd27d09f62eecfb39b8b4e5acc865c4
                                                • Opcode Fuzzy Hash: ab34721dc523b3acc74512cd6b4e83ec6de2db8d730f7adc2d691c9cb8ea30ae
                                                • Instruction Fuzzy Hash: A6B10474E0561CCFDF94DFA4E888BADBBB2FB49304F1081AAD409A7299DB745985DF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057752D8 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: U
                                                • API String ID: 0-3372436214
                                                • Opcode ID: 99b0a55048e069c9da4e7f5339abefde2df8b8d3c7d8dda90f29698ae16a2b55
                                                • Instruction ID: fedbc0fc4abb32a13d1bbd505b1713f8f2022b5c2b478b58cc10376b69d392c1
                                                • Opcode Fuzzy Hash: 99b0a55048e069c9da4e7f5339abefde2df8b8d3c7d8dda90f29698ae16a2b55
                                                • Instruction Fuzzy Hash: 6C81D374A0521CCFDF54DFA9E884BADBBB2FB89304F10816AE409A7395DB749946DF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0576E5A0 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0576E63F
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800022262.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5760000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 984b8a6921b6c78b83012be2acf1585c23f34b0af99cbb8760f4f156ccf2c6c6
                                                • Instruction ID: c2f28fce83e0095e9a1b4222e3c6ca1593c704b413f06aec7ff100b7943079ef
                                                • Opcode Fuzzy Hash: 984b8a6921b6c78b83012be2acf1585c23f34b0af99cbb8760f4f156ccf2c6c6
                                                • Instruction Fuzzy Hash: 4331A6B9D052489FDF10CFA9D880AEEFBB5AB09310F14902AE815B7210D775A9458FA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05665675 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: R
                                                • API String ID: 0-1466425173
                                                • Opcode ID: d01f20b02be3f3ad3fa008d9982daa611c74884b1917e554477138e6691dec7d
                                                • Instruction ID: 2881efbc46cdecf9579db686971861713eff62b5ebefbcd0c4d81ac73c4ded64
                                                • Opcode Fuzzy Hash: d01f20b02be3f3ad3fa008d9982daa611c74884b1917e554477138e6691dec7d
                                                • Instruction Fuzzy Hash: 8211B374A00169CFCBA4DF64D994B9DBBB1EF48200F4085EA950EA7360DB305E85CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577CAE8 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: +
                                                • API String ID: 0-2126386893
                                                • Opcode ID: e37b850601193503a761425906aec45c9ff6155cd4992049aee5308422b6da87
                                                • Instruction ID: ea2801491d3c3498d5c30f7fd0d7c2abe7b11b17acd387e6a3112650000b0ab5
                                                • Opcode Fuzzy Hash: e37b850601193503a761425906aec45c9ff6155cd4992049aee5308422b6da87
                                                • Instruction Fuzzy Hash: ABF0F474A0421DDBEF28EFA0ED55BADBBB2FF84300F1040A9A5496B280DB741E849F44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577C446 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: C
                                                • API String ID: 0-1037565863
                                                • Opcode ID: 3683f5d3ae967636b6564d555b57b13b536a4ed24402b36e3f534b293f13f5da
                                                • Instruction ID: 8d33c93df410158292b28e4b629de28b4d430643ccf35f58c8eda4a5beeeda4b
                                                • Opcode Fuzzy Hash: 3683f5d3ae967636b6564d555b57b13b536a4ed24402b36e3f534b293f13f5da
                                                • Instruction Fuzzy Hash: 81F0F875A002289FDB24CF64CC51BE9B7B1EB48314F1041DAE608AB291C7B99F82CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059F7C90 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: l
                                                • API String ID: 0-2517025534
                                                • Opcode ID: 718fddb939528508b92fad91fdd1db2fe63b5a97712c4fb753fcebef2ac2fde6
                                                • Instruction ID: 5c7a09aab27dca6c49f6229e1bd7adb423f858f6387e7eaa8da829effd567d79
                                                • Opcode Fuzzy Hash: 718fddb939528508b92fad91fdd1db2fe63b5a97712c4fb753fcebef2ac2fde6
                                                • Instruction Fuzzy Hash: 51F0D435A05268CBDB20EB25D9546E9B7B5EB88315F0040E6DA09A3280D7B40E94CF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577CB64 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: E
                                                • API String ID: 0-3568589458
                                                • Opcode ID: 4f913ca89f4067c803751e01f7a8b32fa6ee84fcead09a36cb19f3745074fd29
                                                • Instruction ID: 04fef1fa0aca9e3e77ab9383f7f7692b14d64b38492d471d35b18a8dea2207db
                                                • Opcode Fuzzy Hash: 4f913ca89f4067c803751e01f7a8b32fa6ee84fcead09a36cb19f3745074fd29
                                                • Instruction Fuzzy Hash: 44F0B279A042299FDB20DFA4DE48BD9BBB1EB49305F0040D5A509A7255D3789E858F40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577CE3E Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ,
                                                • API String ID: 0-3772416878
                                                • Opcode ID: 7836a18b1f812f0335068b0b8073ae854d341007f56fb6c8ae7ded96b9508aa5
                                                • Instruction ID: 0fca33b55beb4e13ac39566d8ca5cbbaf90e8766c3af8032e6bcc4394252f54f
                                                • Opcode Fuzzy Hash: 7836a18b1f812f0335068b0b8073ae854d341007f56fb6c8ae7ded96b9508aa5
                                                • Instruction Fuzzy Hash: 7CF0F274A012089FDB20CF64CC55B98BBB2FB48304F20819AE909AB281E735AE42CF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05664D34 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 1
                                                • API String ID: 0-2212294583
                                                • Opcode ID: 923155c063810e4becd8d7871991356777308a6178c51c9f74573319554591fa
                                                • Instruction ID: 81e8fbfc9b1b9fa92ef53522fc6da92b52d92ffc7f2cc212949741ad3861194b
                                                • Opcode Fuzzy Hash: 923155c063810e4becd8d7871991356777308a6178c51c9f74573319554591fa
                                                • Instruction Fuzzy Hash: 1DD05EB4502319CFDB90DF20D84979C77B2EB04300F508694C00497220CF705E87CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05663926 Relevance: 1.3, Strings: 1, Instructions: 12COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: z
                                                • API String ID: 0-1657960367
                                                • Opcode ID: 66560f42549c56347c96080dfb7336ff45691d0cedb7a2fd22c7e230e16b88db
                                                • Instruction ID: 089d6acad0df597f8f2765fed2511226e5dea617ba77b189f371a7952949d15c
                                                • Opcode Fuzzy Hash: 66560f42549c56347c96080dfb7336ff45691d0cedb7a2fd22c7e230e16b88db
                                                • Instruction Fuzzy Hash: 65E042B0A1526ADFCB64EF64E99979CBBB2FF49300F0046D69409A3251DB702E85CF09
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577CD9A Relevance: 1.3, Strings: 1, Instructions: 9COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: D
                                                • API String ID: 0-2746444292
                                                • Opcode ID: f09854ce28288682d9313adea48e3dd7143bfaadb5df96d900e978ef8e1319bd
                                                • Instruction ID: db6e205d55070ecc1f4761afaf17f29c0f62a71aa24b62e2f021a5670260fc9b
                                                • Opcode Fuzzy Hash: f09854ce28288682d9313adea48e3dd7143bfaadb5df96d900e978ef8e1319bd
                                                • Instruction Fuzzy Hash: 16D092B49051299ACB20DBA4A904799B6B1AB48304F1080D5851C62305D7341E849F45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF3AC4 Relevance: 1.3, Strings: 1, Instructions: 6COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: jjjjjj
                                                • API String ID: 0-3900813449
                                                • Opcode ID: b241fed2c16ddfe574caf1d071a39b42fa979b2bfc456b0dfb8a873078e6db7d
                                                • Instruction ID: 3f47651d6f1e7fcd9b1f9ff3c96c267e226c836cc69f6c84dd9d22fc800e0975
                                                • Opcode Fuzzy Hash: b241fed2c16ddfe574caf1d071a39b42fa979b2bfc456b0dfb8a873078e6db7d
                                                • Instruction Fuzzy Hash: 5CB01230206200CF8B45CE14C1D4438B770FF8134032080AEC1034F026C73086C3FB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05540000 Relevance: 1.2, Instructions: 1228COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1798895707.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5540000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 17914d0cc33e43968e4a66804e09241c76fe43a5e13316fb72d190d6ed936bce
                                                • Instruction ID: 6c81f722ad7223845f391fdd273a742e26ffeaf03b7100cd89eb78f014855c94
                                                • Opcode Fuzzy Hash: 17914d0cc33e43968e4a66804e09241c76fe43a5e13316fb72d190d6ed936bce
                                                • Instruction Fuzzy Hash: 4AA24CB550E3849FEB1687748C69BAA3F74AF03604F1941DBE245DB2E3D7784849CB22
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057877E0 Relevance: .7, Instructions: 677COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a49bf0741760984bf9fd4587c566a732b0d1472e2df664c3bf8a279b22332fd
                                                • Instruction ID: c0d4bc99d1c4281bdc2028216324dd745a4b838ac834372fad5e03093960a81f
                                                • Opcode Fuzzy Hash: 4a49bf0741760984bf9fd4587c566a732b0d1472e2df664c3bf8a279b22332fd
                                                • Instruction Fuzzy Hash: ED520875A002288FDB68DF69C985BEDBBF2FB88300F1541D9E509AB351DA319D81CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578D9A0 Relevance: .7, Instructions: 655COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 72b2c218623c32efe924b5e679549fec5dfb3ec8e95233a627484dcc36372ae2
                                                • Instruction ID: 69156f91fe685c474de8e29b4cb10dc54210d70c9fcfca475256380ec9398c41
                                                • Opcode Fuzzy Hash: 72b2c218623c32efe924b5e679549fec5dfb3ec8e95233a627484dcc36372ae2
                                                • Instruction Fuzzy Hash: C7423D35A00219DFCB14EF64C984EA9BBB2FF89310F1585D9E509AB261DB31ED85DF80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF2018 Relevance: .5, Instructions: 536COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3c8b54815cd9393c891934c5b167328ab4a16c65e9572152969e7ee6c013d9bb
                                                • Instruction ID: facf883094928c2e306c7c8845fe43650b7a5d52f1397faeee91336f1e15a51f
                                                • Opcode Fuzzy Hash: 3c8b54815cd9393c891934c5b167328ab4a16c65e9572152969e7ee6c013d9bb
                                                • Instruction Fuzzy Hash: 0642E6B4921604CFD710EF48D688EA8BBF2FB81304F55C1A5E1694B26AD3B9DD86CF41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05781D20 Relevance: .5, Instructions: 534COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 461f7216ec933ce87e553b22c451090367e8164c8390234158b4d381671962ad
                                                • Instruction ID: 8a73106b5718022d970a5c6ebdad22b085534dfd9c0d4629f08203bb0f944dd6
                                                • Opcode Fuzzy Hash: 461f7216ec933ce87e553b22c451090367e8164c8390234158b4d381671962ad
                                                • Instruction Fuzzy Hash: BF228E35A10204DFDB14EFA4C495AADB7B2FF88311F148169E906EB3A6CB71ED81DB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF1F40 Relevance: .5, Instructions: 485COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 57869e919b81ae573f1f1972138f5525e00b9da349d6bd8d819f353bc48adbb5
                                                • Instruction ID: 5243ce4d6d06dd636278ea1f150ef97acdb81d0c616c36813c0164f910cda3cc
                                                • Opcode Fuzzy Hash: 57869e919b81ae573f1f1972138f5525e00b9da349d6bd8d819f353bc48adbb5
                                                • Instruction Fuzzy Hash: C232E3B4921604CFD710EF48D698B647BF1FB81304F45C0A9E1694F66AD3BAD989CF41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05784C48 Relevance: .4, Instructions: 439COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7c790a42578b42a7d1321b31b615be77ac42430f228c337f92176b8e8a424012
                                                • Instruction ID: cd6859d526a46aa350726938d5a08129c996a56acc9207eaea5087921b69254e
                                                • Opcode Fuzzy Hash: 7c790a42578b42a7d1321b31b615be77ac42430f228c337f92176b8e8a424012
                                                • Instruction Fuzzy Hash: F0024B35A00209DFDB29EFA4C994A6EBBB2FF88304F14852DE4069B351DB75EC45DB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578A7E8 Relevance: .4, Instructions: 437COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8a9afa61085b3191f2d98b8df4ca9a3c623937243e249613cf479fde098cf521
                                                • Instruction ID: 93af57be6c66131dd1ed8335d48a9075e44b2633071516ee4c043da7a41dda41
                                                • Opcode Fuzzy Hash: 8a9afa61085b3191f2d98b8df4ca9a3c623937243e249613cf479fde098cf521
                                                • Instruction Fuzzy Hash: 2512F934B102198FCB14EF64C898BADB7B2BF89310F5185A9D44AAB365DF30ED85DB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05786908 Relevance: .4, Instructions: 370COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4c0205fbabfee296380b58abff468c1c8b34713e2843b0ae738447b36eb75c84
                                                • Instruction ID: cade405c01e3abf3fb2fb11fb4b20ef942ec8b03887c34a53240f993036bf3a2
                                                • Opcode Fuzzy Hash: 4c0205fbabfee296380b58abff468c1c8b34713e2843b0ae738447b36eb75c84
                                                • Instruction Fuzzy Hash: E3F1BB34B50118DFDB08EFA4D999AADBBB2FF89301F118554E405AB3A5DB70EC42DB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578AEE0 Relevance: .4, Instructions: 365COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f998c793cd422f0ca99379ca782455169589d0ca409d93ff8802cf40a9e00126
                                                • Instruction ID: 8db295f7e54724b1bccaa5f43cb6b3279d88818ed2759db3436e933c77b91b95
                                                • Opcode Fuzzy Hash: f998c793cd422f0ca99379ca782455169589d0ca409d93ff8802cf40a9e00126
                                                • Instruction Fuzzy Hash: A8E11E34A40209DFCB04EFA4D5989AEBBB2FF89310F108569E4066B365DF30ED46DB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578B5F8 Relevance: .3, Instructions: 336COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4bac1126b237aa53ef203adfcffee597c8718b9c6596de25e98805647aa71c40
                                                • Instruction ID: 343402e9cd75193f37751b5e9f79e3c9369113c9790d362041d3753db43b79d2
                                                • Opcode Fuzzy Hash: 4bac1126b237aa53ef203adfcffee597c8718b9c6596de25e98805647aa71c40
                                                • Instruction Fuzzy Hash: FFC16B35750204DFCB05EFA8D898A6DBBB6FF89710F1540A9E50A9B3A2CB31DC41DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 055418C0 Relevance: .3, Instructions: 332COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1798895707.0000000005540000.00000040.00000800.00020000.00000000.sdmp, Offset: 05540000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5540000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b7c2174fe0acec0648f68ebdb73934de74d81beeecc0bf132476e072b63ae440
                                                • Instruction ID: fb096a22c9fb1cdcbe0208cecfe97c864816c89ce3fdc5d26d427f79b04aeda5
                                                • Opcode Fuzzy Hash: b7c2174fe0acec0648f68ebdb73934de74d81beeecc0bf132476e072b63ae440
                                                • Instruction Fuzzy Hash: 25E1F374E14218DFCB18DFA8E899AECBBB2FF89315F108529E41AA7350DB305985DF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF2A10 Relevance: .3, Instructions: 260COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 07056555d0fcd57d199fdb2aadfe16c93656313173dbcf7ea78c9ad73469243c
                                                • Instruction ID: 41204c32d916ff500a4559996a6f7759295ef227fcfa0788cef6c4fd2a444b58
                                                • Opcode Fuzzy Hash: 07056555d0fcd57d199fdb2aadfe16c93656313173dbcf7ea78c9ad73469243c
                                                • Instruction Fuzzy Hash: C4A16C30A0964DCFDB10DFE8C9807BEBBB1EF45300F24856AEA05AB241D730AA45CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566D3B8 Relevance: .2, Instructions: 249COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f5f9f0f68779c3f2b2522cfa7e61a9b688b3104686753c68071002e7c01030e1
                                                • Instruction ID: cadefa2cc7464bc576fad406666ede170725134e862fbfed5fe088b383b1fcf3
                                                • Opcode Fuzzy Hash: f5f9f0f68779c3f2b2522cfa7e61a9b688b3104686753c68071002e7c01030e1
                                                • Instruction Fuzzy Hash: C2918735B052049FCB14CFA4E595AADBBB2FF88314F14806AE80AEB391CB35DD41CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578A7D8 Relevance: .2, Instructions: 237COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 445e24be330babcd52ddbf1689f9bd7805db5b4b2c240c74a819b338318186f6
                                                • Instruction ID: f9a98435bc109fbc950e49c45013b232211af1951ec1bd2de9c50b9b93570f9b
                                                • Opcode Fuzzy Hash: 445e24be330babcd52ddbf1689f9bd7805db5b4b2c240c74a819b338318186f6
                                                • Instruction Fuzzy Hash: BCA1FD74B402189FCB14EF64C898BADB7B2BF89310F5185A9E44AAB355DF309D85DF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057868F9 Relevance: .2, Instructions: 231COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0608bc7da2cb842ff9232a947b02b66900935e9ab821b8e76ce0c1c2a723fd9a
                                                • Instruction ID: 581d8fd4130b2f05a15eaed46bad994624e709a4b5114bc82e51b29204f5f3ce
                                                • Opcode Fuzzy Hash: 0608bc7da2cb842ff9232a947b02b66900935e9ab821b8e76ce0c1c2a723fd9a
                                                • Instruction Fuzzy Hash: 98A1ED34B50218DFCB04EFA4D999EADBBB2FF99301F158159E406AB361DB30AC42DB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578C52B Relevance: .2, Instructions: 227COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2bdc4af4881bd1f5572724ce592039b0f888cc83e17f384a70a3f0dc852ca090
                                                • Instruction ID: bbb2c731d32c6000d91b81cb653a3f181c2181f404d930f730048f1bd650f82f
                                                • Opcode Fuzzy Hash: 2bdc4af4881bd1f5572724ce592039b0f888cc83e17f384a70a3f0dc852ca090
                                                • Instruction Fuzzy Hash: E581E231B006068FDB12EF68C484ABEB7BAFF85300B504569C506DB365EB35ED46CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05779A40 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d1011cdd0f158144790e1d9dff63193ead207ba1cd92fe8b0e54af6c0027f776
                                                • Instruction ID: 996fd6221b70379278527655e31c4c86db5547d48a2c2e98ba0d7a924eb15651
                                                • Opcode Fuzzy Hash: d1011cdd0f158144790e1d9dff63193ead207ba1cd92fe8b0e54af6c0027f776
                                                • Instruction Fuzzy Hash: 53A10174A0621CCFDF54DFA9E984BADBBB2EB89300F1080AAE509A7355DBB45941CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05779A30 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 22be0f498528a031bf91d138c199d01be996f5b5c75e2c193b1e03b45985ab1d
                                                • Instruction ID: b4acaf7b9e86bba07fa01b9f5c99501d571992b7952d5641a7b398e08c8dcc47
                                                • Opcode Fuzzy Hash: 22be0f498528a031bf91d138c199d01be996f5b5c75e2c193b1e03b45985ab1d
                                                • Instruction Fuzzy Hash: 8CA11274E06218CFDF54DFA9E988BADBBB2FB89300F1080AAE509A7355DB745945CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578FA18 Relevance: .2, Instructions: 212COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2275583dfb5290f772827ce00fd4b24c69ee6d58d464f795ba324fccd84c6bb1
                                                • Instruction ID: e035a864dda918cf4a49b99acef9e4813aa6024647a48298c8c5780123258f67
                                                • Opcode Fuzzy Hash: 2275583dfb5290f772827ce00fd4b24c69ee6d58d464f795ba324fccd84c6bb1
                                                • Instruction Fuzzy Hash: 97718D71F406098FDB14EBA9C580ABEBBF3FFC8210F248569D519A7344EB70AA019B51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05783208 Relevance: .2, Instructions: 208COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bfc93c9fd2c167bb807b438ace16d54f4d7ea55e1010eb10eb8127c190b95e4c
                                                • Instruction ID: bb81d0ca9601cd9fd3ac6b043acf08830134132b45ef82999c8feb57983fc078
                                                • Opcode Fuzzy Hash: bfc93c9fd2c167bb807b438ace16d54f4d7ea55e1010eb10eb8127c190b95e4c
                                                • Instruction Fuzzy Hash: 29812A75A40218CFCB15EFA8C884EADBBF5FF88710B158569E8469B360DB70EC41CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF36C0 Relevance: .2, Instructions: 204COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1af48f2eed355a73fc6fed017e690c89847507e944224a001dcc1227b8ce6294
                                                • Instruction ID: fda63316cb8d6039b3f79e6469ef36ce7da4a8fec017b6456be43b5252137ae2
                                                • Opcode Fuzzy Hash: 1af48f2eed355a73fc6fed017e690c89847507e944224a001dcc1227b8ce6294
                                                • Instruction Fuzzy Hash: BB61E4B6704208DFDB14EBB98C5073A77B6BBC6300F2485AAE606DB3D1DA75DE018791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05775821 Relevance: .2, Instructions: 203COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8d1d4e0fc239fc5bf15ca52dfa9ed89af466f82da96594d63f217920e63a5d47
                                                • Instruction ID: 308da81e184550bd776b84395ec6685daeef1793b903b687649fb2fad6be18c2
                                                • Opcode Fuzzy Hash: 8d1d4e0fc239fc5bf15ca52dfa9ed89af466f82da96594d63f217920e63a5d47
                                                • Instruction Fuzzy Hash: 3F910474A0121CCFDB64DF65E994BAEBBB2FB89300F1081AAE409A7355DB705E85CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF09A8 Relevance: .2, Instructions: 202COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 720bfee6ed2d0e04f60d950801b4cd4edc132286f2c190fd0a6c90615571b6a4
                                                • Instruction ID: bddad44eab154a60349f18d2c86c96eaf7b04244814e26d9dfab5ec47b939209
                                                • Opcode Fuzzy Hash: 720bfee6ed2d0e04f60d950801b4cd4edc132286f2c190fd0a6c90615571b6a4
                                                • Instruction Fuzzy Hash: 3A71B071A0060A9FCB04DFB8C585ABDFBB2BF48314F258568E515EB292D731EC42CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF0DC0 Relevance: .2, Instructions: 198COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 526c706ddb50c8b4760a1803df65946f9f2ee3d3bbd499f8a3181ad44721c03f
                                                • Instruction ID: 60a8d552fc60f4a1b0d114df7414c1b85d2918c2abda33666a387d678294b933
                                                • Opcode Fuzzy Hash: 526c706ddb50c8b4760a1803df65946f9f2ee3d3bbd499f8a3181ad44721c03f
                                                • Instruction Fuzzy Hash: D861D230704649CFDB25CBA8D850BBA77B1EB85310F1488B9F606DB296DB35EC41CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05779BA3 Relevance: .2, Instructions: 198COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c06a8ec18eb2cb58f063481a94b0ce4378b407f8c3d735fbfecba4ba33c4a70
                                                • Instruction ID: 98932217fc6ffd7790f48f3d24b40ce20c9d8d6c4388f6e5e86b533bebeb159e
                                                • Opcode Fuzzy Hash: 1c06a8ec18eb2cb58f063481a94b0ce4378b407f8c3d735fbfecba4ba33c4a70
                                                • Instruction Fuzzy Hash: B291F274A0621CCFDF54DFA5E994BADBBB2FB89304F1080AAE509A7345DBB45981CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05779DE2 Relevance: .2, Instructions: 192COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f78f414117c68049c2748b480038a0dd136c99ae8800fe45d0a7c6fd7bb45de9
                                                • Instruction ID: 7b7f64dba2e6231b08e8a2b85c2a886ea5153ac648bbf54afb8829f1e89033dc
                                                • Opcode Fuzzy Hash: f78f414117c68049c2748b480038a0dd136c99ae8800fe45d0a7c6fd7bb45de9
                                                • Instruction Fuzzy Hash: 47911274A0521CCFDF54DFA5E998BADBBB2FB89300F1080AAE509A7345DBB45981CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05782D28 Relevance: .2, Instructions: 184COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 327336e645ed208914624fa4f371d1043a3875f2afa1767a966c48e79767a101
                                                • Instruction ID: b8acc429b5c33b4a7e33ca9df2bef0e114fd73078be6218e3a4326a361684ce4
                                                • Opcode Fuzzy Hash: 327336e645ed208914624fa4f371d1043a3875f2afa1767a966c48e79767a101
                                                • Instruction Fuzzy Hash: B351CF357082059FEB15AF64D844BAE3BA2FF88311F144169E809CB392DF74DC52CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05780768 Relevance: .2, Instructions: 178COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b770ce22c7604d358999e57bacfc18f4255ece58e94d6c5ba3f44a51ad1856a5
                                                • Instruction ID: bac2baacb7468636a9e2f06c2423db44522fee7d2403720e0e3b1153392f99fa
                                                • Opcode Fuzzy Hash: b770ce22c7604d358999e57bacfc18f4255ece58e94d6c5ba3f44a51ad1856a5
                                                • Instruction Fuzzy Hash: 81519C30B047008FEB19AF74C459A2E77B6FFC9250B14446DE40A9B3A1DE35EC4ACB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578B780 Relevance: .2, Instructions: 167COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c55d5e3bcacb760ebdb253a75973eeec66fce907a4cf6a3f1f8552eb616bbf31
                                                • Instruction ID: ab4180925fd48c65f2ab15aa9652ddc406f4c0e63047e604a0ce5ddae1197de3
                                                • Opcode Fuzzy Hash: c55d5e3bcacb760ebdb253a75973eeec66fce907a4cf6a3f1f8552eb616bbf31
                                                • Instruction Fuzzy Hash: 70612974B50618DFCB08EF68C498A6DB7B6FF89710F148169E9169B361CB30EC41DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05772048 Relevance: .2, Instructions: 165COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a70e013228b5ba5898f3df753e68db83fd96bf81cdfeabb067fb3585c64f32cd
                                                • Instruction ID: fb366c24b4dbcf308c18860cdb1d6c6713a18c3631e55d7838c7fdb7c4a576fe
                                                • Opcode Fuzzy Hash: a70e013228b5ba5898f3df753e68db83fd96bf81cdfeabb067fb3585c64f32cd
                                                • Instruction Fuzzy Hash: 6E61BDB4E15208CFDB50DFA9E548BADBBF2FB49304F10902AE126A7286C7B45946DF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05772038 Relevance: .2, Instructions: 164COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 55e660a8e2ec30385597d60f4d1b141fd02fba98cb90a07e04fc8c6bcb9d3afe
                                                • Instruction ID: e26a13b2a413eb078bd8afd804a593ac500a516f1437d482b99cc41f1a3f3fc2
                                                • Opcode Fuzzy Hash: 55e660a8e2ec30385597d60f4d1b141fd02fba98cb90a07e04fc8c6bcb9d3afe
                                                • Instruction Fuzzy Hash: D661DFB4E14208CFDF50DFA9E548BADBBF2FB49304F10902AE126A7286C7B45946DF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578B790 Relevance: .2, Instructions: 158COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 68c80143513d180050e970abc64286359c1baafbb0bedd18b989e8802070f35a
                                                • Instruction ID: 8ea23ec53bee1eb1ff141251a67b6950281fa259382dfde1d2ec342dfd4136b9
                                                • Opcode Fuzzy Hash: 68c80143513d180050e970abc64286359c1baafbb0bedd18b989e8802070f35a
                                                • Instruction Fuzzy Hash: FA511934B50618DFCB08EF68D898A6DB7B6FF89710F1081A9E5169B361CB30EC41DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566236B Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ec54e0ff61e722a62efeab67b02ea7d375ae884f2de56d9b39153fe311e63126
                                                • Instruction ID: 8b9e53c9a93288847435570924db65914d50bf5a70363b80dcdae24d80613f42
                                                • Opcode Fuzzy Hash: ec54e0ff61e722a62efeab67b02ea7d375ae884f2de56d9b39153fe311e63126
                                                • Instruction Fuzzy Hash: 7261E874D05318CFEB64CF69C864BADBBF2FB49304F10806AD41AAB295D7745985CF41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF09F8 Relevance: .2, Instructions: 152COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9ea1696b054a1092ac36cae94987d9706e4051243a32466600215b1c87cc850b
                                                • Instruction ID: ebd9821bcb37b8212f60c7cb2b4c310a8e5d6f9586459a9ba63030345d6cd622
                                                • Opcode Fuzzy Hash: 9ea1696b054a1092ac36cae94987d9706e4051243a32466600215b1c87cc850b
                                                • Instruction Fuzzy Hash: FF51A071A0051A9FCB05DFE8C585ABDFBB2BF48308F258568D515AB292D735EC42CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566C098 Relevance: .2, Instructions: 151COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc1b7376370191e56904d3e3372a8e86cd9ecd8d9f72d4b7469cb4bbf3ada11a
                                                • Instruction ID: 02fbe1b83571fd6c2b42678e129a0bc4b87f5a1c35491b9a5333c693bc0bbdf7
                                                • Opcode Fuzzy Hash: bc1b7376370191e56904d3e3372a8e86cd9ecd8d9f72d4b7469cb4bbf3ada11a
                                                • Instruction Fuzzy Hash: 94513C76600104EFDB459FA8C945E69BBB7FF8D31471680D8E2099B372DA32DC21EB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF1D00 Relevance: .1, Instructions: 149COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d5f9637897fc9f6c7c71a394bd117e4524670395716a3136d2519be024b35b31
                                                • Instruction ID: e8fef8aa7d682bc3f18617c25dec5c055af62bfb98e52170c56c345dcc98802e
                                                • Opcode Fuzzy Hash: d5f9637897fc9f6c7c71a394bd117e4524670395716a3136d2519be024b35b31
                                                • Instruction Fuzzy Hash: 04518A30A04709CFD724CFAAC4407B6B7F5FB85300F148A6AEA4787691D739E986CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057864D8 Relevance: .1, Instructions: 143COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 75c1ae320df9ff42ddb80907bacf09b70f7bbdebf650a3e56bf27e0dd20ba2ab
                                                • Instruction ID: 96c2443d6e2a9ea3ac68eabe8fe9f733153756a2879d112570b286046d6bed7b
                                                • Opcode Fuzzy Hash: 75c1ae320df9ff42ddb80907bacf09b70f7bbdebf650a3e56bf27e0dd20ba2ab
                                                • Instruction Fuzzy Hash: 1A515D34B1061D9FCB08EF64E499AAEBBB6FF88701F008519F50297364DF70A946DB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF5614 Relevance: .1, Instructions: 142COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: addfdd124ac80c1b33283bd114050d32b2196093d2c8fe0c5ec176e158ff25a3
                                                • Instruction ID: 28f0a187b63688b3379b107738aae16abead6a0a89c220a5a1c4d3565b637418
                                                • Opcode Fuzzy Hash: addfdd124ac80c1b33283bd114050d32b2196093d2c8fe0c5ec176e158ff25a3
                                                • Instruction Fuzzy Hash: A201F734B09A88CFC7219BB8D850825FBF5BF8676032A85EBE645CB222C520DC05CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF5770 Relevance: .1, Instructions: 142COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 407723d8a87f68c4c0e6b6b5b9194ce908c93a3f75c40608b8b8cb3c5dc0e4e2
                                                • Instruction ID: 64ae0ab69e2645039e39dc3bb7ddfbcf410ebcdc506f746b0e68e9886fb8ca8b
                                                • Opcode Fuzzy Hash: 407723d8a87f68c4c0e6b6b5b9194ce908c93a3f75c40608b8b8cb3c5dc0e4e2
                                                • Instruction Fuzzy Hash: AE51F731E006199FCB14DBB9C8407AEBBF1FF8A310F6585A9E219EB291D730D901C790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578A597 Relevance: .1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4b9e4606ace349c97a5cab67bb5378d20c8376b42940589b61ba900918c17041
                                                • Instruction ID: 13faa347e5087aec19c03fd6f7cfc772bce23d514fd83746c4c2e1466e9156ff
                                                • Opcode Fuzzy Hash: 4b9e4606ace349c97a5cab67bb5378d20c8376b42940589b61ba900918c17041
                                                • Instruction Fuzzy Hash: D1417330B506189FCB04FB64C858A7EB7B7AFD9710F104529E406AB3A5CF74AC46EB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577DDAA Relevance: .1, Instructions: 128COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f0cf328d2f86d9ae047538d97023cf1d7298befb1f4de4da025c199611f49a4f
                                                • Instruction ID: 970159a9fa49d8b032d922935d8df1fefbf36b22f548bef37f3d94e14702e413
                                                • Opcode Fuzzy Hash: f0cf328d2f86d9ae047538d97023cf1d7298befb1f4de4da025c199611f49a4f
                                                • Instruction Fuzzy Hash: 9D7129B4D042289FDBA1CF29C884BD9BBF1BB49300F5081EAA54DA7250DB719E80DF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF9621 Relevance: .1, Instructions: 127COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 98557b734acf797be42f8dbab856bd45fff700140b303d4f1078ef8bf2bc6c5d
                                                • Instruction ID: b1fe801e3fa96d13bd86493e0ec158692ef99f23060d7c6362eda6a339b26bca
                                                • Opcode Fuzzy Hash: 98557b734acf797be42f8dbab856bd45fff700140b303d4f1078ef8bf2bc6c5d
                                                • Instruction Fuzzy Hash: 4051AB74D01208DFDB48DFA9D999AEEBBB1FF88310F10806AE516A7350DB785A45CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578E688 Relevance: .1, Instructions: 124COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d58aec81fba27bbd43ee3e8b952c9b426c7e07ede0f6ae570ae14110dce2266b
                                                • Instruction ID: a63acd25fe815db5cf698216f4fdcffc6f834ede2147d5a4880c89f6ff0c63e0
                                                • Opcode Fuzzy Hash: d58aec81fba27bbd43ee3e8b952c9b426c7e07ede0f6ae570ae14110dce2266b
                                                • Instruction Fuzzy Hash: C641B731F04B148FDB20DF68D5542AEB7F6EF84610B04882AD85AC7A80DB34E940DB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF18D8 Relevance: .1, Instructions: 124COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a4d1b0d0aa68b6fa926a55e285386ce21cad6d4b4a3a4571aa889135acace1e3
                                                • Instruction ID: a05ca2c730e90ed6d53a58adec3144b40bdf43cccd0d96253f50f7c36cb98852
                                                • Opcode Fuzzy Hash: a4d1b0d0aa68b6fa926a55e285386ce21cad6d4b4a3a4571aa889135acace1e3
                                                • Instruction Fuzzy Hash: 88419F31B10209CBDB58DBF6D4A067E77B2ABC9310B28C569E20697294EFB1CD42C7D1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF0DAF Relevance: .1, Instructions: 124COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 26149f1da3385403a5db8ff61b3914927df001890c7902a051f00be22779df2d
                                                • Instruction ID: a05f8e0ffb81a866abc7f0d681380a60e7d3a119ee03b30a605fa8011d087313
                                                • Opcode Fuzzy Hash: 26149f1da3385403a5db8ff61b3914927df001890c7902a051f00be22779df2d
                                                • Instruction Fuzzy Hash: EA4106307092844FDB1A97B4D850ABA3FB29F86300F1884FEE542CB2A7DA759C06C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF9630 Relevance: .1, Instructions: 123COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ac1aa25e9cf7465dc3cb5b0e708d92278bbcb276da12308bd6664e8869c8492e
                                                • Instruction ID: d873cdf7d0789102edc689f4aa2df17d29c140aec7f475b1184e418b164cfadf
                                                • Opcode Fuzzy Hash: ac1aa25e9cf7465dc3cb5b0e708d92278bbcb276da12308bd6664e8869c8492e
                                                • Instruction Fuzzy Hash: 6951AE74D01208DFDB48DFA9D588AEEBBB5FF88310F10816AE516A7360DB785A45CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578BBD8 Relevance: .1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2bd6a0cbd3bd1f4c4fd1560806c51b0c5b5005adf01bfeaf21b665e7f2513235
                                                • Instruction ID: 367b787350f56a35deafda58462e181e4b83de59aacb71239c90c75708c4ed9c
                                                • Opcode Fuzzy Hash: 2bd6a0cbd3bd1f4c4fd1560806c51b0c5b5005adf01bfeaf21b665e7f2513235
                                                • Instruction Fuzzy Hash: DF41BF35340204ABC719BB24C499B3E7BA6FB89710F508169E90A8B795CF35EC42E7C1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566D0A2 Relevance: .1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c9f7f5285391b4605c4aa794ee1ca39d20288c3996b830c12107ecc9ae5a6f63
                                                • Instruction ID: f67df57517630c77362fa04548968398d39f542066c8f63d1e5f9ebcdb0fd9f8
                                                • Opcode Fuzzy Hash: c9f7f5285391b4605c4aa794ee1ca39d20288c3996b830c12107ecc9ae5a6f63
                                                • Instruction Fuzzy Hash: 35419C71B00616CFCB00DF58C884A6AF7B2FF89320F158655D929AB781D730E852CF94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566DAE8 Relevance: .1, Instructions: 117COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ee1e8a1f61243a2821f69127f0b923094c4f3805b0028ce2444d81ff848aa2a6
                                                • Instruction ID: b5f06e9994b6055824bd7783c58c49a26f4b2440fb5e8115ae3b731139572eb2
                                                • Opcode Fuzzy Hash: ee1e8a1f61243a2821f69127f0b923094c4f3805b0028ce2444d81ff848aa2a6
                                                • Instruction Fuzzy Hash: 12411974B04309DFDB14DF64D895B6AB7F6FB88210F148429E8069B354DB71E845CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05662D00 Relevance: .1, Instructions: 114COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 717e01e487ad4cff534b7eadb682c668599edcf41c734533e20eb8166d159378
                                                • Instruction ID: c52306610751da5d6c4a426413621594a4c56e8bfc368bd827b3480422b49192
                                                • Opcode Fuzzy Hash: 717e01e487ad4cff534b7eadb682c668599edcf41c734533e20eb8166d159378
                                                • Instruction Fuzzy Hash: 7851A074E01208DFDB18DFB9D594A9DBBB2BF89700F20812AE416AB364DB319946CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577DE03 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e90b2d68315ab6573d741a8477f054a06429d8e8773d75818e569d80c3ded2a0
                                                • Instruction ID: c76c0552ccabe816da4173acc1920a605921e82c03556603582a74c95ccc7446
                                                • Opcode Fuzzy Hash: e90b2d68315ab6573d741a8477f054a06429d8e8773d75818e569d80c3ded2a0
                                                • Instruction Fuzzy Hash: 155139B4E042289FDBA1CF29C984BD9BBF1BB49300F1085EAA54DA7250DB719AC5DF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05662CF1 Relevance: .1, Instructions: 107COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 51627d749561fd252bff2d062f33953911454594550e5f75808b8c5ec691329b
                                                • Instruction ID: be3fe4c966e7e98bfcf4ca407abd4a9a4a3e019a39df584b34ae2a8c7ec09bc7
                                                • Opcode Fuzzy Hash: 51627d749561fd252bff2d062f33953911454594550e5f75808b8c5ec691329b
                                                • Instruction Fuzzy Hash: 1641C274E01208CFDB18DFB9D994A9DBBB2BF89700F20852ED416AB364DB319946CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057890B0 Relevance: .1, Instructions: 103COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 91a99fc4ed242026ef980b718be9ba922a166076c5f8bc28ee79dcef99281e89
                                                • Instruction ID: cf58d742a7f3cea1d6b8d9e268aae5527300ddea3233064dd8f9af10ba402658
                                                • Opcode Fuzzy Hash: 91a99fc4ed242026ef980b718be9ba922a166076c5f8bc28ee79dcef99281e89
                                                • Instruction Fuzzy Hash: E631F936A50105DFCB05DF98D888EA9BBB2FF49320B1541A8E60A9B372C731ED55DB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566DC6A Relevance: .1, Instructions: 102COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4f5e88fc7535e7e4899aba7f1ab6d5e924494cede8661828b4a97a0dce78345d
                                                • Instruction ID: 3de655d84a41bc2601bf820351c0005104bc79d86c2fa836d3355da08b3b7bf7
                                                • Opcode Fuzzy Hash: 4f5e88fc7535e7e4899aba7f1ab6d5e924494cede8661828b4a97a0dce78345d
                                                • Instruction Fuzzy Hash: C7418AB1B006158FCB14EFA5D845ABEBBB2FF88350F05856AD406E73A0D7749945CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF0C6B Relevance: .1, Instructions: 98COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 71428e16ad8453a923c4f86612c8153e3ddaa779a73b9a3cc8ba49aefae90cc6
                                                • Instruction ID: 7e6f5b32699cd01319ca25e56e0c53fce4cd039961d5d26d8d6f6b5f8098791a
                                                • Opcode Fuzzy Hash: 71428e16ad8453a923c4f86612c8153e3ddaa779a73b9a3cc8ba49aefae90cc6
                                                • Instruction Fuzzy Hash: 5331C438A002099FCB44DBB8D8549AEBBB2FFC9300B1485A9E506DB395DB75AD07CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF1BF0 Relevance: .1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5f8a78e58b99801d16d1ec01b4b71f3b15ce4d47a89f45f2302fc5cac922b061
                                                • Instruction ID: 26c59680a124b8bd263c93c0dfb01f378e4e4db0bc4d028203b8e6f0124e2133
                                                • Opcode Fuzzy Hash: 5f8a78e58b99801d16d1ec01b4b71f3b15ce4d47a89f45f2302fc5cac922b061
                                                • Instruction Fuzzy Hash: 8E21EC31388249DEE7218BF998843BA7BF4EB41394F14492AF686C2290E260D883C300
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF18C8 Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9d6424e26998265301bffe9650052ce8db17bbfe0cdbfe4adbd1afa8fce81150
                                                • Instruction ID: 8509b8fdaccbc7a363ac2154cd028dbff0815d24c2e1b490ca99d859d0bdf88e
                                                • Opcode Fuzzy Hash: 9d6424e26998265301bffe9650052ce8db17bbfe0cdbfe4adbd1afa8fce81150
                                                • Instruction Fuzzy Hash: 0831C330704208CFDB28DBF6D4A067A7B72EBC5310F2885A9E64697294DBB1CC02CBD1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578D918 Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ee080eaeb1bdaa3d24708e2fdc0a6ed14c85caca664d49585c06e2d8f41771c
                                                • Instruction ID: ff0f9f64e6d98ad00f1ba79b7d03c475fe884ba039433ade4fb1e2f13aca9e00
                                                • Opcode Fuzzy Hash: 8ee080eaeb1bdaa3d24708e2fdc0a6ed14c85caca664d49585c06e2d8f41771c
                                                • Instruction Fuzzy Hash: 3C212671B04348EFCB15EF64D855BAE7BB6EF89300F2080BAE5099B291CE719D05DB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578BA5F Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 83d8b32caa5c4d4f056e77f03f53a902d6021925784257a8457682673a831205
                                                • Instruction ID: a76f61e22a3f6bcd6f59f3aa7d68420c5cbc53680084a934b36bfc5d577a659f
                                                • Opcode Fuzzy Hash: 83d8b32caa5c4d4f056e77f03f53a902d6021925784257a8457682673a831205
                                                • Instruction Fuzzy Hash: 18316D35B802089FDF05EFA4E854AFEBB76FB88311F148165D406B72A5DB319D06DBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 056699F8 Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8bdc67ea99258aff5bfe7c15202796f5ec3649ab1dbfc6e0994147a0300d1518
                                                • Instruction ID: 58a10493cb5c4208ed5bb8fc776dd340be1b3619d8b8ddde8b03b57810a1922f
                                                • Opcode Fuzzy Hash: 8bdc67ea99258aff5bfe7c15202796f5ec3649ab1dbfc6e0994147a0300d1518
                                                • Instruction Fuzzy Hash: A931D0B8E052089FDB04CFAAD944BEEBBF2BB49311F10906AE819B7390DB745945CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05780758 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a05d13008600f5becc39020fe72cb9a22d62e4843f80a4270c3e6802407619a
                                                • Instruction ID: 63815fb3a3d253e8935eb824f3a8bf68d8d15be2c24dc60583c7f4b7bf541519
                                                • Opcode Fuzzy Hash: 9a05d13008600f5becc39020fe72cb9a22d62e4843f80a4270c3e6802407619a
                                                • Instruction Fuzzy Hash: 66316B34B04704DFCB25AF35C45892ABBB6FF85211714886DE8468B361DF36EC4ADB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05785971 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ca981193519d1481c51971ebc202cb3e68c109d2246bcd6e99460735280a5d3
                                                • Instruction ID: 2734fbb5aed155e34bb5fc53313978f7bb7b062399b7a6d7c597af27db00a6d7
                                                • Opcode Fuzzy Hash: 8ca981193519d1481c51971ebc202cb3e68c109d2246bcd6e99460735280a5d3
                                                • Instruction Fuzzy Hash: C0317336700108AFCF099FA4D994EA97FB2FF8C310B1545A9EA099B361DA31DC52DB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05669BFF Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e3223c7d247aea3dcc80948e9a2b202eb2f0363e5d9aa40edcebb66477b7d3a8
                                                • Instruction ID: 8bfcb264e2f522062a5cd3486107dd7deef6633ccd9168a508d4ca169d481772
                                                • Opcode Fuzzy Hash: e3223c7d247aea3dcc80948e9a2b202eb2f0363e5d9aa40edcebb66477b7d3a8
                                                • Instruction Fuzzy Hash: 473116B4E04609CFDB04CFAAD954AEDBBF2BB89310F148429D819A7390D7704942CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05669A08 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c9c0f905c9d2741ff66a6531ea67aeec6a58d932c5da8c6f973ce82f2f965880
                                                • Instruction ID: c8df8518fbaaa17b13583449f5378873f6efc64f68793b3af14a2bd37696dced
                                                • Opcode Fuzzy Hash: c9c0f905c9d2741ff66a6531ea67aeec6a58d932c5da8c6f973ce82f2f965880
                                                • Instruction Fuzzy Hash: F331D178E05208DFDB04CFAAD844AEEBBF2BB89310F10906AE819B7350DB745945CF94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF57C8 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 15f995975b2df0f5c44b316a0920affa5726477cfab6b1c499f104583af43be9
                                                • Instruction ID: a0d0d977eb1d0a79faa4996089a2ca6850688c11b91da4c1757727782129413d
                                                • Opcode Fuzzy Hash: 15f995975b2df0f5c44b316a0920affa5726477cfab6b1c499f104583af43be9
                                                • Instruction Fuzzy Hash: B0318131E006199FCB54DFB9C850B9EBBF2FF89310F658569E209EB251DB31A901CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFB480 Relevance: .1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 112e452f51177511b37c30bcd9da9a6390141c3c57ea14bd181119f4b6822d73
                                                • Instruction ID: 6b05e8eed18542ce21218693213f2e7698fc304c8a39600a4cc0860b7bb16278
                                                • Opcode Fuzzy Hash: 112e452f51177511b37c30bcd9da9a6390141c3c57ea14bd181119f4b6822d73
                                                • Instruction Fuzzy Hash: 85317CB4E1520DCBCB04DFA8D9805FEB7B5EF88310F10C625E60AA7392DB3499418BA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A6E5 Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f0e24334cbf6b1fef7368da43655801aa53d7441a4d3360355482460c9f68d21
                                                • Instruction ID: e6a23ced48d88f12f0fa0a6ab6e6f8ffa39a1132f5514798ed8115163b1fd740
                                                • Opcode Fuzzy Hash: f0e24334cbf6b1fef7368da43655801aa53d7441a4d3360355482460c9f68d21
                                                • Instruction Fuzzy Hash: 3731E774D05208CFDB64DFA9D884BADBBF2FB89304F209069D419A7356DB749841CF01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05787278 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4ea38a4425459100c269bc87369495d35f3c6d56f7bca93afc70ec87f953b363
                                                • Instruction ID: 89694faf0fbac9b7ce163c0b008b17af48dc59613e3f425af96b333e2a947745
                                                • Opcode Fuzzy Hash: 4ea38a4425459100c269bc87369495d35f3c6d56f7bca93afc70ec87f953b363
                                                • Instruction Fuzzy Hash: A621C4323442004FD739ABA9E844E66B7F5EB81321725847AE50EC7662CB21EC42C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFB490 Relevance: .1, Instructions: 84COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dab52ba3c95165066b823aca4d2c9eef09baabba35cabe7affb945166ece18af
                                                • Instruction ID: 99f48a05d6f730c9efb3c881289b984ab5a6148ce8edf1ae5738cb63325f2777
                                                • Opcode Fuzzy Hash: dab52ba3c95165066b823aca4d2c9eef09baabba35cabe7affb945166ece18af
                                                • Instruction Fuzzy Hash: D8314C70E1520DCBCF04DFE9D9805FEB7B9EF89310F209625E616A7392DB3499418BA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF5CBF Relevance: .1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c537336964d296288d2bdc59f3376d6e92231f275e1bd7a1d47c581d63c764ff
                                                • Instruction ID: e726e4b8e4c4073d4f424d02c1de02bcb62a6b123e332a128ed7e344d1e5fedd
                                                • Opcode Fuzzy Hash: c537336964d296288d2bdc59f3376d6e92231f275e1bd7a1d47c581d63c764ff
                                                • Instruction Fuzzy Hash: 2931E271D0A64CCFDB45CFB8D8893E9BFB0EF56314F184196E1059B282DBB44A41CB11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566AAA8 Relevance: .1, Instructions: 82COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9e568ca0b10c04844d0b64d83ba6f9eb82a8b8d281b4fb2de4a7d66c828ae4bd
                                                • Instruction ID: cd8211ea35600bdae20581f116e0664585584a1399fb737b5ea1780fa45e20ec
                                                • Opcode Fuzzy Hash: 9e568ca0b10c04844d0b64d83ba6f9eb82a8b8d281b4fb2de4a7d66c828ae4bd
                                                • Instruction Fuzzy Hash: 9E31E278E04208CFDB04DFA9D585AAEBBB6FB89304F10C06AD816B7345DB745A46CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566AA9A Relevance: .1, Instructions: 82COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cdbb540f523ef83c51f45e68f7a132211e8b1e2dc634ced4d564939d6841ee9b
                                                • Instruction ID: a5d0f08e1183ce8ab7ad7b68a2377ddd561482e31796e23b6b7a70377cb25f98
                                                • Opcode Fuzzy Hash: cdbb540f523ef83c51f45e68f7a132211e8b1e2dc634ced4d564939d6841ee9b
                                                • Instruction Fuzzy Hash: F83103B8E04248CFDB04DFA9D5856AEBBB2FB88300F10C06AD815B7345DB785A46CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 056696F8 Relevance: .1, Instructions: 81COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c2bb4e4a93343e5c030d6056be8c8eb86ae4b60e79e4e9793b219eea32de47ec
                                                • Instruction ID: d68f8e95c4ddd3e6048b48da184af94a7c1672c1f3d57638363289d85af86fd2
                                                • Opcode Fuzzy Hash: c2bb4e4a93343e5c030d6056be8c8eb86ae4b60e79e4e9793b219eea32de47ec
                                                • Instruction Fuzzy Hash: F331C2B5E012099FDB08DFE5D8556EEBBB2FF88311F10802AE816A73A4DB705945DF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057890A1 Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52e96b7488be75e0f4b22648e4bc2539650d53e25ec5df33ff57c17e24c3d542
                                                • Instruction ID: 62807793a791eb427c004b0122c14ae12adbb6c26ce52e32ea9fec5883c1d055
                                                • Opcode Fuzzy Hash: 52e96b7488be75e0f4b22648e4bc2539650d53e25ec5df33ff57c17e24c3d542
                                                • Instruction Fuzzy Hash: 20214C76A50108DFCB05DFA8D888DA9BBB2FF49320B1640A5F6099B372D732EC15DB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF1650 Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dc34ce1bc3d4400c805195c3982ca8c3b263dde4adf87f4503b4a511c3a8b554
                                                • Instruction ID: 771267866b97554e55e8526f143ecbb971bd04d0223ad55dfc372ffbfd4a346d
                                                • Opcode Fuzzy Hash: dc34ce1bc3d4400c805195c3982ca8c3b263dde4adf87f4503b4a511c3a8b554
                                                • Instruction Fuzzy Hash: 0831E474B00219CFDB44DBA9D998BADB7B1BF88705F144469F906EB3A1DB709C01CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578C760 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 44215ecc454d3dcedad623c04497fb70f3ae975d938f02157453d12cc1c28a0e
                                                • Instruction ID: 0a96bfc0c39f93ebcfeffa8fabcbd88a7d31603da63d4396200c0416e4fc585c
                                                • Opcode Fuzzy Hash: 44215ecc454d3dcedad623c04497fb70f3ae975d938f02157453d12cc1c28a0e
                                                • Instruction Fuzzy Hash: 3E217674B10A098FCB04FF68D54896EB7B5FF89701B10412AD50697320EF70A946CBE1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05781071 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f12ece79482c3d7e7e4e9789a521451324972bdf47c2d94a1c3dfb9c322383b1
                                                • Instruction ID: f094545bbc0a5f160cb7035d64bd13b17b9480a2dd47ae484e43beaefa0db4df
                                                • Opcode Fuzzy Hash: f12ece79482c3d7e7e4e9789a521451324972bdf47c2d94a1c3dfb9c322383b1
                                                • Instruction Fuzzy Hash: DE2159713482949FCB01DF6AD840ABA7BEAFF8A210B458096F845CB2A1DA31DC51DB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566C440 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a6b2df24e51e3916fba781bfeef7372074dd1702b3e9e93b75eb433651afc0e
                                                • Instruction ID: 691d89a7ed1fffc329a71208fffb8d282cae706c320aea1b47e712aed5ecfbdf
                                                • Opcode Fuzzy Hash: 2a6b2df24e51e3916fba781bfeef7372074dd1702b3e9e93b75eb433651afc0e
                                                • Instruction Fuzzy Hash: 4621A035A042089FDB05CFA4C859AED7BB6FB8C320F14811AE415A7390DE348846DBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05780500 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 027f5bb86f12676cb823093eb7ac3218dec6ce3978cb423aed4f51d39b5afacd
                                                • Instruction ID: 0367839e891c1d4c6fada54f6d5ae8d45e848df769c4b4591db6bf14c87e4853
                                                • Opcode Fuzzy Hash: 027f5bb86f12676cb823093eb7ac3218dec6ce3978cb423aed4f51d39b5afacd
                                                • Instruction Fuzzy Hash: 45218C71E40209DFDB10EB79C408BBEBBF5AB04340F508066D505D7290E734DA48EBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578BA97 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 126822df60524998be1b22a96f265c7b30ae23ea293e08b2d97affbb7c2ca9ee
                                                • Instruction ID: 0dedfd01177e574ecfe60a34d7b1ce227c3ae677e991de584369b10cc7314617
                                                • Opcode Fuzzy Hash: 126822df60524998be1b22a96f265c7b30ae23ea293e08b2d97affbb7c2ca9ee
                                                • Instruction Fuzzy Hash: 7B214F32A401099BDB04EFA8D854AFEBBB5FF88310F148165D406B73A4DB319D05DBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFB6E0 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4f57201c7a827ac2bb40cabcd882876ec89b2221cf993ae223e2dfef8caf362e
                                                • Instruction ID: 8cee3d0886bfc01ec4426e3721b74fb570f7d0113965266bdef959568e5e9820
                                                • Opcode Fuzzy Hash: 4f57201c7a827ac2bb40cabcd882876ec89b2221cf993ae223e2dfef8caf362e
                                                • Instruction Fuzzy Hash: 482157B4D0220CCFDB04EFEAC8446FEBBB5EB88310F14842AE105B3690D7781A45CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05787220 Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 18ad0302ce668f49692c369989fc5fb0dd2ca93ca5a99cb1d1cd684f65b9f982
                                                • Instruction ID: a90d30d4ee58914b4f97bbfabc716c334ee89d8c7b87c630716762463b2eceee
                                                • Opcode Fuzzy Hash: 18ad0302ce668f49692c369989fc5fb0dd2ca93ca5a99cb1d1cd684f65b9f982
                                                • Instruction Fuzzy Hash: D721A5367482009FD728DFA9D894E6A7BB9EF84320B244079F50FCB361CA21DC41C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AAD01C Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784539571.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_aad000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc265693965d07e61565095a5b4d559299915ff388deefecd5ddeda6e300816e
                                                • Instruction ID: bc2d0b8947aa81b00edb25164f64a672ee85c364a4e35948968c77f6e2682d20
                                                • Opcode Fuzzy Hash: bc265693965d07e61565095a5b4d559299915ff388deefecd5ddeda6e300816e
                                                • Instruction Fuzzy Hash: 4C213471504344DFDB10DF10D9C4B26BB65FB89314F24C569E88B4BA82C336D80BCBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05770040 Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7ca40e633808ec4ec0ec555511f506f89a0966f2e7a01b0d510e388a281bbba4
                                                • Instruction ID: 918a5fe44f954e1439c6ac3a4de3dd08c08e1ebf49111f6034c1c7f017ff79c7
                                                • Opcode Fuzzy Hash: 7ca40e633808ec4ec0ec555511f506f89a0966f2e7a01b0d510e388a281bbba4
                                                • Instruction Fuzzy Hash: 22212F30A09304DFDB29DF34D5596AA7FF2FF81200F1444AEC04A8B291EF76A84ACB10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05781080 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ecdf0f8725a2f010bfa4f63305efb9f478585ed119e745ffde962cb480e1fa1c
                                                • Instruction ID: af7bde446cada9c20e45efdeffb382d171ac9ca4125d6a4211a4ae71d4887585
                                                • Opcode Fuzzy Hash: ecdf0f8725a2f010bfa4f63305efb9f478585ed119e745ffde962cb480e1fa1c
                                                • Instruction Fuzzy Hash: 92215E703441949FCB05DF6AC844ABA7BEAFF8A310B458095FC46CB361DA36DC51DB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057831C1 Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6b818b8f3889d5f7a7b2050122e968c7a1d5f409e8bd1e219be237937cb4ac6f
                                                • Instruction ID: ec1c2dd4e507b39dce6d09f82d482fa3b5ff7f2232811950a49d3e7a1fc56574
                                                • Opcode Fuzzy Hash: 6b818b8f3889d5f7a7b2050122e968c7a1d5f409e8bd1e219be237937cb4ac6f
                                                • Instruction Fuzzy Hash: 4C216272A0420CDFDB19DF98D850CDEBBF9FF89210F014566E555D7261EA30AD05CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A94B Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 064258788615cd6863577dbb3df40dc25911862fb654cc7f508300f357a51aed
                                                • Instruction ID: a3b65997cae06ab366eee12f3bcc924207797958063e678c8ca367a218528c34
                                                • Opcode Fuzzy Hash: 064258788615cd6863577dbb3df40dc25911862fb654cc7f508300f357a51aed
                                                • Instruction Fuzzy Hash: 122125FFE143069BFB40FA94D80B6D937A0EB77304F054075A405962C2FA7C5947DA12
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05784710 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 47b7cf7b538665c4b1b74082f80a0e53510880abf539e5e9e661e3b587e46624
                                                • Instruction ID: 30235e7b1eefa4f214a0cef1f7a38541e27376a4af5172d3bc5e1283f0b5d965
                                                • Opcode Fuzzy Hash: 47b7cf7b538665c4b1b74082f80a0e53510880abf539e5e9e661e3b587e46624
                                                • Instruction Fuzzy Hash: 28210475A402098FDF04DFA4C584AEDB7F2FF88304F2045A5E405AB3A1CB76AD45CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFB6F0 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2d38759683dd83b59170ec34734dd8ca3b4e3d6be7370e3266a939b0d1849031
                                                • Instruction ID: 53715d0cadc1ce37161e23d7f1fe852784cd8d37b8090b1d6e9f86e7d96e85b2
                                                • Opcode Fuzzy Hash: 2d38759683dd83b59170ec34734dd8ca3b4e3d6be7370e3266a939b0d1849031
                                                • Instruction Fuzzy Hash: B6212574D1620DCFDB08EFEAD4486FEBBB5EB89311F24842AE505B3250DB741A45CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05663488 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4e2518b8be63db8a1a7a514cd076ec2c43cefb8e14901de9e3749fd39fd738fb
                                                • Instruction ID: 32b52c8614aad4618d612f3263b0f1e1e1fc5d04b3bb895a3b15e735bf665780
                                                • Opcode Fuzzy Hash: 4e2518b8be63db8a1a7a514cd076ec2c43cefb8e14901de9e3749fd39fd738fb
                                                • Instruction Fuzzy Hash: 162105B4E0420ADFDB14DFA9D041ABEFBB2FB48301F10856AD805A7345DB349982CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566BDC9 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3796519493222c7df7a8ae61b7b96c39df85fc018b18f39b39af8b1e883e96d4
                                                • Instruction ID: 4d751efeb109d96e1f87f578ff2e1c174fc26b231816149b8ffa51c963e0f4f6
                                                • Opcode Fuzzy Hash: 3796519493222c7df7a8ae61b7b96c39df85fc018b18f39b39af8b1e883e96d4
                                                • Instruction Fuzzy Hash: 122181726102059FDB14EB69D84676E7BF6EFC8310F408529E00AEB785DF71AD098B91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05784700 Relevance: .1, Instructions: 67COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 77fce8785c4ee3b7c7d2827756f8c7043942733eedc4174d9d497d4f8a041d37
                                                • Instruction ID: 0e4cf75dfa6a4a602f316f7162f7fee6f9eaf50e2982c0d89971182419bcb3de
                                                • Opcode Fuzzy Hash: 77fce8785c4ee3b7c7d2827756f8c7043942733eedc4174d9d497d4f8a041d37
                                                • Instruction Fuzzy Hash: 30214675A002098FDF04DFA4C589AED7BF2FF49304F2006A8E405BB2A1CB759D45CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566DC78 Relevance: .1, Instructions: 67COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 839f91b0b2d25f49944f0f9c94f332ae4f1a38a296abdcf7f5ff64cf507a7c07
                                                • Instruction ID: 20f1c549f85d9efcc67adcb07f0d81f6113c7abd4ee5f24b627fd8eb6284cd86
                                                • Opcode Fuzzy Hash: 839f91b0b2d25f49944f0f9c94f332ae4f1a38a296abdcf7f5ff64cf507a7c07
                                                • Instruction Fuzzy Hash: AE214CB1B00619CFCB14EF65C854AAEBBF6FF88650F018569D906A7360EB71A845CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578C75B Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8768f5fbbab5e2b1aba39991dace18c6c7cd7f25d698036ab02db7f4461c3ab4
                                                • Instruction ID: 1975e961f132ed189049053feeb50b39a4ab62e9c726006adc5845eeed6a30e8
                                                • Opcode Fuzzy Hash: 8768f5fbbab5e2b1aba39991dace18c6c7cd7f25d698036ab02db7f4461c3ab4
                                                • Instruction Fuzzy Hash: 44214574B00A099FCB04FF68D4489AEB7B5FF89701F10416AD50597320EF70A906CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05779FE0 Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0fec345bac8b5eeb6007a6a46ae8a62a3f00cef4d3192eb0bef192ded182b38e
                                                • Instruction ID: a2e4064131c94eb439254c6f26e3691e9a73070f3c421e82b8756a1fbd05972a
                                                • Opcode Fuzzy Hash: 0fec345bac8b5eeb6007a6a46ae8a62a3f00cef4d3192eb0bef192ded182b38e
                                                • Instruction Fuzzy Hash: 2B211870D0421D9FEF04CFA9E8547EEBBB6FB89310F108869D419A3281EB785A45DF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF0CDB Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5c90dbdc7c30ccd9aa7c6a05b31c42d0f6524cbb0f01040193c1986d05343293
                                                • Instruction ID: bf2831748d08d4f46832088353ef0305460ba21c713893d69ae930ecaa661d76
                                                • Opcode Fuzzy Hash: 5c90dbdc7c30ccd9aa7c6a05b31c42d0f6524cbb0f01040193c1986d05343293
                                                • Instruction Fuzzy Hash: 8921D578A012099FCB04DBB4C9549AEBBB2FFC9700B04C6A9D401AB395CB34AE06CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05663429 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d5f58f2731bee76d704db4017bf40a854a643d217315002bf8b829ce8920e6bd
                                                • Instruction ID: 5ad0c02453b054ec76c5d7a3992af5d61bb82ce8ab78c7ba3ba1b0f60610aa4a
                                                • Opcode Fuzzy Hash: d5f58f2731bee76d704db4017bf40a854a643d217315002bf8b829ce8920e6bd
                                                • Instruction Fuzzy Hash: 8E219070E09209DFCB05CFA8D444AAEFBF1FF46310F1486A9D419973A1DB305A42DB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578D970 Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc72e8942c9e5816b3883f87bd74f49f93aa10f13098272a3bad821e808b78a9
                                                • Instruction ID: a7e13d019b31e21336800aa9212c5705c3eacc117ad885d5225515fb38a9910f
                                                • Opcode Fuzzy Hash: bc72e8942c9e5816b3883f87bd74f49f93aa10f13098272a3bad821e808b78a9
                                                • Instruction Fuzzy Hash: EC11E772B003589FCB15DF54D895BAA7BF2EF49300F1580AAE549DB291CB319D44CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05666541 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 35bcd0ae8a7594c1333461df4fd85e03265b3c18d237f6d6fe4badb05108d510
                                                • Instruction ID: e0c4b8fe54426cf6da57e2c842657a6b4409b536ec5b9953490b89c80f875538
                                                • Opcode Fuzzy Hash: 35bcd0ae8a7594c1333461df4fd85e03265b3c18d237f6d6fe4badb05108d510
                                                • Instruction Fuzzy Hash: 342119B0D0926ACFDB24DF15ED8D7A9BBB5BB88305F1081E6D009A2214DB714EC1CF04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF5CF0 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ee0ea3fe56ce3089d650059736de3f99ce4a9825d0891fe4a080996a2914a75
                                                • Instruction ID: 9ce6964e5b81b59ea744007f5b1d4cdd5ed9f1cc1f39cc482da8b7f1488446d9
                                                • Opcode Fuzzy Hash: 8ee0ea3fe56ce3089d650059736de3f99ce4a9825d0891fe4a080996a2914a75
                                                • Instruction Fuzzy Hash: 77210870D0660CDFDB48DFF9D4487AEBBF1EB89305F1084A6E205A7240EBB44A418B51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 056622B8 Relevance: .1, Instructions: 60COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b466682ede337643e4d0fc39e71e645f554352d7b94d46aac954c1f339fc53f6
                                                • Instruction ID: c444f62d3b24c4fd9f259667b0d2e6083b9e7993a238fbbf1e542923b3e54120
                                                • Opcode Fuzzy Hash: b466682ede337643e4d0fc39e71e645f554352d7b94d46aac954c1f339fc53f6
                                                • Instruction Fuzzy Hash: EC21F474E05228CFEB18CF6AD854BEDBBF6BB89300F0080AAD50DA7251DB711A85CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05779FF0 Relevance: .1, Instructions: 60COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b89932532de572a29a0258f9edb7a7128eb3a833986859794b3164ef8b5fe837
                                                • Instruction ID: 97e15bf8a26d17f51cf3c2be41ffcb52e239a2ee7cac0f0f46d30f4235133649
                                                • Opcode Fuzzy Hash: b89932532de572a29a0258f9edb7a7128eb3a833986859794b3164ef8b5fe837
                                                • Instruction Fuzzy Hash: 1521F474D0420DDFEF04CFA9E8546EEBBB6BB89300F108869D019A3281EB741A45DF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF0CE8 Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a2ae96c8ad9f287bcb64ce7c944b62c4f3a4a3deb40a17e3e94de124ff0915de
                                                • Instruction ID: 0171062fc199b513e25f53ade096286b9dfa5bbfba5981c7c9f31c6b514bff98
                                                • Opcode Fuzzy Hash: a2ae96c8ad9f287bcb64ce7c944b62c4f3a4a3deb40a17e3e94de124ff0915de
                                                • Instruction Fuzzy Hash: FB11B178A001099FCB04DBA4C9449AEB7B2FFC8301B04C568D401AB384CB34AE02CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05786E28 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 039f8248b3efb15f5347651b6b36663dde6b3b7294f51dd0deb0abb054716ed3
                                                • Instruction ID: fd74c05d94c6eb7999719769fe0d764d6ff234a24301bff2f8c95e72a24c60d9
                                                • Opcode Fuzzy Hash: 039f8248b3efb15f5347651b6b36663dde6b3b7294f51dd0deb0abb054716ed3
                                                • Instruction Fuzzy Hash: 3C0184753401145B9B14AE69D8D8C3EF79BFFE4A11314803AE606CB321CE31DC01E790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566D1F0 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8010d25ce2d276bbd8baae88bbae62c07f6d767aac430afa2b288c0b484631cd
                                                • Instruction ID: 495773ad51cf04f1c474eeffa990fab8a85506f075cb0eb28481e975d29b3ac9
                                                • Opcode Fuzzy Hash: 8010d25ce2d276bbd8baae88bbae62c07f6d767aac430afa2b288c0b484631cd
                                                • Instruction Fuzzy Hash: 31118675B142049FCB64DFA49855BAE7BF6FF89701F14416AF905E7380DA70C906CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566D200 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d2d0a1d3dbab73dbf629db0502c6b24a58d65edd75897b789b098025f697bf30
                                                • Instruction ID: 5d92f08d44b4d209a31ab8ce89a26e24847d259941daf108797a24c9929fc57b
                                                • Opcode Fuzzy Hash: d2d0a1d3dbab73dbf629db0502c6b24a58d65edd75897b789b098025f697bf30
                                                • Instruction Fuzzy Hash: 4A118631B142049FCB64DF689845BAE7BF6BF89600F14812AF50AD7380DE74C906DBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566CF69 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d6d61b4bd33f6f1d75646c9c6cdc65b9685d4c35c6a6bf591abd425d3122881
                                                • Instruction ID: 5158fc7a85827a66a7ac5bb312ce393dab07eb5af23f4b25d27f5aef480bf189
                                                • Opcode Fuzzy Hash: 3d6d61b4bd33f6f1d75646c9c6cdc65b9685d4c35c6a6bf591abd425d3122881
                                                • Instruction Fuzzy Hash: 1A219F78A02619AFDB04DFA8D594EADB7F2BF89700F204059F806AB360CB30AD05CB54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AAD017 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784539571.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_aad000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 48756c69625733315cecfc6c50bc65c8a4f13df2b65ccd10e90c8d3f0fc5b8dd
                                                • Instruction ID: 45663b5818195e00372d5312507e382f75ef3378ce550aa48634e2354399e3ab
                                                • Opcode Fuzzy Hash: 48756c69625733315cecfc6c50bc65c8a4f13df2b65ccd10e90c8d3f0fc5b8dd
                                                • Instruction Fuzzy Hash: A811B676504280CFCB15CF14D5C4B56BF71FB85314F24C5AADC4A4BA96C336D85ACBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566CE20 Relevance: .1, Instructions: 54COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d12052f71ddee14bfb1c9a315bd6880ef2646c74ffbf5f6e8fbc1950c3d0e193
                                                • Instruction ID: 30fe350f7143fb91942b663070137159907d02f4dbd51dea2646b23d7920e9c5
                                                • Opcode Fuzzy Hash: d12052f71ddee14bfb1c9a315bd6880ef2646c74ffbf5f6e8fbc1950c3d0e193
                                                • Instruction Fuzzy Hash: 69115E763097C05FD7169B39DC95D4A7FB5AF9A12070A86EBE494CB2A3C928CC09C721
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566DEA0 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 61306fe957ecfd4c1e17bc720090eaedab06d4f38eb592351d6d4763fff136c9
                                                • Instruction ID: 512e125a1ad0b2d5f49c80c8d69cd3c864acf0ada78dc11763d98d49c8ec7081
                                                • Opcode Fuzzy Hash: 61306fe957ecfd4c1e17bc720090eaedab06d4f38eb592351d6d4763fff136c9
                                                • Instruction Fuzzy Hash: 5E01F1333082589FE754CAA8E440BEABFF8FB54220F2480ABF484D7390D631E980C760
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057858AF Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ceca387f866ddff3844ab846d54e4a8cd806cd8b0cda7f8fcda7cf59863d875
                                                • Instruction ID: 5529e3937c3aeba5fcd351c4b00c46eb1e813afab6592832dbf94afb30e21a8c
                                                • Opcode Fuzzy Hash: 6ceca387f866ddff3844ab846d54e4a8cd806cd8b0cda7f8fcda7cf59863d875
                                                • Instruction Fuzzy Hash: DBF046B2A4E3916FEB222B295C24974BFB6FF4712034501BBD849DF203D2148C06D7A2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566CE48 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 002f0942747aceacdc309bb1d33c106b996b1bcd7d81052dbf4ea5f3f6ea5af7
                                                • Instruction ID: bf22975de83dc536165546d614f2e27e2565eba1199c46d854da62a3ee3eb468
                                                • Opcode Fuzzy Hash: 002f0942747aceacdc309bb1d33c106b996b1bcd7d81052dbf4ea5f3f6ea5af7
                                                • Instruction Fuzzy Hash: 90014436340215AFDB108E59DC85FAA7BE9FB89721F108067FA15CB390CAB1DD15DB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF16F9 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 55ffb13a02fa01ae654cface226cf744410e22aad8e824865edca2242fa0ae07
                                                • Instruction ID: f4f3b3c26fc9b0b59a8cbe98339e42032e55c07f47847398674dcd904eea6321
                                                • Opcode Fuzzy Hash: 55ffb13a02fa01ae654cface226cf744410e22aad8e824865edca2242fa0ae07
                                                • Instruction Fuzzy Hash: A2113C38604249CFDB04EBD8D968BAD7771EF48311F244065F606AB390C7359D468F51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF1AE0 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0c24e9583ea14c090b3128147cd77337182fb4fa84e324cc8319092fa4647069
                                                • Instruction ID: e86ca3349a7a9d034949339c4223a5faadbab9a711b2db770fc71439a8b91748
                                                • Opcode Fuzzy Hash: 0c24e9583ea14c090b3128147cd77337182fb4fa84e324cc8319092fa4647069
                                                • Instruction Fuzzy Hash: 34012635704108DFC71497DA9800B3AB3A6EBCA350F24402AF60AD73A0EB719C028795
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577B0D0 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 844acf7e000c2dd96aab8f5b1f78a32b678d87e1eeec0e17d31691e6b59a066f
                                                • Instruction ID: 0fe34fd16914696d736fa6f5cafe24c164e51eeda1b3cfe1575729c8fbda0e98
                                                • Opcode Fuzzy Hash: 844acf7e000c2dd96aab8f5b1f78a32b678d87e1eeec0e17d31691e6b59a066f
                                                • Instruction Fuzzy Hash: EC11307091421DDBDF24CF55DC44BEEBBB6EB89300F0080A5D51DA7654EB301984EF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578EC27 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 157952e07fcbaf8d7277725f8a6baa88030c7aca9204c0a9db821f1bd7194545
                                                • Instruction ID: 0de0b8b9509b50d19863b2355c745b519f4f7c16ba7d791f7bc3d4e606b53e4f
                                                • Opcode Fuzzy Hash: 157952e07fcbaf8d7277725f8a6baa88030c7aca9204c0a9db821f1bd7194545
                                                • Instruction Fuzzy Hash: 5811C231F54209EFCB20AB64C945BE9BBB9BF45705F00405AF50AAB2A0DB709545DB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057712D1 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0963f2007d3f57e6195c5a464e195fcce91bf79f50f6ebf423bef0108c90ecd3
                                                • Instruction ID: 2a0ffa13bcf65790a0f4c24395ed5d99532b8cd8f9ff0f3cb6ca6c69a4f78d69
                                                • Opcode Fuzzy Hash: 0963f2007d3f57e6195c5a464e195fcce91bf79f50f6ebf423bef0108c90ecd3
                                                • Instruction Fuzzy Hash: C701DB70B4D24CAFCF05CBA4E440DB97BB9AB47204F5881D9DC09DB3A2C6319916DB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578C730 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2aae31f6e784b343146df62791dd055222a0169476f2f6e982fec8e1b37edd94
                                                • Instruction ID: d3f837622b21a5c9cb12a6df783931f82ce1aab485675b29aadc0ec1eab6b142
                                                • Opcode Fuzzy Hash: 2aae31f6e784b343146df62791dd055222a0169476f2f6e982fec8e1b37edd94
                                                • Instruction Fuzzy Hash: 7A01B575750904CFDB00EB54D489AADB3B6FF89301F504156E1029B770DB34AD02DBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05789AE0 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 84905a27076e3c65d0267e2c3017035585e85500d1043e687df58cc3886b4afe
                                                • Instruction ID: ffcec81c5611bd2eedb1b987b8d91894706f685ae1bb4df0f4343ab892142f18
                                                • Opcode Fuzzy Hash: 84905a27076e3c65d0267e2c3017035585e85500d1043e687df58cc3886b4afe
                                                • Instruction Fuzzy Hash: 6801B1393007149FC709EB64D458A6A7BB2EF8E711B10856AE9058B3A5DF71DC02CBC1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05663478 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5b814ed896cd92d42dccffec36c3322d53c998b8f53b9d10866f50192f56ca14
                                                • Instruction ID: d0ec0f0ad8ea676cfa11661bfe520f22efac4783900b72ff28ab3cbb1d85d769
                                                • Opcode Fuzzy Hash: 5b814ed896cd92d42dccffec36c3322d53c998b8f53b9d10866f50192f56ca14
                                                • Instruction Fuzzy Hash: 50113970E0924ACFCB05CFA8C4456AEBFF2FB46310F1986AAC418A7392D7314646CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05669DC8 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 66bd6ace8598bca08b2c278c67828c0880a36c79f5a08ea00e9bf78ad1e43809
                                                • Instruction ID: 54be387a9333014b5a50d807c8d55884a204af9996c9e6e97fbdf609be5fd017
                                                • Opcode Fuzzy Hash: 66bd6ace8598bca08b2c278c67828c0880a36c79f5a08ea00e9bf78ad1e43809
                                                • Instruction Fuzzy Hash: 7511AD30908119CBDB18DF69E845BEDB7B6FB89301F008169E819A3341DF345A8ACF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578BBE8 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 906437d2700af4edc3641ed8b6c2fd643388ebb714d99cda1237c9378ebf6214
                                                • Instruction ID: 690076f4b641b1a8176349b2685261a4e2933c0f062a3f5828a88ebdd8018f92
                                                • Opcode Fuzzy Hash: 906437d2700af4edc3641ed8b6c2fd643388ebb714d99cda1237c9378ebf6214
                                                • Instruction Fuzzy Hash: 43014C313402049FC329AB24D498B7B77A3BB89320F144629E55A8B7A4CF71EC42EB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF56E8 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a09afb16969c957fe647164cba4b8e432f6c6c23cec781127dcb785bbbd75ced
                                                • Instruction ID: ea5fd759ba5b987987d503731076e687e659713d088cf1fa25a1a0e3d60ac23d
                                                • Opcode Fuzzy Hash: a09afb16969c957fe647164cba4b8e432f6c6c23cec781127dcb785bbbd75ced
                                                • Instruction Fuzzy Hash: E601A935B1051CCF9724ABF9E444525F3EABB89761336856AF605DB311DE31DC008B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057864C8 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8aa83e52808cd9f5c6782637f4fedfd3f17ae78fb5a6f668185b0be3c433f79d
                                                • Instruction ID: 38719643088015a323769d3c9ca57f728fcbb2b66adbb18cf0548fe65088dd56
                                                • Opcode Fuzzy Hash: 8aa83e52808cd9f5c6782637f4fedfd3f17ae78fb5a6f668185b0be3c433f79d
                                                • Instruction Fuzzy Hash: 1BF07837B001047BCB19AA49D80897DB76AEF94220B04402AE90AD7371EE3088068380
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF1AD0 Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 567376f846b24a7f91f07bb59cb00a8e4f8391c5c44dd6de7b9d18289e133d2f
                                                • Instruction ID: 17419b518562dbd872869aa565f97f8caa1256b0fbb9d205a2201e216329ce0c
                                                • Opcode Fuzzy Hash: 567376f846b24a7f91f07bb59cb00a8e4f8391c5c44dd6de7b9d18289e133d2f
                                                • Instruction Fuzzy Hash: CC01F734704209CFC70597E88415739B7B2EB8A340F1440B9F206DB3E1EB749C41C745
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059F13A3 Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5abd64a2a54b3d43aa893075ee212fd851e014d9af4be3ce3feecf6f40f2ff47
                                                • Instruction ID: 487decf4f9b82753818076d5a4643cc2f7c700f2c3ef5b69696234a073585160
                                                • Opcode Fuzzy Hash: 5abd64a2a54b3d43aa893075ee212fd851e014d9af4be3ce3feecf6f40f2ff47
                                                • Instruction Fuzzy Hash: E221D078A00228CFCB64DF28C994AD9BBB5FB48301F0040EAE509A3B41DB349F848F50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05789868 Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 91fa455a72690a78a9304fe184b8dd1135647233d5314d8882c41bb56e259cc6
                                                • Instruction ID: 65c7a2eb6ca2e3e1b3daba699841771d915fb9f40ad623ac97e6ae94d661510a
                                                • Opcode Fuzzy Hash: 91fa455a72690a78a9304fe184b8dd1135647233d5314d8882c41bb56e259cc6
                                                • Instruction Fuzzy Hash: 45F0A47A3402049FC715AF54C458D397B76FF8A711B14409AE506CB761CA31DC42DB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A812 Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3b58e769a7ee7d1ae9d4fc97513e49447d9da6ab5b2ed19f51d285e195489462
                                                • Instruction ID: f93540574a1f7f63195c1e24d7286a561d3dc72b601ee0a7fa108c648a14a586
                                                • Opcode Fuzzy Hash: 3b58e769a7ee7d1ae9d4fc97513e49447d9da6ab5b2ed19f51d285e195489462
                                                • Instruction Fuzzy Hash: C0112574A05218CFDF54DF64D954BC9BBB2FB88305F0041AAE409A7384CB784E89CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF167B Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ca4fffc27cc1e5972adca126488716ae73dcde3e65919210cd40ba7a6e88d26
                                                • Instruction ID: 43596454efb9bca607437bdec7522aba0e51600c728d4b6c8ea61cf8a1cb859a
                                                • Opcode Fuzzy Hash: 8ca4fffc27cc1e5972adca126488716ae73dcde3e65919210cd40ba7a6e88d26
                                                • Instruction Fuzzy Hash: B101D67460020ADFD744DBE5C954B7EB7B5BF99301F290465E502DB2A1EBB49C01CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05789AF0 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1154002251d9918e15e39a14355f3ebfd1566fb87c7a119cc159ca3c16238929
                                                • Instruction ID: 415ada1cb4a0d8d939f0f106375b1185a661655ae165717a15f918a2c308a5fa
                                                • Opcode Fuzzy Hash: 1154002251d9918e15e39a14355f3ebfd1566fb87c7a119cc159ca3c16238929
                                                • Instruction Fuzzy Hash: DD013135300618DFC309EB64D458A6ABBA6EBCD7117108569E9068B3A4DF72EC42CBD1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566BF90 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0a748fba86fe39b777f138b38fdbfba6b49fecc8ae1127e25c0bdb065c9a5d57
                                                • Instruction ID: 3a11051b5d16227ffc57a6470afb7ad0917453497ecf6311c859155205caa2f8
                                                • Opcode Fuzzy Hash: 0a748fba86fe39b777f138b38fdbfba6b49fecc8ae1127e25c0bdb065c9a5d57
                                                • Instruction Fuzzy Hash: A6F059633081108BCB261268501A27E2AEAEFC5610754041EE14EC7780CD648C09CBA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566C2D8 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5c18aea8ca9044f81a3e82856b731362926b52728421b01966c692efb4fef9df
                                                • Instruction ID: 53c70735c45079e120d0ae694e10546b29120cc61e7050f5718e0e287dea3a70
                                                • Opcode Fuzzy Hash: 5c18aea8ca9044f81a3e82856b731362926b52728421b01966c692efb4fef9df
                                                • Instruction Fuzzy Hash: 46F0B472B0DA918FF32347B45C61329ABE59FC6214F19449BD4CACF3E2DA569C06C391
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577D878 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d3f70811b1aad8b50ee989803531c019c7a934bd3d7b44a39db931926ffa0f12
                                                • Instruction ID: d240af1bf44d44cbf21a1957382f792a2a46b2d608ab02e87ef04605bf9dea77
                                                • Opcode Fuzzy Hash: d3f70811b1aad8b50ee989803531c019c7a934bd3d7b44a39db931926ffa0f12
                                                • Instruction Fuzzy Hash: 64014B3180021E9BCF01EF98DC41AEEBB75FF89314F048129E95867251D731A566DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566B398 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c878eb86759f3c53ed81c0e6cd1b6b30aff62fc6dd8547e787ed94b61173076c
                                                • Instruction ID: 82be03c305b68c8892897f46a136483147dcb10667f6f6960de577bc9b3b5cea
                                                • Opcode Fuzzy Hash: c878eb86759f3c53ed81c0e6cd1b6b30aff62fc6dd8547e787ed94b61173076c
                                                • Instruction Fuzzy Hash: 37F0F6719082509FD700DFA8C890BEDBBF1EF42224F1481CAD8149B3E2C7354A47CB45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566C280 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 571d7c21eef4f7b3bfdb11d21524e199cca69e0ec57b6752e8e06c28becf5c3e
                                                • Instruction ID: b51a6e9975d03ead89c56e7b91616d73773c53f63f7a615028af747317652f09
                                                • Opcode Fuzzy Hash: 571d7c21eef4f7b3bfdb11d21524e199cca69e0ec57b6752e8e06c28becf5c3e
                                                • Instruction Fuzzy Hash: E0F0B431B086119FF72586989810B6AF7A9EBCC720F14442AE94A9B380CB62AC41C784
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05778E22 Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 676cba7247f159238d1cbb77e584a1345886d9c77014b870dea95e7c2763af62
                                                • Instruction ID: cec5d0b78f15f6944ce31aa3071d87f3835711a0cb2950d34e10a227415e7d7a
                                                • Opcode Fuzzy Hash: 676cba7247f159238d1cbb77e584a1345886d9c77014b870dea95e7c2763af62
                                                • Instruction Fuzzy Hash: 92F09035A0510CDBCF04DBE4E909BEE73B5EB46300F1445ADDC099B290DB769E06E792
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A3DA Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e3ad5a3ebd6e5096b49992850726ce8cd1452d1fd28e65a63a57e323ad740e2
                                                • Instruction ID: 0aa0167c3fb6346b8dbc60fe42e09e5d0c6bba1e54252fcf784edc389314033e
                                                • Opcode Fuzzy Hash: 7e3ad5a3ebd6e5096b49992850726ce8cd1452d1fd28e65a63a57e323ad740e2
                                                • Instruction Fuzzy Hash: E911B374A10258CFDF54DFA8D895B9DB7B2FB88300F1085A6E80AA7385CB745E85CF60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05662F3A Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d1233e518f2a342bebbf50c88a3e60c24e79d5824fe85716d99a5254aa4d26b1
                                                • Instruction ID: 1135954102dbd0e82be30b6364e809f02bb1273e54c3c15d3573126a1a9c3272
                                                • Opcode Fuzzy Hash: d1233e518f2a342bebbf50c88a3e60c24e79d5824fe85716d99a5254aa4d26b1
                                                • Instruction Fuzzy Hash: FFF08CB5D4420ACFCB14CFA8D9446EDBBF0FB05315F2005AAE819A63C0DB310A41DB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566C27A Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 593daba4dc23ebd239fec4f6d152ae287dbf332390c953365ce3487749889d5b
                                                • Instruction ID: 696c6346b7f34830c5759b927cfaaa944128b28b3da79666fd69a413b073e753
                                                • Opcode Fuzzy Hash: 593daba4dc23ebd239fec4f6d152ae287dbf332390c953365ce3487749889d5b
                                                • Instruction Fuzzy Hash: 72F0B476B046119FF31586D8981076AB399EFCC320F15442AE94ADB381DA719C41C790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566B9A0 Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea01c15d326280d3c612096f2a3867d3aa4f958b2d020da6a1aad19f6b60f21e
                                                • Instruction ID: c55f81ad5365668f57002cd4dafcd5928c0ac35ecedbb89e5392189f7dd51056
                                                • Opcode Fuzzy Hash: ea01c15d326280d3c612096f2a3867d3aa4f958b2d020da6a1aad19f6b60f21e
                                                • Instruction Fuzzy Hash: 43F027F2D0D288DFE30146B59CD29F17F20FE6728970A02CAE489DA167F629890BD741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578591F Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7aaa90b42b8ef51b439a0100ef3988b91adf8725b70d4f9581b58587b9f9986
                                                • Instruction ID: a6ca324081600013d7e2ea8d2c35f469c6a163547e06b3279abc0629cc82bc6a
                                                • Opcode Fuzzy Hash: d7aaa90b42b8ef51b439a0100ef3988b91adf8725b70d4f9581b58587b9f9986
                                                • Instruction Fuzzy Hash: 78F0A7313043499FC7159A29EC85CDFBBAAEED5224704DA36E0598B236DA70DD0AC791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05789878 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1180248511ce852136f0f00f4934d9aee13006fa50e6c2836e505ebf63db9572
                                                • Instruction ID: 151ca4089b8d28042f96e57f81ca0758641b8228eaca4a616b727501bc77f8c7
                                                • Opcode Fuzzy Hash: 1180248511ce852136f0f00f4934d9aee13006fa50e6c2836e505ebf63db9572
                                                • Instruction Fuzzy Hash: D1F05E393502049FC708EF19D458D3A77AAFFC8721B108469FA0A8B370CA31EC42DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566E52F Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b30d1c1ef0df581a29827ea1b87918ca7acedfa19e5c6d88c246e4db589f9ecb
                                                • Instruction ID: c29a1385de1ed668a8da7a0f8b394f5b33b2a9e81d3590c2fdf22d0b02d5f89c
                                                • Opcode Fuzzy Hash: b30d1c1ef0df581a29827ea1b87918ca7acedfa19e5c6d88c246e4db589f9ecb
                                                • Instruction Fuzzy Hash: 20F08231908204AFCB05DB98D4897DD7FFAEF44211F588066E009D3351DF7A5A86CB84
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577D888 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8d347a4d5f6391cd9af138a9d2fd69e9c12410b6d8610604b3032a5f8853612c
                                                • Instruction ID: 73c2b3fe525dc5698b3bb1b5cd651993024dc4a7d141e8e74fcbddbd53cd91ca
                                                • Opcode Fuzzy Hash: 8d347a4d5f6391cd9af138a9d2fd69e9c12410b6d8610604b3032a5f8853612c
                                                • Instruction Fuzzy Hash: 45F0E73180020EEBCF11EF99D8009EEBB75FF89320F14C519E95927250D731A5A6DBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05662627 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 04558bf2c850d670b9614f9c9173c2b91fbbd1a7374c6e391ba804bc84a74414
                                                • Instruction ID: c60953e8a94590be772cd462fccacf75d4702576768c718538bf7c9aa8073b6c
                                                • Opcode Fuzzy Hash: 04558bf2c850d670b9614f9c9173c2b91fbbd1a7374c6e391ba804bc84a74414
                                                • Instruction Fuzzy Hash: 9D01A478D16208CFDB18DF65D494B9DBBB2FF49300F5590AAE409A7365DB305A86CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05771FF8 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c3f639f762a3be7b22258e0d4ef6e4c876521088687f3aa582da51ec588b29df
                                                • Instruction ID: 05842aeb7f26f1647898a0219e475940d3c0472e0a8c3e5c677d8537ba2e3052
                                                • Opcode Fuzzy Hash: c3f639f762a3be7b22258e0d4ef6e4c876521088687f3aa582da51ec588b29df
                                                • Instruction Fuzzy Hash: EDF0E575809108ABCF18DFA4E9417ED7FB5AB06308F24809DCC1947392CB325B03D790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578E791 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 131bcbee1e26f15ce6365837ff649276f60e4fe619e1370f9b7bd27d570ab0c1
                                                • Instruction ID: 55e9c86267796cf95edcd668179a0ea42c3025aa37f66fc290175cc385f6d8df
                                                • Opcode Fuzzy Hash: 131bcbee1e26f15ce6365837ff649276f60e4fe619e1370f9b7bd27d570ab0c1
                                                • Instruction Fuzzy Hash: D1F08C72604B405FC714CF29E850256B7F2AFC4210B09C82EE99AC7B51DA30F8418B11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A0D4 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7124562d354976126c10a8d03888df9804f92541b7c407a503e6aa47a7395fd5
                                                • Instruction ID: 325dd4796cdcbebad6f0347b2dc2b0e4ddcc5a95f7a687b385955256013c394c
                                                • Opcode Fuzzy Hash: 7124562d354976126c10a8d03888df9804f92541b7c407a503e6aa47a7395fd5
                                                • Instruction Fuzzy Hash: E501F634A18258CFDB14CF98E895BDCBBB1FF45300F044096E845A7385CB749985CFA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF0C78 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c4ad8ab09d98d849589abad1c48e45d196221153edf11c36c743a91987b5b690
                                                • Instruction ID: 408d478658f7df0574d8afe5df23a6c4af918ea274b5d5baa18162db283c1d5d
                                                • Opcode Fuzzy Hash: c4ad8ab09d98d849589abad1c48e45d196221153edf11c36c743a91987b5b690
                                                • Instruction Fuzzy Hash: 74F065353006149FD745E7A9E404A9A77D9EBC9710B05447CE209C7795EF749C068BA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05775298 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a25729073b767c3a395d6f0c71bde52c8b78b57d32870e1313b628f6d8ab13c9
                                                • Instruction ID: 34a4e2f1fba5d2f82cc36a80a5dbdca2c6408f20d4844f8cb0134a55d3aeffb3
                                                • Opcode Fuzzy Hash: a25729073b767c3a395d6f0c71bde52c8b78b57d32870e1313b628f6d8ab13c9
                                                • Instruction Fuzzy Hash: 88F0A0B494D3489BCF05DBE4E9809A87B74AB07214F2491DACC4857392CB324A07DB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A209 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc5f1e3c9085d63e9e730348a5589276cbe9fe01b8e727b85bb419c453624b13
                                                • Instruction ID: 2add1945d53b37171b4efde786917b3da43b83629d6dae1127abbabfd0641108
                                                • Opcode Fuzzy Hash: bc5f1e3c9085d63e9e730348a5589276cbe9fe01b8e727b85bb419c453624b13
                                                • Instruction Fuzzy Hash: A4F01434A10218CFDB18DFA9D881A9CBBB2FF88310F0041A6E449A3345DB345991CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577BDB8 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a2689e69ea6706b9e7085a498186111cd48fc15d16daa8d99d9872aa8fff3d42
                                                • Instruction ID: 2426fa7ca2eb6e0e2b0a0ddc6e5ff68c7afa338e9b17cad240ad8aa308108db8
                                                • Opcode Fuzzy Hash: a2689e69ea6706b9e7085a498186111cd48fc15d16daa8d99d9872aa8fff3d42
                                                • Instruction Fuzzy Hash: 16F05E35408208EBCF05CFA4D881A997F75EB46304F1480ADEC0417292D7329A26EB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577AFA0 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 07ff5015fa8bf2a04f2673ead995d21f99e9b87ab3e831568f30b2459b206f79
                                                • Instruction ID: c60a4904698b98e8736dc312c5f10b25c0600d0765cecf913e8db209511fd1a2
                                                • Opcode Fuzzy Hash: 07ff5015fa8bf2a04f2673ead995d21f99e9b87ab3e831568f30b2459b206f79
                                                • Instruction Fuzzy Hash: 08F01C71E48208AFDB45DFA8D8817ACB7F5EB49300F1081B99C18D7381D7399A07EB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057706E8 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dbe10717b090bdf75572b237e8e00e8dbf835b3f36c7bdc1fbe312bd2f14a240
                                                • Instruction ID: f0c967ebe4ac5bcf6e68af5d94e65048107395a83df8990c21bd079252cae6c0
                                                • Opcode Fuzzy Hash: dbe10717b090bdf75572b237e8e00e8dbf835b3f36c7bdc1fbe312bd2f14a240
                                                • Instruction Fuzzy Hash: DAF08C7480928CAFCF05CBB4D9049A8BBB1EB87210B0481DEC82987392D7355A02EF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577B071 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 31003a583cb6b4ad94ead43df4eaac14811bb5c704545726ceccda3c14bc155f
                                                • Instruction ID: 18c8527247d4c17906570f34734f763fd47dca3448035a0f682beb29585f4640
                                                • Opcode Fuzzy Hash: 31003a583cb6b4ad94ead43df4eaac14811bb5c704545726ceccda3c14bc155f
                                                • Instruction Fuzzy Hash: 37F0823580810DAFCF01CFA4DC40AADBF75EB45310F148159EC1417391D7319922EB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05787398 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ffede5701dbf0ed0b84f9261c757416f23af6c71d7894875e8aebc1f0bcc7143
                                                • Instruction ID: f572a16eae3d113e654679c7f00f05cb62761ef484458589baa95c02338cb375
                                                • Opcode Fuzzy Hash: ffede5701dbf0ed0b84f9261c757416f23af6c71d7894875e8aebc1f0bcc7143
                                                • Instruction Fuzzy Hash: 5CE0D872688E854BDB2BD115A8026713BE2EB861603255965D4C7C7A16FA119C035792
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A617 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 01491a51e6d97c10ccd81b2be53c118cc5cfdfa2f1525d69f565ed3a26672f41
                                                • Instruction ID: d3b7a21d39dfdb1d01d868b75f6d7567d0a562eac90689e7a13167a518c17981
                                                • Opcode Fuzzy Hash: 01491a51e6d97c10ccd81b2be53c118cc5cfdfa2f1525d69f565ed3a26672f41
                                                • Instruction Fuzzy Hash: E301C474A14218CFDB64DF58D889BADB7B1FF85301F0000A6E849A7355CBB49D45CF41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFF728 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 78c1eb183a7ca2987de6dcae048fa354aa1f624db21c98ac0f3ad8ad2568e456
                                                • Instruction ID: 4529ac8cf803bcda870827edd8f6b0de0064056b5d4f868ba81471f12d553d44
                                                • Opcode Fuzzy Hash: 78c1eb183a7ca2987de6dcae048fa354aa1f624db21c98ac0f3ad8ad2568e456
                                                • Instruction Fuzzy Hash: 81F01571D0520CEFCB44EFA8D8427EDBBB5AB05301F1481BAE904A2750D7358A52DB84
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFB840 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d79fe0950f955928c49c2501c1088784e46ff5d65616cc7178d1cee9c8609441
                                                • Instruction ID: cbc8b18273668dd76fc5f3099d3c21a99c330f8c2076e87a6149dedc42b2f0f0
                                                • Opcode Fuzzy Hash: d79fe0950f955928c49c2501c1088784e46ff5d65616cc7178d1cee9c8609441
                                                • Instruction Fuzzy Hash: 86E09B75944108ABC704CBE4DC42FADBB79EB86311F14C1ADE80417751CB355D52D7A1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFFC22 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 399d91d7a7fbc2dcb30964d51429e900fe839b1e1c3960b0250184aa81b56729
                                                • Instruction ID: 9258e8a6a1e638e8ebcc9d7b9bdaa639ca2f27f7112dbe1ea1122084fdd0d437
                                                • Opcode Fuzzy Hash: 399d91d7a7fbc2dcb30964d51429e900fe839b1e1c3960b0250184aa81b56729
                                                • Instruction Fuzzy Hash: 80F05834E0924CEFCB14EFE8D5143ADBBB1EB49304F2081AAE8089B350D7344A02EB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057757E3 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d793c96eb1835cac8ddf506171bf21d417ac940aed22fa05724e8f4fa2ff0b7e
                                                • Instruction ID: 92eaa723eedcbe32e5576743d02f0eb79ca5b33cc52b157b26fb7a6dd94a7c51
                                                • Opcode Fuzzy Hash: d793c96eb1835cac8ddf506171bf21d417ac940aed22fa05724e8f4fa2ff0b7e
                                                • Instruction Fuzzy Hash: 34E09235909108DBCF08DFA4E5817A97BB1AB56305F24819CDC094B381CB328903DB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05780958 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9796d01825286170ea77e8997d1b49934950439a47a0dc08a960d694524bab5
                                                • Instruction ID: 1bd9d94c8a37e30c4d02304e11b7834b8ba940e27767cca9252fe4cf67b01180
                                                • Opcode Fuzzy Hash: f9796d01825286170ea77e8997d1b49934950439a47a0dc08a960d694524bab5
                                                • Instruction Fuzzy Hash: 6DE068316843009FEB11AA604D4ABF233A1AF42720F0444EBED88DF191C575E845D322
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566E540 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fae3af763182ed21ab791fad34097f2cc2d289d873e50c9ce2d7a134465163dd
                                                • Instruction ID: b9222c5d3a715fb94e428938f0a2136a32cf173dd948fd8a8c327a559409408b
                                                • Opcode Fuzzy Hash: fae3af763182ed21ab791fad34097f2cc2d289d873e50c9ce2d7a134465163dd
                                                • Instruction Fuzzy Hash: 0AF06535E08618AFCB09DB99D0496DDBFFAEF44221F14C096E00A93350DF755E85C784
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A59F Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f96cf3ecc9579bccc38f3bd82eeea69331494bfa8caf043fe8db4dbbf9e9c648
                                                • Instruction ID: 9d4dc64ade6b948af94cacaf7e72e7d04204d3b6dd8355e4eb098c42a5507e87
                                                • Opcode Fuzzy Hash: f96cf3ecc9579bccc38f3bd82eeea69331494bfa8caf043fe8db4dbbf9e9c648
                                                • Instruction Fuzzy Hash: 8EF0C474E10218DFDB54DF64D884B9CBBB1FB89300F404196E949A3354CB749A8ACF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A4D7 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4555ed23314c9bab59dc534d911e7ab3f4a50284770c8a55a4ac2469efb433ba
                                                • Instruction ID: 12362be47a4ed735f667011cf3ee335112008062373e1ddec06a22dafd15b092
                                                • Opcode Fuzzy Hash: 4555ed23314c9bab59dc534d911e7ab3f4a50284770c8a55a4ac2469efb433ba
                                                • Instruction Fuzzy Hash: 31F0C474E20218DFDB54DF58E884B9CBBB2FB89310F80419AE859A3744CB749A84CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A14E Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be519104037e44da400be64e113ec67a8587be85602588d486710e172d37cbc1
                                                • Instruction ID: 3ba8cda6184de88513af618576cd6f4b4894b7b84a927319ff118e1fc9501031
                                                • Opcode Fuzzy Hash: be519104037e44da400be64e113ec67a8587be85602588d486710e172d37cbc1
                                                • Instruction Fuzzy Hash: 78F03734A05018DFDB14DF98E585B9DB7B2FB85300F004099E949A3384CB749E49CFA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A27A Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 10cf38ccab4e10529c984c664259c3bb8f1b18677dd70dbcbeaceb186b23baff
                                                • Instruction ID: 9d4301611c0615cc8c9f780af57b1b86651dd095ce5f8c43c0b53b8e96b6237f
                                                • Opcode Fuzzy Hash: 10cf38ccab4e10529c984c664259c3bb8f1b18677dd70dbcbeaceb186b23baff
                                                • Instruction Fuzzy Hash: 0CF03734A01118CFDF64DF54E884B9CBBF2FB85300F404096E949A3340CB749A45CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05669F28 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 370d760bff973ba03bae19c5706ee2a52f248785f7192dd4fab2a465973b5d3f
                                                • Instruction ID: 042c94f42abf3a9cd8c8b6077f4ea51724d839d18d0fb50bcb968b626a1f92aa
                                                • Opcode Fuzzy Hash: 370d760bff973ba03bae19c5706ee2a52f248785f7192dd4fab2a465973b5d3f
                                                • Instruction Fuzzy Hash: B3F03774A11218CFCB54DF58D884B9CB7B2FB84300F004195E84AA7381CBB45E84CF41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05669EB3 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 280606777992a652052148fb02fe72cead3f457c81f3abc57b10d0e95b89546a
                                                • Instruction ID: d412ba6223dd03dc1fc31b67f96687c6dccad71c07bb0bdae7281842dc7209c2
                                                • Opcode Fuzzy Hash: 280606777992a652052148fb02fe72cead3f457c81f3abc57b10d0e95b89546a
                                                • Instruction Fuzzy Hash: BBF0F974A10258CFDF14DF98D894B9DB7B2FB89300F404196F849A7344CBB49A45CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057795E9 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c9353abf4f40dc7186e323e45e2a45b0acefd74e720a93f16f0183d9ffdf2bf0
                                                • Instruction ID: cfcaf814a5bda7bc4467f42efd117bd4a57670b7010ae3a996fc2954595b7e74
                                                • Opcode Fuzzy Hash: c9353abf4f40dc7186e323e45e2a45b0acefd74e720a93f16f0183d9ffdf2bf0
                                                • Instruction Fuzzy Hash: 28E09231549108DBCB08DE94DC81B9CB774EB41314F1045AC9C0997381CB35AD47E794
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05774700 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: effbd285744094fad24e373a16dc9ab32302c10a0fa0542cf1974e998806f466
                                                • Instruction ID: b5b44932129f9b3c8fd5859eaa0da1b94aeff91ea6f510e406b56fff5e37a15c
                                                • Opcode Fuzzy Hash: effbd285744094fad24e373a16dc9ab32302c10a0fa0542cf1974e998806f466
                                                • Instruction Fuzzy Hash: B6E0D87594D288AFCF06CBB4D940AA97BB6EB47214F1481C9DC5C4B293C6365D07D391
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577A100 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6681e93440ce22d7f9602c002619ea1389db7b8109bf4277181d47c860b31d75
                                                • Instruction ID: ac49eef218ff1b6a15db5670b0c46e360253e97afa3ab31e9f1fcd9fde3a1d9f
                                                • Opcode Fuzzy Hash: 6681e93440ce22d7f9602c002619ea1389db7b8109bf4277181d47c860b31d75
                                                • Instruction Fuzzy Hash: FDF03075D89208EFDB00DFA8D8416AC7BF4EB05211F4041A9D801973D2C7389A06EB54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059F22F3 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 45365c724a037290814e0dc1db98f95cf41491ef7ea28f523e2c53c3fde912f3
                                                • Instruction ID: 85e13ffb37ef3db1bf62b5ad935da0abaae9bb08a859210a6590094385bc47db
                                                • Opcode Fuzzy Hash: 45365c724a037290814e0dc1db98f95cf41491ef7ea28f523e2c53c3fde912f3
                                                • Instruction Fuzzy Hash: 7AF0AF74A082188FCB64DF65E894ADAB7F1EB48301F5040EAA40AA7645CB745E81CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05785930 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f962a11f8cf6fc0d9493cbdad844036ce8a7c12f90e759b6ca44fa5ea4cc19f4
                                                • Instruction ID: de74750416400a789883c6cc5f35ac17af2de54d08931394e69564a3191e6d6c
                                                • Opcode Fuzzy Hash: f962a11f8cf6fc0d9493cbdad844036ce8a7c12f90e759b6ca44fa5ea4cc19f4
                                                • Instruction Fuzzy Hash: B9E048713003095BC7159A1AEC84C4FFB9ADFC4264710DA39E10E87325DE70ED458790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A06D Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 67b4d51d27991d13d5eb2ded3fede150ca260975084b6b4d58f69f522636a847
                                                • Instruction ID: e2700eb0c9550bd7f83ab86c902bc815a7f2d61de0cb8ec32a1158018f5304a9
                                                • Opcode Fuzzy Hash: 67b4d51d27991d13d5eb2ded3fede150ca260975084b6b4d58f69f522636a847
                                                • Instruction Fuzzy Hash: 85F06734908119CFCB24CB64E895AACBBB2EF41301F0000A2E44993342DF788A8ACFA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF9A10 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a764182661b317a322220b0590c0978ea7074451ce5075ca7ccee249255d184c
                                                • Instruction ID: 60f06dacb86e81d1f0916fd9401123d21e08380c4d086ff77a4ac4ee4d9cfbd9
                                                • Opcode Fuzzy Hash: a764182661b317a322220b0590c0978ea7074451ce5075ca7ccee249255d184c
                                                • Instruction Fuzzy Hash: D5E09274844208AFCB04DB94DC41BBDBB78EB82304F14819DE80467382C7355D03D790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF0C20 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 10f81e97b990f3553c07445a9ba5ee97708212c110dc9fd7d8820540be24ff55
                                                • Instruction ID: a29017e8527cdc34c3d38e1c13f717cdca4d5d110f2cf152d23f72795df02d12
                                                • Opcode Fuzzy Hash: 10f81e97b990f3553c07445a9ba5ee97708212c110dc9fd7d8820540be24ff55
                                                • Instruction Fuzzy Hash: 11E0D8386485944FC3069BB8E8189687FF5AF4B210314C1DFEC86C73A2DA659C03DF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05772510 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6168c1135dbb9c7566863c9df733348d9d59fcb1944fc2faa9f56128e936a78f
                                                • Instruction ID: b83362393f51f4ffbc52eda5e11093339c56bf6ccea8f2d2dd76e85dbe5469da
                                                • Opcode Fuzzy Hash: 6168c1135dbb9c7566863c9df733348d9d59fcb1944fc2faa9f56128e936a78f
                                                • Instruction Fuzzy Hash: B9E0927990D284AFCB25C768E950A6A7B76AB03218B5841C9D8598B293C732AD03D750
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05772DB1 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f16ba5e2c69e9a20cdec9ca5c4f49230b23bbf40edfad6fc85771dc5ce3c038f
                                                • Instruction ID: 144cf6b62f4bd10771f6a5ce3ab774fb0aa361e92eb48c4a665b107b1f3b9ab2
                                                • Opcode Fuzzy Hash: f16ba5e2c69e9a20cdec9ca5c4f49230b23bbf40edfad6fc85771dc5ce3c038f
                                                • Instruction Fuzzy Hash: 70F06D3890925CAFCF05CBA4E844A69BFB5AB43304F14C1EED8481B292CB719A42D791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05779F69 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bfb2b41110543fb2a23b992fc1d163c64a32c50584a621b15bef0fe52f8d933e
                                                • Instruction ID: a1a442b965c5712e5a8f604f56c9da3abe8d6ec137117e2bd43a7766569237ec
                                                • Opcode Fuzzy Hash: bfb2b41110543fb2a23b992fc1d163c64a32c50584a621b15bef0fe52f8d933e
                                                • Instruction Fuzzy Hash: DEE09A74945208AFCB44DAA4DC41BECBBB4EB4A214F1444BC9C1897391D739DA06EB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05778E6A Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1165aafd8aba0f28aef999ac749a8942d3c8da3adfa4c80686db7cd34baed579
                                                • Instruction ID: 94f28c656e1982301746e5c4e86e1656db7891f7ccf343683f05c2f1632df081
                                                • Opcode Fuzzy Hash: 1165aafd8aba0f28aef999ac749a8942d3c8da3adfa4c80686db7cd34baed579
                                                • Instruction Fuzzy Hash: 0EE09234948108DBCF04CE94EC45BACBB75E746310F1081AD8C0597381CBB5AA07E792
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057723D8 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a5b48d39600ae5d4753ea0f50f308d8d27b12fa32b4c0e8a4b5fb8fa22ed8c5f
                                                • Instruction ID: 8a3cc00849368c833067fd1945c76f584dbb29bf908c86c582cf4b6daa5d4c40
                                                • Opcode Fuzzy Hash: a5b48d39600ae5d4753ea0f50f308d8d27b12fa32b4c0e8a4b5fb8fa22ed8c5f
                                                • Instruction Fuzzy Hash: E2E02665C0E28CABCF11CBA0ED01AB83B29EB03110F0404CDE804973A3DB610D09F311
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05669548 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4d354b59542be1ecbb564a777cf51167dbc74a87a6e893a346cea411b3749ab4
                                                • Instruction ID: a1550f2cb709346254ce7c3919d7e34395e91203f7fbfabfcbf6a98c55b547f8
                                                • Opcode Fuzzy Hash: 4d354b59542be1ecbb564a777cf51167dbc74a87a6e893a346cea411b3749ab4
                                                • Instruction Fuzzy Hash: 16E0EDB0D48249DFCB05CBB8C804AAEBBB1EB13310F1082DAD854AB2D1C3354A02EB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566BF80 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8797bce1455202d9d8dca73f5ae51e44404c8bb42f88ed0c45e43f0d0bfd6f04
                                                • Instruction ID: 4e8d4f9fc750ec53ba2c1e10eff28e014a6caa55bfc8f1e88a8c73b458ea69a4
                                                • Opcode Fuzzy Hash: 8797bce1455202d9d8dca73f5ae51e44404c8bb42f88ed0c45e43f0d0bfd6f04
                                                • Instruction Fuzzy Hash: DEE0206721866197C7164248644B5776759EFC9132704005BF44AD7BA0CE29C809C771
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566AA18 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc605c3243630e1f8e8f93c00ab381b4e9669ff2f79fcbe8c1cf6da6dd180298
                                                • Instruction ID: 2e158e87ff6d93402b983f9bf116580242c1ed180c355d6c80f169f3bbfa06ba
                                                • Opcode Fuzzy Hash: cc605c3243630e1f8e8f93c00ab381b4e9669ff2f79fcbe8c1cf6da6dd180298
                                                • Instruction Fuzzy Hash: C4F065755082C58FCB52CBA8D9506A87FF5EB07124B1402CADC949B3E3DB355943C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF95E8 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3b7829d67e0c35f82221bdd4aef7daa55684a2774f960728a43d25a8d9453888
                                                • Instruction ID: d55d38106943fd60c912fa6fff56a9e4ac57106d913620cb7e33668ee34b6344
                                                • Opcode Fuzzy Hash: 3b7829d67e0c35f82221bdd4aef7daa55684a2774f960728a43d25a8d9453888
                                                • Instruction Fuzzy Hash: 35E0C230005208DBCB44CBD8CCA1BA7B378EB02304F14419CA80887390DB339D02CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFFCC8 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0cd8caa39540a83a381ba32aa08c9709d4b9e68878fafba0a4723dba672b32a0
                                                • Instruction ID: e7a222ecd600e438c75e29ead07ec861d3ca2c3d171b721083bdaae761887a32
                                                • Opcode Fuzzy Hash: 0cd8caa39540a83a381ba32aa08c9709d4b9e68878fafba0a4723dba672b32a0
                                                • Instruction Fuzzy Hash: F9E0393590421CAFCB04CFA8C8427ACFBB4EB45304F2480A9DC0857380DA759A06DB55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFFC30 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a5983afcc6348fd40bf4bf570af0e3c86ea59f0c0f63f9b48e92cbb0e2aa82f0
                                                • Instruction ID: d9dfb092d739a99a2e29d7dd0b816873bfa13bc7f68562a978e72f8450ac6038
                                                • Opcode Fuzzy Hash: a5983afcc6348fd40bf4bf570af0e3c86ea59f0c0f63f9b48e92cbb0e2aa82f0
                                                • Instruction Fuzzy Hash: 2BF03934D0920CEFCB54EFE9D4052ADBBF4EB49300F1081AAE80493380EB344A02DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057767A8 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 13ff46e08d2c5e34639930dea30877c3c320637bffbba1a838be3637a82278a4
                                                • Instruction ID: 30294f789d5fa55247553345a90af3c0b7f77fab32a4a002b59b61bd3d372f07
                                                • Opcode Fuzzy Hash: 13ff46e08d2c5e34639930dea30877c3c320637bffbba1a838be3637a82278a4
                                                • Instruction Fuzzy Hash: CEE0D83594810C9FCB04DBA4D84179CBBB5EB82314F1481DDD84557785DB319A13D784
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577B691 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 96922a3e3302c4e773229445ced033c2c684df4a7454c7435072508396b6bf3b
                                                • Instruction ID: 5758583d4e03693ab96681eb0de4b24c632eedfcfa6656a030b39820ed8ddaa2
                                                • Opcode Fuzzy Hash: 96922a3e3302c4e773229445ced033c2c684df4a7454c7435072508396b6bf3b
                                                • Instruction Fuzzy Hash: CDF0F27052421DDFCF21CF84E884BEEBBB2FB49301F104091E50E9A654E7744984EF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 056699B8 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 20f94d595b7a066a9d808659a559221fc6a5a8a77f65528b853079d7a02f8785
                                                • Instruction ID: 6fb1c065cccd6b426be10ecf69a54c9385d22c708e4c3154fa49c9dfd46936a4
                                                • Opcode Fuzzy Hash: 20f94d595b7a066a9d808659a559221fc6a5a8a77f65528b853079d7a02f8785
                                                • Instruction Fuzzy Hash: 86E0C2715991859FE705C7E4D902BBA3B70EB9330AF156298E80E532D18B320C03C600
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 056698EA Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a46ccccc5ae37fe7e7f0dfbce11d50e54f4b79fcf48b3b972d3be721d94589e5
                                                • Instruction ID: a86b7157fa8873056263aaa5e24f91fc54387382d8fca4e1f77747220e7f096c
                                                • Opcode Fuzzy Hash: a46ccccc5ae37fe7e7f0dfbce11d50e54f4b79fcf48b3b972d3be721d94589e5
                                                • Instruction Fuzzy Hash: 89F06DB1909249EFCB14CFA4C800AADBBB1BB12312F24429DD8545A3E2C7324A42DB45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF09B8 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7b7a16f5fe86a62a6c7b627e2636038f1f5e2aba9190493f87760bfaf889d78d
                                                • Instruction ID: a21d1378487f11205409cbe2deb9f7f1d6885f7ef2360639707e28ab0e48d4bc
                                                • Opcode Fuzzy Hash: 7b7a16f5fe86a62a6c7b627e2636038f1f5e2aba9190493f87760bfaf889d78d
                                                • Instruction Fuzzy Hash: 2AE02B25F403162BF65463F55C0AFAE764A8B85A31F090414F649EB2C6EF5188010ED9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFC939 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 39c91f854398fe80935d4ac2a3ba59a45b2591f2c5f5dd81f7b57e7dc8c23da4
                                                • Instruction ID: 3ddc227102a8510f738ada01d2f5ddcdc5b21ca8717b9c28af94eb9e72406438
                                                • Opcode Fuzzy Hash: 39c91f854398fe80935d4ac2a3ba59a45b2591f2c5f5dd81f7b57e7dc8c23da4
                                                • Instruction Fuzzy Hash: B4E0D8755481889FC705CB94C981AA97B74DB17314F14809DDC15573D3C7369D03E760
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFBB5A Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ada1530396fef698b06aa8ef2750915e910feefd23288d5c8903b953efa7b5bc
                                                • Instruction ID: 19a9e6a8afbe6afa79cd6c9f011ab9a30c9dbdd1fc83b277c2d06eb1aabbca02
                                                • Opcode Fuzzy Hash: ada1530396fef698b06aa8ef2750915e910feefd23288d5c8903b953efa7b5bc
                                                • Instruction Fuzzy Hash: 7DF09274D5522C8FCB64DF69C8887E9BBF9BB88300F6480A5E54DE2244DF305985EF20
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFDCDD Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 783ab83257ab34dd353cbd458dba8e0b9c8a31a53611515ee9ecf75cc8798808
                                                • Instruction ID: 6f3b307af22caa8730bcab80f69f5abba007f224c1e4a7c375957bd3a98cf884
                                                • Opcode Fuzzy Hash: 783ab83257ab34dd353cbd458dba8e0b9c8a31a53611515ee9ecf75cc8798808
                                                • Instruction Fuzzy Hash: A6F0FF7088522ECFCBA2CFA4D888BFDBBB1BB08314F1001F6E418A2251CB304A84CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFFD78 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 15768fb01c3d6f4bc414bc319649956883bf86b7068c479d14b80681332b7982
                                                • Instruction ID: 30c312d8c3edbbd3dcf824121c2d3b31040a8d47769b84042f4520874ea645f8
                                                • Opcode Fuzzy Hash: 15768fb01c3d6f4bc414bc319649956883bf86b7068c479d14b80681332b7982
                                                • Instruction Fuzzy Hash: C4E08672945208FFEB15EBF0C8497DEB7F8EB16310F1018AAD40597150FE314A00A791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577E300 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fc9db2e47ec6ed70245b91f83c5abd7db79c9b0a68724713a42f5582e4ce70df
                                                • Instruction ID: 0219953ce3aecce402e646b89abc9bd5c8e4c60f0516943b53b2bff36952bd07
                                                • Opcode Fuzzy Hash: fc9db2e47ec6ed70245b91f83c5abd7db79c9b0a68724713a42f5582e4ce70df
                                                • Instruction Fuzzy Hash: F7F0A535904208EFCF05DFA4D840AADBBB5EB49311F1485ADEC5556251C7329A62EB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05771A90 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3fdb1de9ba69853504b92b328a09efc94a3e404e62aea40fbc1513f78570e709
                                                • Instruction ID: 146a210f1cae102930d6623fc84c063fade7f50afae6455cbd5febf6fa7e71bb
                                                • Opcode Fuzzy Hash: 3fdb1de9ba69853504b92b328a09efc94a3e404e62aea40fbc1513f78570e709
                                                • Instruction Fuzzy Hash: 2BE0CD75414348BBCB04CF98E802BE9B3B8E707200F54519CD40D53380DB31AE02D791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059F67A1 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1d15f68dcfb64a6a2ba9a68e5fd83f641d76bb267c45d8f8fca207d4a2fea33c
                                                • Instruction ID: d52eb5bc54b99d8d8a3237ee7b21d16eae497a98b6a7cbc557bcb53e103bb1d0
                                                • Opcode Fuzzy Hash: 1d15f68dcfb64a6a2ba9a68e5fd83f641d76bb267c45d8f8fca207d4a2fea33c
                                                • Instruction Fuzzy Hash: BBF03434A05118CFCB64DF68D9A8AEAB7B1FB88300F0040E6A51A93345CB349F848F60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05A0AB10 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff79682e9ad12d00c9aa1730743b0b22862118297793ba583b50a0869481c704
                                                • Instruction ID: f9f4fa0e6b9341ce61093f6289394d445f8d2b692e25a5cb3a701174bb980af7
                                                • Opcode Fuzzy Hash: ff79682e9ad12d00c9aa1730743b0b22862118297793ba583b50a0869481c704
                                                • Instruction Fuzzy Hash: E1E0C974D04208EFCB44DFA8D440AADBBF5EB49300F10C1AAD81993390D7319E52DF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05A05318 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff79682e9ad12d00c9aa1730743b0b22862118297793ba583b50a0869481c704
                                                • Instruction ID: beed3dbfb37014165a6deaf1e809d8dc4839cdf022ec1894f90aff653e604afb
                                                • Opcode Fuzzy Hash: ff79682e9ad12d00c9aa1730743b0b22862118297793ba583b50a0869481c704
                                                • Instruction Fuzzy Hash: 2AE0C274E04208EFCB44DFA8E840AADBBF5FB49310F10D1AA9859A3390D7719A52DF81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05A09360 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff79682e9ad12d00c9aa1730743b0b22862118297793ba583b50a0869481c704
                                                • Instruction ID: cfb95f2291e7815508cffeb74e364583c782d0e8f6c1c337706a31f532e26ef7
                                                • Opcode Fuzzy Hash: ff79682e9ad12d00c9aa1730743b0b22862118297793ba583b50a0869481c704
                                                • Instruction Fuzzy Hash: AFE0A574D04208EFCB44DFA8D440A9EBBB5AB49300F10C1A9981993391D7319A52DF41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05A0C218 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff79682e9ad12d00c9aa1730743b0b22862118297793ba583b50a0869481c704
                                                • Instruction ID: 0a7ac39a4c7809f9cf0bdce9a042dd7e65c9916b7f4a028fbb37ff1a3412d2ad
                                                • Opcode Fuzzy Hash: ff79682e9ad12d00c9aa1730743b0b22862118297793ba583b50a0869481c704
                                                • Instruction Fuzzy Hash: B5E0AE74E04208EFCB44EFA8D940AADFBB5AB49310F10C1AA9859A3390D7319A52DB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566B3C8 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2ec6decb0c530ae7074ef521437af44d305dd857b396466fa3ccc329a25fb379
                                                • Instruction ID: 5e66a78cb8fcd9ad40cfb0a0f0cb6993be39b2a0f334fd88025f7ec649879bde
                                                • Opcode Fuzzy Hash: 2ec6decb0c530ae7074ef521437af44d305dd857b396466fa3ccc329a25fb379
                                                • Instruction Fuzzy Hash: 78E0E574E04208EFCB44DFA8D4806ACBBF4EB49200F10C1AAD809E3351DB319E02CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566AF67 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 35a06e65cc500cc12f28f9770120b5eb4237eaf0b73f2c199f89c4a47cae4569
                                                • Instruction ID: f7714153ff1c9fee885cb6648adddb5583077e633a70d6504f7aab2219b97094
                                                • Opcode Fuzzy Hash: 35a06e65cc500cc12f28f9770120b5eb4237eaf0b73f2c199f89c4a47cae4569
                                                • Instruction Fuzzy Hash: 20E04FB2905248DFDB40EBF4C9097DE77B0EF46201F1405A99809A7290EA324904E792
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566B957 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0acf6c4d4a20c6703d740ecd060ff3fe2a8894a2d3cefcea493b6134119cef7a
                                                • Instruction ID: c0453a727a1fe29e7cca35a37b446d30466d151eeb31cb8e42674bb0ae1492ce
                                                • Opcode Fuzzy Hash: 0acf6c4d4a20c6703d740ecd060ff3fe2a8894a2d3cefcea493b6134119cef7a
                                                • Instruction Fuzzy Hash: 68E04FB6A50208EFDB44DBB0DE867AD7BA1EF88645F11469AE808E7281DA315E015780
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 056698F8 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3108c7aada7dc7006e9dc817c14c830ac7e70a499348048435e3bd372135aa5e
                                                • Instruction ID: b8fb932ad9a79fdcee06ef3bf376cb810f66c947807503d0854a669d1cba3ca1
                                                • Opcode Fuzzy Hash: 3108c7aada7dc7006e9dc817c14c830ac7e70a499348048435e3bd372135aa5e
                                                • Instruction Fuzzy Hash: 3FE0E570D05208EFCB44DFA8D4006ADBBB9BB4A301F1081A9D809A2350D7355A51DF84
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFB6A1 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ee5a72d481d8fad96f32fe27a1e169ff008251006f3f6d3b377f5cebe09acc2b
                                                • Instruction ID: c0bc465c02fec27b2418311b932e4c900b115d042e486a1c0cccbcc747881881
                                                • Opcode Fuzzy Hash: ee5a72d481d8fad96f32fe27a1e169ff008251006f3f6d3b377f5cebe09acc2b
                                                • Instruction Fuzzy Hash: D8E09A71A18108CFCB08CFE4D8006A8BB70AB47302F2481E9D808973A1C7324E02CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFF738 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9c323adda41b6a6ff2bb2c7a15b1fdb84dd2c1a07425b95ddcd55cb9aca9ba3b
                                                • Instruction ID: 6c765d34322fa0728b8f765ddce4e6f1c5908bcd2760b526dc96542b320c6860
                                                • Opcode Fuzzy Hash: 9c323adda41b6a6ff2bb2c7a15b1fdb84dd2c1a07425b95ddcd55cb9aca9ba3b
                                                • Instruction Fuzzy Hash: 6AE0E570D0520CEFCB44EFA8D4406ADBBB5AF49301F1081B9E904A3350D7355A51EF84
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05776158 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9859f220cd8f61f725ec9169c363432c58fbbba05ccc5e8f9518fcc4e1123f48
                                                • Instruction ID: 2a9fa12a533e1098db0e40668ed7a8ab1bdc4d4846403310a44e3a7500e8c8ec
                                                • Opcode Fuzzy Hash: 9859f220cd8f61f725ec9169c363432c58fbbba05ccc5e8f9518fcc4e1123f48
                                                • Instruction Fuzzy Hash: 2BE0263064C189AFCF09C7A4E9445697B75EB07224F1881DEDC094B2E3CB365E03E342
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577A1C2 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 04f31d2db7a1569662108053125c45085f4179d4eabced05df631028be2939d7
                                                • Instruction ID: 61efbfc1d52a294c52fa7c869a14ea1811fd495ea96edb4c84e08458680a0ff5
                                                • Opcode Fuzzy Hash: 04f31d2db7a1569662108053125c45085f4179d4eabced05df631028be2939d7
                                                • Instruction Fuzzy Hash: D0E092355481898BDF51CBA8D9817ACBBF0EB06225F1402DD8C589B3D2D7355A43D751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057703E9 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ec8a98f739de080e4c354231cbaf6478d1e8ccaafb3d6ba68da48aef10c7da60
                                                • Instruction ID: 02d4b8d0e138dff81c1eda14ed233bb4a6b8b745240281f94cf4fbef07e8b9b2
                                                • Opcode Fuzzy Hash: ec8a98f739de080e4c354231cbaf6478d1e8ccaafb3d6ba68da48aef10c7da60
                                                • Instruction Fuzzy Hash: C4E09231508289CFCB55DBB8D848AA83BF1AB03215F1006EDC4588F292D3755D42EB55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05669558 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fc83ce4ea11636be48ceb1658ad552c011ccb0d97d00dae48f5530660e3f27ed
                                                • Instruction ID: f41989a41b88aac0503bed7d53e86105464f757b9310f6570c742c7788f74d5f
                                                • Opcode Fuzzy Hash: fc83ce4ea11636be48ceb1658ad552c011ccb0d97d00dae48f5530660e3f27ed
                                                • Instruction Fuzzy Hash: 25E09A70D45208EFCB54DFA8D44469DBBB5EB45300F10C1A9D84997350D7359A45DF41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05669680 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0f306c61202df1bf8efffa5991cdc41eca5be55060bd1c77c2f273e8871d14db
                                                • Instruction ID: 9f7624064d8f9b34ee19bf5c221f2a7d85298bd14349f17e1356ccc8803e73c7
                                                • Opcode Fuzzy Hash: 0f306c61202df1bf8efffa5991cdc41eca5be55060bd1c77c2f273e8871d14db
                                                • Instruction Fuzzy Hash: 50E0D8B044D3498BCB55C7E4D8467A97FB1DB03211F1402C99C45862D2C7750542D701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFE917 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0a1f9bb025662c321eefd4465348e9c7b342ac432e660f7af251fa3d2b80fbb9
                                                • Instruction ID: f9a7d42d2356489e1be46e4d573d10b323d572c482516059e6008a5bda3f0a01
                                                • Opcode Fuzzy Hash: 0a1f9bb025662c321eefd4465348e9c7b342ac432e660f7af251fa3d2b80fbb9
                                                • Instruction Fuzzy Hash: 55F06C7491125C8FCB51DFE4D488BAEBBB2BB09310F145569E509AB254C7345885CF15
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05A0EC80 Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 57665e2dc3c21bd7cf315d556852aecb374f66bb3e2efb0c3befed2790a616c8
                                                • Instruction ID: 8a94a8693f647afffa0527e564cf0d509cc1ec4478ac224bc4249ba3aec513fb
                                                • Opcode Fuzzy Hash: 57665e2dc3c21bd7cf315d556852aecb374f66bb3e2efb0c3befed2790a616c8
                                                • Instruction Fuzzy Hash: CFE08674908208EFCB04DFA4E844DADBFB9AB46310F10959DD84557381C7329E42EB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05780968 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 20ea3b6fa6091d61c68f9b12b7a993cdcd97f5475060c3e50e6b0a3f8c93b71a
                                                • Instruction ID: 91fbb85a7d8d1403a0ebf632f55810863980aba96eaa2c81441e495ef775637a
                                                • Opcode Fuzzy Hash: 20ea3b6fa6091d61c68f9b12b7a993cdcd97f5475060c3e50e6b0a3f8c93b71a
                                                • Instruction Fuzzy Hash: E3D02B313803109BEB2076615C0DB7133996F41710F1404A9D6559F280C972F841D365
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05669E5D Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a52ad503f960c0d331883336f048781fb03e74c984509c9b02050f054193743b
                                                • Instruction ID: bcee1a16e214aed93d1e45f2a8269f6c2ec309ccc4e671437a2d56c6bd7dbdac
                                                • Opcode Fuzzy Hash: a52ad503f960c0d331883336f048781fb03e74c984509c9b02050f054193743b
                                                • Instruction Fuzzy Hash: 80F01C34914019DFDB64DF54D581B6DB771FB85300F50809AE449A3344CF305E85CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566B910 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd0729e9aa0b00547ec14f60a834495945a6fc389b85241a02208efd0d1ea75e
                                                • Instruction ID: 8638cac08d5311d11a3f020731b2f17a2345082d1fc5ebf339d037de2feb0315
                                                • Opcode Fuzzy Hash: bd0729e9aa0b00547ec14f60a834495945a6fc389b85241a02208efd0d1ea75e
                                                • Instruction Fuzzy Hash: 62E086B5A15108DFDB40DBE0DB4279D7BB1EF85305F1145D6E40CE7381DA316E009B51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566AA28 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b0e29fc69eade0ff9ba692e9f8df40d60163cf5c9c75ebc4b108670c97ab3496
                                                • Instruction ID: 6416ba7968d1f52975036e7343ddc58ac646e534df55b372c2680704dcdadd6d
                                                • Opcode Fuzzy Hash: b0e29fc69eade0ff9ba692e9f8df40d60163cf5c9c75ebc4b108670c97ab3496
                                                • Instruction Fuzzy Hash: BBE0BF74905248DFCB44DFE8D54569CBBF4EB49204F1041AD980997351DB319A42CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFC948 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b77b70c03a60355d978c8c9ff777e941af536f278ced21b296b7ea010008aeba
                                                • Instruction ID: 7413581ac0aafb8eb3e0739e9860e94394dd134ac79815bda4885aa68d0c98b6
                                                • Opcode Fuzzy Hash: b77b70c03a60355d978c8c9ff777e941af536f278ced21b296b7ea010008aeba
                                                • Instruction Fuzzy Hash: CDE0863490420CEBCB04DFD4D9409ADBB74EB46310F10819DED0427390C7715E52EB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057706F8 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 112230b778e6001491659ef291c467d9596f696e92a78305e5d430ea64037822
                                                • Instruction ID: 50f61561b4d7ce8bdea639f26c3e3f8f63280279b9866303ba57ecd7decdea38
                                                • Opcode Fuzzy Hash: 112230b778e6001491659ef291c467d9596f696e92a78305e5d430ea64037822
                                                • Instruction Fuzzy Hash: 84E01A34D0820CEFCF08DFA8D4446ACBBB4AB89200F1081EDD80957381DB315A02EF80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577C87E Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b8fc8dca7e707c3b416b2695e4f54df3aaf4b626563e06b55cba82e8fc974c3e
                                                • Instruction ID: e791371e5eda6e605c698dbf503159214c6de695e60f57ec7dfc2d095e98ad62
                                                • Opcode Fuzzy Hash: b8fc8dca7e707c3b416b2695e4f54df3aaf4b626563e06b55cba82e8fc974c3e
                                                • Instruction Fuzzy Hash: 01F01531800A1EDBCF129FA4C840ADAB731FF58304F008286E95927650DB70ABD6DF80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05773BEB Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 998acf8c47e37b30b7ec5283a76ab6376a23df3b7c1ac004ce12aacdfd20d469
                                                • Instruction ID: 9b2ebfe68b1e43ea4cd4ea97a5294af08945020295f1ee61cf0be1017993696b
                                                • Opcode Fuzzy Hash: 998acf8c47e37b30b7ec5283a76ab6376a23df3b7c1ac004ce12aacdfd20d469
                                                • Instruction Fuzzy Hash: 66E08634908208DBCB04DBA4E84156CBBB4FB46304F24819CD80917380CB319E02EB54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05A0FEB8 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 56fd045a5b3060d6888c8e6558286c6cee2af53b276526992d2030339cf1e0f0
                                                • Instruction ID: e084931c133e78c035a7f39a2a3653ddd9cf93dc4a25bcc39c86cc2a56c28188
                                                • Opcode Fuzzy Hash: 56fd045a5b3060d6888c8e6558286c6cee2af53b276526992d2030339cf1e0f0
                                                • Instruction Fuzzy Hash: D9E04F34D09208EFCB14DFA8D440AACFBB4EB49300F1491EDD81967381CB315A02DB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05A07E90 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 56fd045a5b3060d6888c8e6558286c6cee2af53b276526992d2030339cf1e0f0
                                                • Instruction ID: 06595bdae2e6fa6157bb221452d1c1d6cdd1d0fb5231d82b175e439b2f5b0211
                                                • Opcode Fuzzy Hash: 56fd045a5b3060d6888c8e6558286c6cee2af53b276526992d2030339cf1e0f0
                                                • Instruction Fuzzy Hash: 79E01A34D09208AFCB08DBA8D440AACBBB4EB89300F1081A9D81957381D7316E02DB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05669690 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7474ca8aa4c83cd503daa29b641b956d877474b28f0e3e1aff406ad07a42c863
                                                • Instruction ID: 3e40315543c3e314ac941c1f6f1eea492854de31c9db1d2febe36886836383ad
                                                • Opcode Fuzzy Hash: 7474ca8aa4c83cd503daa29b641b956d877474b28f0e3e1aff406ad07a42c863
                                                • Instruction Fuzzy Hash: E2E08CB0809208DFCF40DFB8D40569CBBB4AB05200F1000A9DC09D3340EB304A81DB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566AF78 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9c94d21ab8c18aa6795e0d022ac0eed46d840662a344ddc63546c919a23738a0
                                                • Instruction ID: d74f2e49b314bdcb64a9aed486e441e21a732abf4ff5fd80be403c7b37a578bd
                                                • Opcode Fuzzy Hash: 9c94d21ab8c18aa6795e0d022ac0eed46d840662a344ddc63546c919a23738a0
                                                • Instruction Fuzzy Hash: 0EE01271905208EFDB44EFF4C40C69E77F8EF06200F1005A9D905A7250EF714A04E7A6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFB6B0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5ac1d11d407a34b4f7253f9cea0ea9637e5e502df3d04510c2923f7dbde3efa
                                                • Instruction ID: f48307adb11cab540542a0930e4dcfd504093acf8bf37a5c2c0b1657f6fd6788
                                                • Opcode Fuzzy Hash: e5ac1d11d407a34b4f7253f9cea0ea9637e5e502df3d04510c2923f7dbde3efa
                                                • Instruction Fuzzy Hash: 77E01274A0920CDBCB44DFE4E9419BDBBB4EF46305F20819DD84957391CB315E42DBA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF0BE8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c7481514e62d3e61b3c9042c545499c6f8064ac830e220ed4e33cf4f72cf90e6
                                                • Instruction ID: 7cda93b6b51b8ced6d229f444605a5919c1e36c00375bd5375f364d04103ba9c
                                                • Opcode Fuzzy Hash: c7481514e62d3e61b3c9042c545499c6f8064ac830e220ed4e33cf4f72cf90e6
                                                • Instruction Fuzzy Hash: BFE092B4D0020E9FCB40DFE988466BEBFF4AB48304F20856ADA09E2241E7745681DBD1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFFD88 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6609fe44a0e1ad2aba27b4a1c461c06aa25028d48af0544072de4b6b9f8c9703
                                                • Instruction ID: af973166ea3524a2148c0253c3971c0602f11fdcc1323e00d2e879cd4e8d334f
                                                • Opcode Fuzzy Hash: 6609fe44a0e1ad2aba27b4a1c461c06aa25028d48af0544072de4b6b9f8c9703
                                                • Instruction Fuzzy Hash: FAE0127554120CEFDB14EBF4840869E77F8EF06200F1005A9D90597150FF314E04E7A6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05772520 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction ID: 04e2df736579527d446c6eddad28e973afb702c3fc1c9778b5a5aef2e5eda36b
                                                • Opcode Fuzzy Hash: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction Fuzzy Hash: 41E08C78909208DBCF04DBA4E840AACBBB5AB46308F1091DCC80917382CB319E02DB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057795F8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction ID: d5b4fbb2f8a8dc51dca4f76a6ff9e0d3321f8bf7b8aa662e43b067dfbd40ba3a
                                                • Opcode Fuzzy Hash: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction Fuzzy Hash: 26E0123494920CDBCF08DFA8E9419ADFBB9FB46304F1086ADD80957391CB315E42EB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05772DC0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction ID: febb10732370718f07f318b5f235dd2668f39ff5247d7b974d1b5290acf2d0e7
                                                • Opcode Fuzzy Hash: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction Fuzzy Hash: 5EE0123890920CEBCF04DFA4E941AADBBB5FB46304F10819DD81927391CB315E52DB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05774710 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction ID: 5dc29558480c974afe0764c0f4ef2455071551870c0f6a0026ff46aba7cf1ff3
                                                • Opcode Fuzzy Hash: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction Fuzzy Hash: F0E08C34908208DFCF04DFA4E8409ACBBB5EB46305F1081DCC80917380CB315E02DB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057757F0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction ID: 4967854f48f89b458946dbb0422f8c3ae2d7248f10232d96394f5f5c622c5a23
                                                • Opcode Fuzzy Hash: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction Fuzzy Hash: D9E0123490920CDBCF04DFE4E941AADBBB5FB46304F10819DD80917391DB319E42DB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057767B8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction ID: d51de51ddcddcbd86343c27109a69379ed0d277466674867f36f078f6639fc9e
                                                • Opcode Fuzzy Hash: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction Fuzzy Hash: 78E08C3490820CDFCB04DFA4E8409ACBBB8AB46310F1081DCC80927380CB316E12DB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05778E78 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction ID: ac6656d980278398b7d04096815b86653a819135763fd8c26ec8d02d425d1c79
                                                • Opcode Fuzzy Hash: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction Fuzzy Hash: B8E0123490920CDBCF14DFA4E9459BDBBB9FB46304F10819DD80957391CBB15E42DB96
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05776168 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction ID: d12b37d9b516d3cd945da13bc2f337486f01afef84b158d7e56c85d5fc60c90d
                                                • Opcode Fuzzy Hash: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction Fuzzy Hash: C9E0EC34909208EBCF04DFA4E9459ADBBB9EB46314F1081ADD80917395CB315E42DB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05772008 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction ID: 9f6fd8f8b3aeeb3faf7110d4ec845240412dced029ed27317aaca32b6395dd6c
                                                • Opcode Fuzzy Hash: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction Fuzzy Hash: C4E0EC38909208DBCB08DFA4E9419ADBBB9AB46304F10919DD80A17391CB325E52DB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05773BF0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction ID: 875a370a5dbc81d1a935fd34fd412e9f35a18340d1e42fae4c155001379aaa9a
                                                • Opcode Fuzzy Hash: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction Fuzzy Hash: 75E0123490920CDBCF04DFA8E9459ADBBB5FB46304F24859DD8091B391CB319E42EB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057703F8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aed5919ed429d08e1424cecf7034143ea51bad3eec8731693c8437d995f7dbd3
                                                • Instruction ID: 772397057be6f2450f8c738f9f1fa991d62135f619fc41c413bda3b41c623978
                                                • Opcode Fuzzy Hash: aed5919ed429d08e1424cecf7034143ea51bad3eec8731693c8437d995f7dbd3
                                                • Instruction Fuzzy Hash: 0BE0EC7091520CDFCF44EFB894486ACBBB9AB46205F6005BDC8099B351E7715A41DB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057712E0 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction ID: 8b2c276b5b55bdf413b0da85095a60572bbf02d6daa3126da4151df6949036f8
                                                • Opcode Fuzzy Hash: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction Fuzzy Hash: 40E0EC34A0920CDBCB04DBA8E9419ADBBB9AB46304F50919DD80957391CB319E42DB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057752A8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction ID: 66ea48a0e720ac5566742010eeb1c32bd4009265353e4af0c7704eadff957999
                                                • Opcode Fuzzy Hash: a76cdebf3a39c40b7a6065283f14f731c08f7aa404c43e37e07f05c8f2ded5e7
                                                • Instruction Fuzzy Hash: DAE0EC74A09308DBCB04DFA4E945AADBBB9BB46304F1081ADD80917391CB329E46DB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05A0CC70 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1a366ec827d8bc4bb259eb36ce4afa455a8cc328a0226d478e90a0471e61033c
                                                • Instruction ID: a1232281e005deb5a1a0c803de8be61a0cd0eb51a05724f851d38ea1a08f2b1f
                                                • Opcode Fuzzy Hash: 1a366ec827d8bc4bb259eb36ce4afa455a8cc328a0226d478e90a0471e61033c
                                                • Instruction Fuzzy Hash: 17E0C234908208DBCB04DFE4E840AADFBB4FB46320F10929DC80A173C0CB315E06DB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578E630 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d767847adafd91b36613aa7f50aa1d73435cda9ec0bfcc5d3c9bdc645a8000ed
                                                • Instruction ID: 645167744a3fc41bd4b0335e2a79e7699dc0743a8e2ce2df302c6c43a00df524
                                                • Opcode Fuzzy Hash: d767847adafd91b36613aa7f50aa1d73435cda9ec0bfcc5d3c9bdc645a8000ed
                                                • Instruction Fuzzy Hash: FDD0C2220A43447BC3028B108D01896BBB6AF81300708C09AE8089B222D735CA03A202
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A2EF Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ba1ae99f7a31429d9acf4c65b3656d9102b40ad98bb74caab87b87a610e665c4
                                                • Instruction ID: fa268b43716032a802b1e3950211914ec9bed5cf36b950ac28e9050064892eb2
                                                • Opcode Fuzzy Hash: ba1ae99f7a31429d9acf4c65b3656d9102b40ad98bb74caab87b87a610e665c4
                                                • Instruction Fuzzy Hash: 6FE01A74A14108DFEF00DF94E884BADBBB2FB85315F504016F842A7385CBB88A95CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05667FF2 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7248924b289964eb965a912d463edf83e1cc37182a56e5ca8b6f63975ae2b690
                                                • Instruction ID: df8556e857abf37f12b3afec19156032e20d05144df12cf11dc77cb86178a158
                                                • Opcode Fuzzy Hash: 7248924b289964eb965a912d463edf83e1cc37182a56e5ca8b6f63975ae2b690
                                                • Instruction Fuzzy Hash: 34F0FF7499126BCFDB74CF24D985BA9BBB1BB48300F0081EA991DA3751EB301E85DF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566B968 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 65fa62c3de5df1b1841cba43affd64bbeecf70b33553da91357e3ba4d2b52fe8
                                                • Instruction ID: d34296cd089531428e7a550dff78f92eda8bdadc639abbb5561ade6b4a49e514
                                                • Opcode Fuzzy Hash: 65fa62c3de5df1b1841cba43affd64bbeecf70b33553da91357e3ba4d2b52fe8
                                                • Instruction Fuzzy Hash: 74E01275A0420CEFDB04DFB5D94166DBBB9EF89200F508599E808E7241DE315F019781
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A8E9 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 76e6563233925bfb8fed830d5f27e962bdae089edd78e14c216b61e718306427
                                                • Instruction ID: b42547f3823163cf03f5d2c0f535a9146c182f1a08571e6a0b5003cb7a91cddd
                                                • Opcode Fuzzy Hash: 76e6563233925bfb8fed830d5f27e962bdae089edd78e14c216b61e718306427
                                                • Instruction Fuzzy Hash: 17E01A34A24108DFDF15DF98E484B9DB7B1FF84304F500015F84297385CBB89A55CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577C774 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: efbf0478c30037372d062cc9e8f82eb0895342f6197d023e4ea655119334e777
                                                • Instruction ID: b0957bf803bb80a35a6812c561cc29c9abf59a2df9b8c9ba804ad858f9590a61
                                                • Opcode Fuzzy Hash: efbf0478c30037372d062cc9e8f82eb0895342f6197d023e4ea655119334e777
                                                • Instruction Fuzzy Hash: 7CF0C278A0522D8FDF20EF20DA48BE9BBB2EB84305F0440E6944D67251D7785F85CF01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05770BD3 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f70963519f6f4cc8c0f41de88e049f4920da3ff5ec8ac4dbe79e6d23d2264bae
                                                • Instruction ID: 1e20e37a6fc9bfb4889994ac79949bc82a79f712b5cdc692e06a7ac7a8487d37
                                                • Opcode Fuzzy Hash: f70963519f6f4cc8c0f41de88e049f4920da3ff5ec8ac4dbe79e6d23d2264bae
                                                • Instruction Fuzzy Hash: 83E02B35948144DFCB04CBA0EE45BADB3B5FB43304F14409C881A57390CB32AF02EB10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577DBD9 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 25b6e04a6d188c5986f2c8ddc89d43705f3194f1280db92c6bd954908195c6d4
                                                • Instruction ID: d610b7d365afdcc73c42d9d27aa7e802d10f661c1b39f162f48303ca9ffba60c
                                                • Opcode Fuzzy Hash: 25b6e04a6d188c5986f2c8ddc89d43705f3194f1280db92c6bd954908195c6d4
                                                • Instruction Fuzzy Hash: 1DE012B590421C8FCF11CFA5D990BDEBBF9EB4D301F004196A589AB280D7349A80CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05789841 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c77dd4bf92729d685cb4b7fe750a2ba9d3c8b03904e49abb591df327435c91a7
                                                • Instruction ID: 265126a61c7bff61a7d2ac8b0898c1b9cc5d16278ae566ea36022776633dcfee
                                                • Opcode Fuzzy Hash: c77dd4bf92729d685cb4b7fe750a2ba9d3c8b03904e49abb591df327435c91a7
                                                • Instruction Fuzzy Hash: 7ED05E73148388AFC7029BB5D944C317FB9EE1712075640D6E2449F273D262D856E710
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566B920 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6be7daa6f322143c7b2677dd00c350afe6db11089c0ca5efc687397978a112f2
                                                • Instruction ID: bbab63044edad510b6865448d54385e3086ceb97866cc69c79cd9c054113ae36
                                                • Opcode Fuzzy Hash: 6be7daa6f322143c7b2677dd00c350afe6db11089c0ca5efc687397978a112f2
                                                • Instruction Fuzzy Hash: 4AE01274A01208EFCB04DFE5D64169DB7F5EF89204F104599E40CE3301DA316F009B91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0577A14A Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 79c53aeebfa79f74f49eabe91c999e7b2a823e94249f235ea2e312a2aac9ec50
                                                • Instruction ID: d7806c1ac4d577ccae9ea23becdec638c2e86c201f6d824abe21cd63970237e3
                                                • Opcode Fuzzy Hash: 79c53aeebfa79f74f49eabe91c999e7b2a823e94249f235ea2e312a2aac9ec50
                                                • Instruction Fuzzy Hash: 54D0A7330CA2094BEB058650A84936A32A8E303214F440478AC09D61E2DF28940AE225
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05770BE0 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea50d1ba63097d552913e61fa06bfeac6bac884cba1783a154d419e9862195cd
                                                • Instruction ID: 6eb7338f00192ba44317c63b10bd86398a9ae4734e0c8e5ce9fa4ffaa213ba20
                                                • Opcode Fuzzy Hash: ea50d1ba63097d552913e61fa06bfeac6bac884cba1783a154d419e9862195cd
                                                • Instruction Fuzzy Hash: 93D05E30549108DFCB44CB98E844A69B3BCEB47308F10809C9809573A1CB32AE02DB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05771AA0 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea50d1ba63097d552913e61fa06bfeac6bac884cba1783a154d419e9862195cd
                                                • Instruction ID: c8343039678beb8a2df969801d1e9fad0a5ca523672e713f96aa2afb491a8b5e
                                                • Opcode Fuzzy Hash: ea50d1ba63097d552913e61fa06bfeac6bac884cba1783a154d419e9862195cd
                                                • Instruction Fuzzy Hash: 34D0A73050924CDFCF14CB98E801A69B3BCEB47304F50419CD80957391CB729D02D790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A549 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 50455de58be4cdfb67f015288ec708998d734cdff50c083bd334ed1e1ec070df
                                                • Instruction ID: dc4fe1b644afe7543f66bf36911af077096d8b5dd98148d09cb5563bd24026c5
                                                • Opcode Fuzzy Hash: 50455de58be4cdfb67f015288ec708998d734cdff50c083bd334ed1e1ec070df
                                                • Instruction Fuzzy Hash: 1CE0E538A04218CBCB98DB24D895799BBB2EB85301F40809AA40E63350CF345E89CF81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A481 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b17766ac9524452983953e57fbafeee9b8e6cfda4753764d1349cec09879794c
                                                • Instruction ID: cde1cc0d442a950f1fd6aab48f7c660d4e81556468bf66ca20615d556e7f5f64
                                                • Opcode Fuzzy Hash: b17766ac9524452983953e57fbafeee9b8e6cfda4753764d1349cec09879794c
                                                • Instruction Fuzzy Hash: 63E01A34A06218DFCB18EF64D99579D7BB2EB84300F000099A50D63341CF301F84CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A68E Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 09b81b3a309fceee9764ee9f5d62907c888d7ce1d491a1fe5a8b99b8fa5bb1f9
                                                • Instruction ID: 063ed5fa4ef48fbb5312f30e8e757a889d7cd2e4ec86dc176ce84569fb00c870
                                                • Opcode Fuzzy Hash: 09b81b3a309fceee9764ee9f5d62907c888d7ce1d491a1fe5a8b99b8fa5bb1f9
                                                • Instruction Fuzzy Hash: A3E01A34A00229CFCB68DF64D996BAEB7B1EB88311F4001AAA90DA7344DF301E84DF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A1C2 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: df54187fdd96a4b27cd9be21cdf3da719be416c0fe42ed89b3824670ff73d6bc
                                                • Instruction ID: 767390614f741d4ec123ea94e61b51100fd81eda28a667863d6235c55602f04a
                                                • Opcode Fuzzy Hash: df54187fdd96a4b27cd9be21cdf3da719be416c0fe42ed89b3824670ff73d6bc
                                                • Instruction Fuzzy Hash: BCE0EA74912229CFEB94CF65D899BD8BBF1BB48215F10429AE40EA3740DB341A85CF64
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05669E37 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9fb1f2424cf670ddbfc116b0fcbbaf35edd539d50eb75bb0ad42cb1f630949e
                                                • Instruction ID: e42b0c5323d4a2c2abe1c3c9b09ab4e718e0ffa530ffc0bb9c0e13505876ab7b
                                                • Opcode Fuzzy Hash: f9fb1f2424cf670ddbfc116b0fcbbaf35edd539d50eb75bb0ad42cb1f630949e
                                                • Instruction Fuzzy Hash: 85D0C730924108DFDF14DF55E45599D7736FF45305F500416F44256385CF748955CAA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF0840 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f7512df3550cc3865c8e23a409f411411989882acd55bcd5f791fea56b625645
                                                • Instruction ID: ab6ca82c8e690617e4cafef53bf0d0f5d5cee389f4ef28fdc4c8b30ec7c5c3f6
                                                • Opcode Fuzzy Hash: f7512df3550cc3865c8e23a409f411411989882acd55bcd5f791fea56b625645
                                                • Instruction Fuzzy Hash: 59C08C2588D7C81FCB0293F4B9A64C87F304C4B00431882EBC8C58B8F3C2501807CB02
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05A0CFF8 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 55c41764159bab3076413d23c9b87c22facffa2277191e1fcef8c7696a7de304
                                                • Instruction ID: b16118201e3de6f2980ebd2cbdcaca043277df883b599c82a738f4489ea720f6
                                                • Opcode Fuzzy Hash: 55c41764159bab3076413d23c9b87c22facffa2277191e1fcef8c7696a7de304
                                                • Instruction Fuzzy Hash: 3AC08C3206E20486D6049BD47408B723BACA303302F843904A00F000E19BA00046C618
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578D818 Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 311f624ae98336340322ebf7f8db1cd7c36b848f027889966b2b6f6e09003c25
                                                • Instruction ID: e5c634ce9fdb763b9e11ea3160221787770c3d3519d693521b1eff85f2e26fab
                                                • Opcode Fuzzy Hash: 311f624ae98336340322ebf7f8db1cd7c36b848f027889966b2b6f6e09003c25
                                                • Instruction Fuzzy Hash: 0DD0A971008388AFC7029BA4AC0CC067F789B07340F0680E2E5848A1B3D7219821CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 057804D0 Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 766c64652bcbabf01891da16d81df3a3b666f9f0ba7e1462c406b80be4199841
                                                • Instruction ID: 8ed3045bf17867631656696195654593dc2589b96b23335d332b3e6ef0b8f358
                                                • Opcode Fuzzy Hash: 766c64652bcbabf01891da16d81df3a3b666f9f0ba7e1462c406b80be4199841
                                                • Instruction Fuzzy Hash: 26C02BF39D90900FD301C5F0CD2A7016E00DBB0345B0348617004484C19920D012C802
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05662EE9 Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9cb16c8a1e12baedad51c85ab8c097d528a88312518d96fd480402c3e2f0b7d9
                                                • Instruction ID: 1871f9312e900b19b04fb836af9725401c448e1b1190f2e51fb98ca40ed8d0fa
                                                • Opcode Fuzzy Hash: 9cb16c8a1e12baedad51c85ab8c097d528a88312518d96fd480402c3e2f0b7d9
                                                • Instruction Fuzzy Hash: 27C00276E1001A9A8B00DAD9E9508DCBB74EB94321F404026E215A7104D63015268B54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05789850 Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578D828 Relevance: .0, Instructions: 7COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 76fe61125715174f5e1f9f018ac7bd94579aee39cf48984105885d3d4331ca80
                                                • Instruction ID: b042ca432fb179818e6d893c46b93cdb44a455204a1f9d8609665c07b5a76cc4
                                                • Opcode Fuzzy Hash: 76fe61125715174f5e1f9f018ac7bd94579aee39cf48984105885d3d4331ca80
                                                • Instruction Fuzzy Hash: 42B09232000208AB86049FC8E808C56BB69AB59740700C125E6094A2228B32A822DB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0578EBEB Relevance: .0, Instructions: 5COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 757b36de80d6222b1f74c4188614b18944f765eb1a2a0ee40e2f81a561fe1c24
                                                • Instruction ID: cb7439df19e4664e5813f5f1f7f532b858b1cf1739e1c4216e96fb3b746232f8
                                                • Opcode Fuzzy Hash: 757b36de80d6222b1f74c4188614b18944f765eb1a2a0ee40e2f81a561fe1c24
                                                • Instruction Fuzzy Hash: E2B01232848101A6E70046408907B05FBE4E760B02F008411F24C50280C9304010E611
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05787383 Relevance: .0, Instructions: 5COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 41621e99e25a8ce908eaeb8ca8b5ba76554331e85c1ad1bf2720cd410f7246cc
                                                • Instruction ID: ab3f39fa2ef1e13b692922c39338466351ad076936d496fdc43ef852a868a844
                                                • Opcode Fuzzy Hash: 41621e99e25a8ce908eaeb8ca8b5ba76554331e85c1ad1bf2720cd410f7246cc
                                                • Instruction Fuzzy Hash: 54A0228300AEC33ACB0233B0CC8FB0AABF0BF02200FCC00C20000C0E22E82CC2002320
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566A36E Relevance: .0, Instructions: 5COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a654943c67ab3e9883d848ff02d20b95940c7d54f2a9b820f20ebd7718fa5672
                                                • Instruction ID: a797c509cb6d03ea1dbb527ae15bbf371f932e09254617508fe682be576f8ef0
                                                • Opcode Fuzzy Hash: a654943c67ab3e9883d848ff02d20b95940c7d54f2a9b820f20ebd7718fa5672
                                                • Instruction Fuzzy Hash: 65B0123051021086CF085B20D04969D3B60AB01301F00000A780351140CFB88000C660
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF0850 Relevance: .0, Instructions: 5COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 467cd37a9e7b7ec61c5adeb6659e52fed34dd617434ccd85fa386a8568a31d04
                                                • Instruction ID: 491d9a2e625c99116ee8fdc2e5a8b7092975900fb43b8a4ea3de69d2586170e4
                                                • Opcode Fuzzy Hash: 467cd37a9e7b7ec61c5adeb6659e52fed34dd617434ccd85fa386a8568a31d04
                                                • Instruction Fuzzy Hash: 33902230000F0C8B000033E03C08080B30C88000023800000A00C00800BB20200000AC
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 059C5168 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: z:a%
                                                • API String ID: 0-1004040451
                                                • Opcode ID: 476d9216a32906de74372175c47bb17e3744242e55372365dcda55501d51bf81
                                                • Instruction ID: d674f7768822655b954fe2c69581702fdfd9d6bfc79b21268c051943274530ae
                                                • Opcode Fuzzy Hash: 476d9216a32906de74372175c47bb17e3744242e55372365dcda55501d51bf81
                                                • Instruction Fuzzy Hash: 3DB14A70E05208CFDF54EFA4E494BADBBB2FB89305F1094AAE00AA7295DB745D85CF01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05760040 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800022262.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5760000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: j
                                                • API String ID: 0-2137352139
                                                • Opcode ID: 6998a8525e6dd31dc8b380468b80f0ea834014b069d5173cba73e412764cfee0
                                                • Instruction ID: 6a150ad139d0fac17dc3101ef43553daad4b140e63b68311364ff90bfba0feea
                                                • Opcode Fuzzy Hash: 6998a8525e6dd31dc8b380468b80f0ea834014b069d5173cba73e412764cfee0
                                                • Instruction Fuzzy Hash: 72513D71D016598BEB68CF2B8D447DAFAF3AFC9300F04C1FA994CA6254DB740AC59E50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566355E Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: e
                                                • API String ID: 0-4024072794
                                                • Opcode ID: 124bf94d32cee8b57724d8db028206a8eade859cecf9758a82c4f89651451be6
                                                • Instruction ID: 2ba60ab851298b428203e61cc797c9db1c0174d28347d7c9f2b76a2bedb60072
                                                • Opcode Fuzzy Hash: 124bf94d32cee8b57724d8db028206a8eade859cecf9758a82c4f89651451be6
                                                • Instruction Fuzzy Hash: 39413DB1E046588BEB1CCF6B9C4069EFAF7BFC9200F14C1B9951CAB255DB3045468E15
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFD5A0 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: U
                                                • API String ID: 0-3372436214
                                                • Opcode ID: 5e681b582d141d148f4f182c29f52b479fc4f074a5da26be4c109ee32ec3d4d4
                                                • Instruction ID: 7a2857a398e7fa320cf6c1d4cb5d77c2abe30f376c207c99efd2f27d774a9056
                                                • Opcode Fuzzy Hash: 5e681b582d141d148f4f182c29f52b479fc4f074a5da26be4c109ee32ec3d4d4
                                                • Instruction Fuzzy Hash: 3A317DB1E056188BEB5DCF6B8C4469AFBF7AFC9300F14C1BA950CA6264DF3409869F10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFD590 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: U
                                                • API String ID: 0-3372436214
                                                • Opcode ID: 2be627e54807cb5fc9f2e0e0afc185c98a23a7e5d81c244a2144f958d2fa83b0
                                                • Instruction ID: 5f679ea081e73ef1809384f75e35f22ba85843305c95478abd396cb18d407bf7
                                                • Opcode Fuzzy Hash: 2be627e54807cb5fc9f2e0e0afc185c98a23a7e5d81c244a2144f958d2fa83b0
                                                • Instruction Fuzzy Hash: D6315F71E056188BEB5DCF6B8C4529AFAF7AFC9300F14C1BA940CA6264DF3449829F15
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05780040 Relevance: .3, Instructions: 341COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800156595.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5780000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 04e6a31fdf87984071c672b93e8ad409504a15936bf5e459c29f7f3c173e34f1
                                                • Instruction ID: 6c355f856bbcc8a8c5e14ddefc45117d80c90fbc93fcf7679a9bfd9ba5ec4e95
                                                • Opcode Fuzzy Hash: 04e6a31fdf87984071c672b93e8ad409504a15936bf5e459c29f7f3c173e34f1
                                                • Instruction Fuzzy Hash: B8D13C35A50604CFDB14DF69C588AAEB7F2BF88310F25C5A9E805AB362DB70EC45DB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05661813 Relevance: .3, Instructions: 325COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 870a18414db8717164d455043d2e2b8a782cb611bf8fa8a5dd3a65d1f733c803
                                                • Instruction ID: 4e7eb63301caaf096eac7cd08517b0748dc671b3be826b20fd8967dfca5db37b
                                                • Opcode Fuzzy Hash: 870a18414db8717164d455043d2e2b8a782cb611bf8fa8a5dd3a65d1f733c803
                                                • Instruction Fuzzy Hash: 5FE1C070E042589FDB14CFA9C980A9DFBF2FF89304F24C659D459AB20AD734A946CF94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05778EB8 Relevance: .3, Instructions: 297COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bca3636a0a2d396a807220fb9dd8b9faa833b9ded72643f9b5b4802df55ffea4
                                                • Instruction ID: 231b0f0e130f153c266c4d8796a44259269172c6ab01cd8f38d12983f3342d47
                                                • Opcode Fuzzy Hash: bca3636a0a2d396a807220fb9dd8b9faa833b9ded72643f9b5b4802df55ffea4
                                                • Instruction Fuzzy Hash: 42D106B0E05208CFEF54DFA5D848B9DBBF2FB49314F1080AAE419AB295D7745985DF01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05778EA9 Relevance: .3, Instructions: 294COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 17e43cd6fe0ab1397a40c4165a356775962fc39936427c2dda1a105f6a7e14ea
                                                • Instruction ID: f94280794549648c2d84c3facc1d6f1ef848ce23ed54a8e3ee2ac4947bbe6fbf
                                                • Opcode Fuzzy Hash: 17e43cd6fe0ab1397a40c4165a356775962fc39936427c2dda1a105f6a7e14ea
                                                • Instruction Fuzzy Hash: 23D116B4E05208CFEF54DFA5D848B9DBBF2FB49304F1080AAE419AB285D7745986DF01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566B450 Relevance: .2, Instructions: 242COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c7a68e9ed45ad398edb65a6694eff74c9503d6d6073d3663d8bb994b1f22268e
                                                • Instruction ID: f624aeb167b838eaf7a5c89d80334d69da3def81105ebe7606c22d6894e4b6c5
                                                • Opcode Fuzzy Hash: c7a68e9ed45ad398edb65a6694eff74c9503d6d6073d3663d8bb994b1f22268e
                                                • Instruction Fuzzy Hash: 5CA1A070E05218CFEB14DFA9D884BADBBF2FB89304F1095A9D409E7265DB745986CF04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0566B442 Relevance: .2, Instructions: 234COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4e9fce4305d71684c62c06bb945cf163555d8f89e4286698248f5b1174b8d4a1
                                                • Instruction ID: 0b7423b1d8b6649813e57df22ecb820ec1682e36b6de29c62f1e6e95790f419b
                                                • Opcode Fuzzy Hash: 4e9fce4305d71684c62c06bb945cf163555d8f89e4286698248f5b1174b8d4a1
                                                • Instruction Fuzzy Hash: 22A1AFB4E05218CFEB14CFA9D884BADBBB2FB89304F1485A9D409E7365DB745986CF04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05770C40 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 17988decb58fe6c026d4b9342a28ef8f9dd40f38eec62d225cffedad8fc3153b
                                                • Instruction ID: 9a0605f5b9a2933591f29e33afab41e0f6367d108432036423dd6d75f005eb0d
                                                • Opcode Fuzzy Hash: 17988decb58fe6c026d4b9342a28ef8f9dd40f38eec62d225cffedad8fc3153b
                                                • Instruction Fuzzy Hash: FC911574D0421CCFDB54DFA9E948BEDBBB2FB89304F1080AAD409A7245DBB45A86DF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFA3B8 Relevance: .2, Instructions: 208COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 99de12f54f427c7af043138959c4227288b8f92e4abe554bfc675594682e83d1
                                                • Instruction ID: 4e5b88193f703640e6dd980d8f137687c42cedcb5f4f063802bab0ba257e4764
                                                • Opcode Fuzzy Hash: 99de12f54f427c7af043138959c4227288b8f92e4abe554bfc675594682e83d1
                                                • Instruction Fuzzy Hash: F081DDB4E4520CCFDB04CFE9C5487EDBBF1AB59301F20802AE609B7241D7B94A85CB66
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05772DF3 Relevance: .2, Instructions: 208COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0ad97c0e2d188b799c2042b390feefe5ecbcef632a39dd69d099a4058ac4034d
                                                • Instruction ID: 2b85ef915988bcd9aaf3c9a37c6b0ef23ff6a22239a122c1de593136e0289c8a
                                                • Opcode Fuzzy Hash: 0ad97c0e2d188b799c2042b390feefe5ecbcef632a39dd69d099a4058ac4034d
                                                • Instruction Fuzzy Hash: 3C810474E0520CCFDF54DFA9E848BADBBB2FB49300F10906AE41AA7256DBB85945DF04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05772E00 Relevance: .2, Instructions: 207COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b293bef3d78008b8efe6df8a3d2b311a559f5a4b15bf00197dbdc9ef87718e34
                                                • Instruction ID: 793062f68ffa245b759cd208c37b54d624caa20e546b1e702ebcad5f205c7a40
                                                • Opcode Fuzzy Hash: b293bef3d78008b8efe6df8a3d2b311a559f5a4b15bf00197dbdc9ef87718e34
                                                • Instruction Fuzzy Hash: B2811474A0521CCFDF54DFA9E848BADBBF2FB49300F109069E01AA7256DBB45945DF04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05772F07 Relevance: .2, Instructions: 200COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6b19d4bad0ad48a9e04ffc10d14412c8d2f7d76cdb06c47e810e0d86eef501d5
                                                • Instruction ID: 6e402a6a09b578f6813decdf74a2418ab3bf5ce3d3a511157b6894e4a579d6ff
                                                • Opcode Fuzzy Hash: 6b19d4bad0ad48a9e04ffc10d14412c8d2f7d76cdb06c47e810e0d86eef501d5
                                                • Instruction Fuzzy Hash: F381E274A0520CCFDF54DFA9E888BADBBF2FB89300F109069E41AA7256DB745946DF04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05770C50 Relevance: .2, Instructions: 199COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1285b59a479a292a7548fb5110c9ce0a04485c235f08076e9729ad1f2d4f8900
                                                • Instruction ID: 7b43f03485f757d0c36d8f3d088f6523e763a7da71762a06c971440c4347d193
                                                • Opcode Fuzzy Hash: 1285b59a479a292a7548fb5110c9ce0a04485c235f08076e9729ad1f2d4f8900
                                                • Instruction Fuzzy Hash: E181F274D0422CCFDF54DFA9E948BADBBB2FB89304F00906AE009A7255DBB45A85DF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05771B10 Relevance: .2, Instructions: 192COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6dc126b34e5aef4d17924f84ba8f6af9ca3aed86832f48d8a273729ab0745210
                                                • Instruction ID: 76846181b75e01565a1f0ef613895457ea09a80283e74b606c66d75d5c32c078
                                                • Opcode Fuzzy Hash: 6dc126b34e5aef4d17924f84ba8f6af9ca3aed86832f48d8a273729ab0745210
                                                • Instruction Fuzzy Hash: 7171F470A0420CCFDF58DFA9E844BADBBB2FB89304F50912AD41AA72A5DB745942DF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05A0CCB0 Relevance: .2, Instructions: 182COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d0f5e4461b52218e7677d86993f31e196afa144931d45c9846fb36218ece3f20
                                                • Instruction ID: df870080476461afcd8d4aa47de5773c3f89b26a7e9c5770dc85ef11f9fd455c
                                                • Opcode Fuzzy Hash: d0f5e4461b52218e7677d86993f31e196afa144931d45c9846fb36218ece3f20
                                                • Instruction Fuzzy Hash: D6712770D65218CFDB14DFA9E855BADFBB6BF49324F20A169D009A7281DB704D86CF10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF5DD8 Relevance: .2, Instructions: 170COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f7b352722309244ada697c1e1491287c334b6ff20a1426c7cd3240c821a5f88c
                                                • Instruction ID: 1253ef44807fb27c5624765b659bbc9859cecfba79c3d4bf84033b80ea62f08c
                                                • Opcode Fuzzy Hash: f7b352722309244ada697c1e1491287c334b6ff20a1426c7cd3240c821a5f88c
                                                • Instruction Fuzzy Hash: 91712FB1A116498FDB08DFAAE8416DEBBF3FBC8315F14C129D004AB259EF7459068F50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AF5DE8 Relevance: .2, Instructions: 165COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 99ab2a219e7c05c12e6faefcdc589068f998a9b837746594db708278e0ed46c1
                                                • Instruction ID: 088a83834362f44fea518ddfc306eddfa3dbc5c3494af34fa46e4b0c716afaed
                                                • Opcode Fuzzy Hash: 99ab2a219e7c05c12e6faefcdc589068f998a9b837746594db708278e0ed46c1
                                                • Instruction Fuzzy Hash: 99610DB1A116058FDB08EFAAE9416DDBBF3FBC8311F14C129D005AB269EF7459068F50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05771311 Relevance: .1, Instructions: 145COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b43e78501044f7ed0bc80bc436f1193552f5cf17770c414bb3b6be50bb1621bc
                                                • Instruction ID: 4d468d07f9af1e8d30788cd5e759b1190b90bc624e457cc24caed5c0c373e9f8
                                                • Opcode Fuzzy Hash: b43e78501044f7ed0bc80bc436f1193552f5cf17770c414bb3b6be50bb1621bc
                                                • Instruction Fuzzy Hash: 8851F170D0521CCFDF14DFA9E948BEDBBB6FB89304F90506AE009A7285C7B45946DB04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05771320 Relevance: .1, Instructions: 143COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800100125.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 05770000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5770000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e59b360e73134fa56e19ecca2992a346e9561a6c4c280d1db7d069a4531c1b10
                                                • Instruction ID: e608239809bcd8d44e2f275eb88696a208df53998e2b41f44ab4c720fe087c67
                                                • Opcode Fuzzy Hash: e59b360e73134fa56e19ecca2992a346e9561a6c4c280d1db7d069a4531c1b10
                                                • Instruction Fuzzy Hash: 6651E070D0521CCFDF14DFA9E948BEDBBB6FB8A304F90506AD00AA7285D7B45946DB04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05665E3E Relevance: .1, Instructions: 123COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 039779226ac6c9f03440ff55684c59f81679406fd19fce62e40c5c95ebf0a1c9
                                                • Instruction ID: b092c89e36262e6b8b0010afdb5a68e09845f1eabb9c2b6d161e0cadced9c75a
                                                • Opcode Fuzzy Hash: 039779226ac6c9f03440ff55684c59f81679406fd19fce62e40c5c95ebf0a1c9
                                                • Instruction Fuzzy Hash: DC613BB4E142289FDBA0CFA9D885BDDBBF1BF49304F4082A5E458E7205D734AA85CF01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05661328 Relevance: .1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c4fd659f02ba135c23913135dcebf58f0be1ec35593b483df843ea049a5ae849
                                                • Instruction ID: bee5641a0114658627322a6a27e0e8c60b54dd0d6d461a0149ff997714ad5f87
                                                • Opcode Fuzzy Hash: c4fd659f02ba135c23913135dcebf58f0be1ec35593b483df843ea049a5ae849
                                                • Instruction Fuzzy Hash: CF4128B5E016198BDB08CFABC94069EFBF3BFC8300F14C17AD958AB254DB3459468B54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05760007 Relevance: .1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800022262.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5760000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 993c6b1fe7b1f195802ec08b5a458c71d4d7838689da8e9f56b625924c415dd8
                                                • Instruction ID: 7a2f4d12454659454cf8348820b30f3ce7e4c83326a7ed66f58d30ad866dbb96
                                                • Opcode Fuzzy Hash: 993c6b1fe7b1f195802ec08b5a458c71d4d7838689da8e9f56b625924c415dd8
                                                • Instruction Fuzzy Hash: 85513DB1D056588BE769CF278D546CAFAF3AFC9300F04C1FAD54CAA265DB740A858F11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0576D220 Relevance: .1, Instructions: 114COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800022262.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5760000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0c10dac578de2fd6fb8de8710dfd1e914366be3b3b6b34a64bcaa757afdd16e2
                                                • Instruction ID: 107292da5abd77fa56794011caef62ab649b7053faf2d84d252f81828c6a35c9
                                                • Opcode Fuzzy Hash: 0c10dac578de2fd6fb8de8710dfd1e914366be3b3b6b34a64bcaa757afdd16e2
                                                • Instruction Fuzzy Hash: 4941CDB4E14348DFDB24CFAAD885A9DBBB1BB09300F209129E815BB255D7749885CF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05661338 Relevance: .1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1799183235.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_5660000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 973cef22aedf8fb22dc0632ad97cdf5e9f85bedc0f66224f6beff77717b03002
                                                • Instruction ID: b3f62c0659d71d9672156819e2e4bb51b025ac64ea66b8c8d2fd2e4639a9c5be
                                                • Opcode Fuzzy Hash: 973cef22aedf8fb22dc0632ad97cdf5e9f85bedc0f66224f6beff77717b03002
                                                • Instruction Fuzzy Hash: E0412AB5E016198BDB1CCFABC94059EFAF3BFC8300F14C17A9918AB264EB7459428F54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059F0040 Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1abfd6d383abb172b4939c9cb989e7f4f7e30fc7454ad7ff1b4cf657569a6177
                                                • Instruction ID: 1386cb107bd1444684eed8829178f079d1ccd54cce726cedf347428ea49457cc
                                                • Opcode Fuzzy Hash: 1abfd6d383abb172b4939c9cb989e7f4f7e30fc7454ad7ff1b4cf657569a6177
                                                • Instruction Fuzzy Hash: 7741F871E052188BDB28CF6AD8587DABBF6FF88300F04C4AAD50DA6655EB740A85CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C4290 Relevance: .1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 53151d3fd95fbb58d55fd7688b668585671e94da5f91a4f5777aa855a342373a
                                                • Instruction ID: 9497f3a2a1013f46b8a4f0b9e4fd8dc5a4ef0f45e5c6b4aebd8eb7ca905e0e49
                                                • Opcode Fuzzy Hash: 53151d3fd95fbb58d55fd7688b668585671e94da5f91a4f5777aa855a342373a
                                                • Instruction Fuzzy Hash: 4541FCB5D04258DFCF00CFA9D480AEEFBF0AB49310F14946AE445B7240C778AA49CFA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059C4288 Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800786309.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59c0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 42f1abd1986ae399e5dfdf6433aea7f9b1565812f3f7dfb0ec220dd7164560aa
                                                • Instruction ID: 4d19bc544114e93212dd86cd2dc49a4dee8341032efc8d9403c22e9f30b42c64
                                                • Opcode Fuzzy Hash: 42f1abd1986ae399e5dfdf6433aea7f9b1565812f3f7dfb0ec220dd7164560aa
                                                • Instruction Fuzzy Hash: B441FEB9D04259CFCF00CFA9D580AEEFBF0AB09310F14946AE455B7240C778AA45CFA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 059F0006 Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1800820053.00000000059F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_59f0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cb2910327857493a5f543e96cca0da36ed1a990c97d650ae29b33c587b8f2ee9
                                                • Instruction ID: 5aa6baf89ba706f1c1f26e67df9947e13e3366e0c6ef6543df63f042b28697f3
                                                • Opcode Fuzzy Hash: cb2910327857493a5f543e96cca0da36ed1a990c97d650ae29b33c587b8f2ee9
                                                • Instruction Fuzzy Hash: EA312D71D057548BDB29CF6ACC4578ABBF7AF85300F08C0FA9448A6256EB740A85CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFB898 Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1b767633a7326b62c46a5e3ddff2b7633182de3571591a56f5aa54a2f044ffe4
                                                • Instruction ID: 87dbca0c1387b813c60360683e67c0c61b837b17a60449b85ee3a9acf975d722
                                                • Opcode Fuzzy Hash: 1b767633a7326b62c46a5e3ddff2b7633182de3571591a56f5aa54a2f044ffe4
                                                • Instruction Fuzzy Hash: 0F21CB71E056188BEB18CFABC9406DDF7F7AFC9300F14C1AAD949AA254DB704A468F54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AFB88A Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1784680709.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_af0000_QUOTATION_MARQTRA031244#U00faPDF.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: faac0ae547171da9c5b46b89bcad963484dea81bc247d99048ca7ae327d351bb
                                                • Instruction ID: bdaab0d32bf31f6b756dd4992a40b522c032aff18234c36d1db770b97bfdbc24
                                                • Opcode Fuzzy Hash: faac0ae547171da9c5b46b89bcad963484dea81bc247d99048ca7ae327d351bb
                                                • Instruction Fuzzy Hash: EA217CB1D056189BEB18CF6BC9402DEFAF7AFC9300F14C1BAD949A6254DB700946CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Execution Graph

                                                Execution Coverage:10.6%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:2.2%
                                                Total number of Nodes:136
                                                Total number of Limit Nodes:13
                                                execution_graph 23747 a070b0 23748 a070f4 CheckRemoteDebuggerPresent 23747->23748 23749 a07136 23748->23749 23636 5c7e420 23637 5c7e47a OleGetClipboard 23636->23637 23638 5c7e4ba 23637->23638 23750 5c7c830 DuplicateHandle 23751 5c7c8c6 23750->23751 23639 a00848 23641 a0084e 23639->23641 23640 a0091b 23641->23640 23644 a014b8 23641->23644 23650 a0137f 23641->23650 23645 a01396 23644->23645 23646 a014ae 23645->23646 23647 a014b8 2 API calls 23645->23647 23657 5c75ca3 23645->23657 23663 5c75cb8 23645->23663 23646->23641 23647->23645 23652 a012b3 23650->23652 23653 a01383 23650->23653 23651 a014ae 23651->23641 23652->23641 23653->23651 23654 a014b8 2 API calls 23653->23654 23655 5c75ca3 2 API calls 23653->23655 23656 5c75cb8 2 API calls 23653->23656 23654->23653 23655->23653 23656->23653 23658 5c75cca 23657->23658 23662 5c75d7b 23658->23662 23669 5c74234 23658->23669 23660 5c75d41 23674 5c74254 23660->23674 23662->23645 23664 5c75cca 23663->23664 23665 5c74234 GetModuleHandleW 23664->23665 23668 5c75d7b 23664->23668 23666 5c75d41 23665->23666 23667 5c74254 KiUserCallbackDispatcher 23666->23667 23667->23668 23668->23645 23670 5c7423f 23669->23670 23678 5c76e63 23670->23678 23685 5c76e78 23670->23685 23671 5c75f1a 23671->23660 23676 5c7425f 23674->23676 23677 5c7ddfb 23676->23677 23722 5c7d904 23676->23722 23677->23662 23679 5c76ea3 23678->23679 23692 5c77400 23679->23692 23697 5c773d0 23679->23697 23680 5c76f26 23681 5c7629c GetModuleHandleW 23680->23681 23682 5c76f52 23680->23682 23681->23682 23686 5c76ea3 23685->23686 23690 5c77400 GetModuleHandleW 23686->23690 23691 5c773d0 GetModuleHandleW 23686->23691 23687 5c76f26 23688 5c7629c GetModuleHandleW 23687->23688 23689 5c76f52 23687->23689 23688->23689 23690->23687 23691->23687 23693 5c7742d 23692->23693 23694 5c774ae 23693->23694 23702 5c779e5 23693->23702 23710 5c77a66 23693->23710 23698 5c7742d 23697->23698 23699 5c774ae 23698->23699 23700 5c77a66 GetModuleHandleW 23698->23700 23701 5c779e5 GetModuleHandleW 23698->23701 23700->23699 23701->23699 23703 5c77a06 23702->23703 23718 5c7629c 23703->23718 23705 5c77b02 23706 5c7629c GetModuleHandleW 23705->23706 23709 5c77b7c 23705->23709 23707 5c77b50 23706->23707 23708 5c7629c GetModuleHandleW 23707->23708 23707->23709 23708->23709 23709->23694 23711 5c77ab6 23710->23711 23712 5c7629c GetModuleHandleW 23711->23712 23713 5c77b02 23712->23713 23714 5c7629c GetModuleHandleW 23713->23714 23717 5c77b7c 23713->23717 23715 5c77b50 23714->23715 23716 5c7629c GetModuleHandleW 23715->23716 23715->23717 23716->23717 23717->23694 23719 5c77cb0 GetModuleHandleW 23718->23719 23721 5c77d25 23719->23721 23721->23705 23723 5c7de10 KiUserCallbackDispatcher 23722->23723 23725 5c7de7e 23723->23725 23725->23676 23752 86d01c 23753 86d034 23752->23753 23754 86d08e 23753->23754 23759 5c78f02 23753->23759 23763 5c7761c 23753->23763 23771 5c78f10 23753->23771 23775 5c7d411 23753->23775 23760 5c78f10 23759->23760 23761 5c7761c CallWindowProcW 23760->23761 23762 5c78f57 23761->23762 23762->23754 23764 5c77627 23763->23764 23765 5c7d4a1 23764->23765 23767 5c7d491 23764->23767 23768 5c7d49f 23765->23768 23791 5c7c58c 23765->23791 23783 5c7d5c8 23767->23783 23787 5c7d5b8 23767->23787 23772 5c78f36 23771->23772 23773 5c7761c CallWindowProcW 23772->23773 23774 5c78f57 23773->23774 23774->23754 23777 5c7d41a 23775->23777 23776 5c7d4a1 23778 5c7c58c CallWindowProcW 23776->23778 23780 5c7d49f 23776->23780 23777->23776 23779 5c7d491 23777->23779 23778->23780 23781 5c7d5c8 CallWindowProcW 23779->23781 23782 5c7d5b8 CallWindowProcW 23779->23782 23781->23780 23782->23780 23785 5c7d5d6 23783->23785 23784 5c7c58c CallWindowProcW 23784->23785 23785->23784 23786 5c7d6b2 23785->23786 23786->23768 23789 5c7d5c8 23787->23789 23788 5c7c58c CallWindowProcW 23788->23789 23789->23788 23790 5c7d6b2 23789->23790 23790->23768 23792 5c7c597 23791->23792 23793 5c7d711 23792->23793 23794 5c7d762 CallWindowProcW 23792->23794 23793->23768 23794->23793 23726 5c77caa 23727 5c77cb0 GetModuleHandleW 23726->23727 23729 5c77d25 23727->23729 23730 5c7c5e8 23731 5c7c62e GetCurrentProcess 23730->23731 23733 5c7c680 GetCurrentThread 23731->23733 23734 5c7c679 23731->23734 23735 5c7c6b6 23733->23735 23736 5c7c6bd GetCurrentProcess 23733->23736 23734->23733 23735->23736 23737 5c7c6f3 23736->23737 23738 5c7c71b GetCurrentThreadId 23737->23738 23739 5c7c74c 23738->23739 23740 5c7e288 23741 5c7e293 23740->23741 23742 5c7e2a3 23741->23742 23744 5c7db3c 23741->23744 23745 5c7e2d8 OleInitialize 23744->23745 23746 5c7e33c 23745->23746 23746->23742 23795 5c78d58 23796 5c78dc0 CreateWindowExW 23795->23796 23798 5c78e7c 23796->23798

                                                Executed Functions

                                                Function 00A070B0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1169 a070b0-a07134 CheckRemoteDebuggerPresent 1171 a07136-a0713c 1169->1171 1172 a0713d-a07178 1169->1172 1171->1172
                                                APIs
                                                • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 00A07127
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2531829400.0000000000A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_a00000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: CheckDebuggerPresentRemote
                                                • String ID:
                                                • API String ID: 3662101638-0
                                                • Opcode ID: 573650e520b337221e6e03f6b07c1b16cb6df5cb8a4fff336bcb665d78ebc2a3
                                                • Instruction ID: 3986f8e49711c0747f1095cbf5ba6a17be8ffbcb9f56726f115977912eccd363
                                                • Opcode Fuzzy Hash: 573650e520b337221e6e03f6b07c1b16cb6df5cb8a4fff336bcb665d78ebc2a3
                                                • Instruction Fuzzy Hash: 262128718002598FDB10CF9AD444BEEFBF4AF49310F14846AE455A7390D778A944CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C7C5C8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 138threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • GetCurrentProcess.KERNEL32 ref: 05C7C666
                                                • GetCurrentThread.KERNEL32 ref: 05C7C6A3
                                                • GetCurrentProcess.KERNEL32 ref: 05C7C6E0
                                                • GetCurrentThreadId.KERNEL32 ref: 05C7C739
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: Current$ProcessThread
                                                • String ID: X]t
                                                • API String ID: 2063062207-3314757670
                                                • Opcode ID: 60f1dcde8b6dc57b542da3ff730c625f53921817e36230823f6edcbbd237eb6a
                                                • Instruction ID: 02662903d67293b02686075ce3769091fe892f2bbaa6124b99d030871e4d7add
                                                • Opcode Fuzzy Hash: 60f1dcde8b6dc57b542da3ff730c625f53921817e36230823f6edcbbd237eb6a
                                                • Instruction Fuzzy Hash: 355168B09007498FEB14CFA9D5487DEBBF1FF49314F208459E409A7351DB749984CB69
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C7C5E8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • GetCurrentProcess.KERNEL32 ref: 05C7C666
                                                • GetCurrentThread.KERNEL32 ref: 05C7C6A3
                                                • GetCurrentProcess.KERNEL32 ref: 05C7C6E0
                                                • GetCurrentThreadId.KERNEL32 ref: 05C7C739
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: Current$ProcessThread
                                                • String ID: X]t
                                                • API String ID: 2063062207-3314757670
                                                • Opcode ID: a06c1b1c5ea12f7bfa310975c7ba21360ab177b1c5d7c1516abdef7a3efda418
                                                • Instruction ID: 68c6e5fbde4312cc0c9e1c844787f3d551ea2ce5177ba8a4b21033b1d7cf58ac
                                                • Opcode Fuzzy Hash: a06c1b1c5ea12f7bfa310975c7ba21360ab177b1c5d7c1516abdef7a3efda418
                                                • Instruction Fuzzy Hash: DE5137B490074A8FDB14CFAAD548B9EBBF1FF48314F208459E409B7350DB74A984CB69
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C78D4E Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1093 5c78d4e-5c78dbe 1094 5c78dc0-5c78dc6 1093->1094 1095 5c78dc9-5c78dd0 1093->1095 1094->1095 1096 5c78dd2-5c78dd8 1095->1096 1097 5c78ddb-5c78e13 1095->1097 1096->1097 1098 5c78e1b-5c78e7a CreateWindowExW 1097->1098 1099 5c78e83-5c78ebb 1098->1099 1100 5c78e7c-5c78e82 1098->1100 1104 5c78ebd-5c78ec0 1099->1104 1105 5c78ec8 1099->1105 1100->1099 1104->1105 1106 5c78ec9 1105->1106 1106->1106
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05C78E6A
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID:
                                                • API String ID: 716092398-0
                                                • Opcode ID: 33b43c8a20e6d8ac0419efe610b54a739e1bd8cd6d61027e9a8fee3a2b0e1fd0
                                                • Instruction ID: f9c3414e3784e3ce98cfeb9c738ef9f163dab3b41968c9d56b145720bcb01837
                                                • Opcode Fuzzy Hash: 33b43c8a20e6d8ac0419efe610b54a739e1bd8cd6d61027e9a8fee3a2b0e1fd0
                                                • Instruction Fuzzy Hash: FB51CEB5D00309EFDB14CF9AC884ADEBBB1BF48300F24862AE419AB210D7749945CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C78D58 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1107 5c78d58-5c78dbe 1108 5c78dc0-5c78dc6 1107->1108 1109 5c78dc9-5c78dd0 1107->1109 1108->1109 1110 5c78dd2-5c78dd8 1109->1110 1111 5c78ddb-5c78e7a CreateWindowExW 1109->1111 1110->1111 1113 5c78e83-5c78ebb 1111->1113 1114 5c78e7c-5c78e82 1111->1114 1118 5c78ebd-5c78ec0 1113->1118 1119 5c78ec8 1113->1119 1114->1113 1118->1119 1120 5c78ec9 1119->1120 1120->1120
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05C78E6A
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID:
                                                • API String ID: 716092398-0
                                                • Opcode ID: 2bfd7cc65b5d3807a2c4daef3616c322759c2905ad180f828d5e6e36f0d28923
                                                • Instruction ID: ae7c592e8cc86e801d5a074da1e6ee06b3b279884228b16570fd30c45d5aeb69
                                                • Opcode Fuzzy Hash: 2bfd7cc65b5d3807a2c4daef3616c322759c2905ad180f828d5e6e36f0d28923
                                                • Instruction Fuzzy Hash: 1241C0B5D0030DAFDB14CF9AC884ADEBBB5BF48310F24852AE519AB210D7749945CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C7C58C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1121 5c7c58c-5c7d704 1124 5c7d7b4-5c7d7d4 call 5c7761c 1121->1124 1125 5c7d70a-5c7d70f 1121->1125 1132 5c7d7d7-5c7d7e4 1124->1132 1127 5c7d762-5c7d79a CallWindowProcW 1125->1127 1128 5c7d711-5c7d748 1125->1128 1130 5c7d7a3-5c7d7b2 1127->1130 1131 5c7d79c-5c7d7a2 1127->1131 1135 5c7d751-5c7d760 1128->1135 1136 5c7d74a-5c7d750 1128->1136 1130->1132 1131->1130 1135->1132 1136->1135
                                                APIs
                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 05C7D789
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: CallProcWindow
                                                • String ID:
                                                • API String ID: 2714655100-0
                                                • Opcode ID: 443d3c6ca86cccd00b0b54f780278a21627784afca04ff1649db75dd57298c4e
                                                • Instruction ID: c58a212790bdfb7e763aa89ea1b91b3ffaa7ff001d96966a6769c6e7dca6d17b
                                                • Opcode Fuzzy Hash: 443d3c6ca86cccd00b0b54f780278a21627784afca04ff1649db75dd57298c4e
                                                • Instruction Fuzzy Hash: D1411DB8900349CFDB14CF59C488AAABBF5FF88314F24C899D51AA7725D374A941CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C7E414 Relevance: 1.6, APIs: 1, Instructions: 72comclipboardCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1138 5c7e414-5c7e470 1139 5c7e47a-5c7e4b8 OleGetClipboard 1138->1139 1140 5c7e4c1-5c7e50f 1139->1140 1141 5c7e4ba-5c7e4c0 1139->1141 1146 5c7e511-5c7e515 1140->1146 1147 5c7e51f 1140->1147 1141->1140 1146->1147 1148 5c7e517 1146->1148 1149 5c7e520 1147->1149 1148->1147 1149->1149
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: Clipboard
                                                • String ID:
                                                • API String ID: 220874293-0
                                                • Opcode ID: cc8902ef0b316a8e80e37bde2333300dfd50910f647730b9965a38d2b95dbf8f
                                                • Instruction ID: d7d19375b03903eaeaea1ab5a4d36366f5a01cd2a53e22899c679839726d369a
                                                • Opcode Fuzzy Hash: cc8902ef0b316a8e80e37bde2333300dfd50910f647730b9965a38d2b95dbf8f
                                                • Instruction Fuzzy Hash: 41310FB5D0124CDFDB10CFA9C588BCDBBF5BB48304F248469E005AB390DBB4A949CB65
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C7E420 Relevance: 1.6, APIs: 1, Instructions: 71comclipboardCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1150 5c7e420-5c7e4b8 OleGetClipboard 1152 5c7e4c1-5c7e50f 1150->1152 1153 5c7e4ba-5c7e4c0 1150->1153 1158 5c7e511-5c7e515 1152->1158 1159 5c7e51f 1152->1159 1153->1152 1158->1159 1160 5c7e517 1158->1160 1161 5c7e520 1159->1161 1160->1159 1161->1161
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: Clipboard
                                                • String ID:
                                                • API String ID: 220874293-0
                                                • Opcode ID: 0d8b60dae2496da9881765f5bd5e8fecd8ca2d1e15194938d5500f4bc31fb236
                                                • Instruction ID: b7191e04d57031018923e3a1078281503a2be8fc6ba01a62f376f35a935a953b
                                                • Opcode Fuzzy Hash: 0d8b60dae2496da9881765f5bd5e8fecd8ca2d1e15194938d5500f4bc31fb236
                                                • Instruction Fuzzy Hash: 53310EB190120CDFDB10CFA9C988B8EBBF9BF48314F248459E405BB390DBB4A944CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A070A8 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1162 a070a8-a07134 CheckRemoteDebuggerPresent 1165 a07136-a0713c 1162->1165 1166 a0713d-a07178 1162->1166 1165->1166
                                                APIs
                                                • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 00A07127
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2531829400.0000000000A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A00000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_a00000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: CheckDebuggerPresentRemote
                                                • String ID:
                                                • API String ID: 3662101638-0
                                                • Opcode ID: 0a7b7a31e5d52f0f3af077a7bab6c1a46dbab586c40524b6b699913611fac7de
                                                • Instruction ID: e7f7e915d0a00cc20c144123530f35f11b17f4ea0c4994a72e3eaa3af48009d7
                                                • Opcode Fuzzy Hash: 0a7b7a31e5d52f0f3af077a7bab6c1a46dbab586c40524b6b699913611fac7de
                                                • Instruction Fuzzy Hash: 7A2148B680121ACFDB00CF9AD580BEEFBF4AF49310F24846AD455A7390D778A945CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C7C828 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1175 5c7c828-5c7c8c4 DuplicateHandle 1176 5c7c8c6-5c7c8cc 1175->1176 1177 5c7c8cd-5c7c8ea 1175->1177 1176->1177
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05C7C8B7
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 7f1bcd729fee06585cb98bab058a0f51540610b8f0c5890c651bcc7bef0de3ea
                                                • Instruction ID: e0fa58d7261706e4096c892abf82b28de0557344e43eb593f4ae98716f803621
                                                • Opcode Fuzzy Hash: 7f1bcd729fee06585cb98bab058a0f51540610b8f0c5890c651bcc7bef0de3ea
                                                • Instruction Fuzzy Hash: 6E21E0B59012499FDB10CFAAD984AEEBBF5FB48310F14846AE958A3750D378A944CF60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C7C830 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1180 5c7c830-5c7c8c4 DuplicateHandle 1181 5c7c8c6-5c7c8cc 1180->1181 1182 5c7c8cd-5c7c8ea 1180->1182 1181->1182
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05C7C8B7
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 0c00cb11674ceb0312384fcee0f280efc7433328c39df56dd5a2553090922ceb
                                                • Instruction ID: 2925057245e33bbd77376745f2f480ea3951b64c4db4fddf27d1f665e7effe6f
                                                • Opcode Fuzzy Hash: 0c00cb11674ceb0312384fcee0f280efc7433328c39df56dd5a2553090922ceb
                                                • Instruction Fuzzy Hash: 5421C4B59002499FDB10CF9AD584ADEBBF4FB48310F14845AE914A3350D378A954CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C7629C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1185 5c7629c-5c77cf0 1187 5c77cf2-5c77cf5 1185->1187 1188 5c77cf8-5c77d23 GetModuleHandleW 1185->1188 1187->1188 1189 5c77d25-5c77d2b 1188->1189 1190 5c77d2c-5c77d40 1188->1190 1189->1190
                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 05C77D16
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: fd12c04236f26241737663d62dc4ebbeb9bcb8040f4033fa3e88b77bfc8864f5
                                                • Instruction ID: e8f817aeeb89b0a587cf9b18e238e3d2caedb6485baf9f8befed9f266bc391f0
                                                • Opcode Fuzzy Hash: fd12c04236f26241737663d62dc4ebbeb9bcb8040f4033fa3e88b77bfc8864f5
                                                • Instruction Fuzzy Hash: 8A11F0B580074D8BDB10CF9AC544B9EFBF5EB49214F10882AD819B7610D379A645CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C77CAA Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1192 5c77caa-5c77cf0 1194 5c77cf2-5c77cf5 1192->1194 1195 5c77cf8-5c77d23 GetModuleHandleW 1192->1195 1194->1195 1196 5c77d25-5c77d2b 1195->1196 1197 5c77d2c-5c77d40 1195->1197 1196->1197
                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 05C77D16
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 3e3be85cd96ea2ddff79eef9c1cff6d419b818520f3469067050fc5733f89ebe
                                                • Instruction ID: f4a1893904a3c8c5d6eb757c9a7ed9fa6e0916a31cf88bf51d2020f9f12183a5
                                                • Opcode Fuzzy Hash: 3e3be85cd96ea2ddff79eef9c1cff6d419b818520f3469067050fc5733f89ebe
                                                • Instruction Fuzzy Hash: 1B11D2B6C006498FDB10CF9AD544BDEFBF4EB49210F10882AD519B7610D379A645CFA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C7D904 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                Download Yara Rule
                                                APIs
                                                • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,05C7DDE5), ref: 05C7DE6F
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: CallbackDispatcherUser
                                                • String ID:
                                                • API String ID: 2492992576-0
                                                • Opcode ID: 621126b3ace2febb3129bc6087340527749c87895c6ec33936f0329dcbab514a
                                                • Instruction ID: 9dbc3d554667a43ae59f3d560ebec92425704dd548f0e939981db1f68a694fb5
                                                • Opcode Fuzzy Hash: 621126b3ace2febb3129bc6087340527749c87895c6ec33936f0329dcbab514a
                                                • Instruction Fuzzy Hash: 9011FEB58002498FDB20DF9AD484BAEBBF4EB49320F20885AD519A7650D379A944CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C7DB3C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                Download Yara Rule
                                                APIs
                                                • OleInitialize.OLE32(00000000), ref: 05C7E32D
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: Initialize
                                                • String ID:
                                                • API String ID: 2538663250-0
                                                • Opcode ID: 0539dd3aa584bf5680e9d9f552b9b9bff64eb53e1532f1373881e738793eaf1e
                                                • Instruction ID: 2173e5d7d361b75ac612f7a86cb02be4bf989dd27b332e962dd4537b906ddd2a
                                                • Opcode Fuzzy Hash: 0539dd3aa584bf5680e9d9f552b9b9bff64eb53e1532f1373881e738793eaf1e
                                                • Instruction Fuzzy Hash: 381115B58043498FDB10DFAAD444BDEFBF8EB48210F108469D559A7700D378A944CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C7E2D1 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
                                                Download Yara Rule
                                                APIs
                                                • OleInitialize.OLE32(00000000), ref: 05C7E32D
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: Initialize
                                                • String ID:
                                                • API String ID: 2538663250-0
                                                • Opcode ID: 4f7aac47d572c411b0c7a2837cc4860deaafdb87b769d4064371dbc8e5038484
                                                • Instruction ID: d8167f1b3a27ba8eca38fe415e6fa099ab2e08da7de075830a972db70722085a
                                                • Opcode Fuzzy Hash: 4f7aac47d572c411b0c7a2837cc4860deaafdb87b769d4064371dbc8e5038484
                                                • Instruction Fuzzy Hash: B41112B58003498FDB10DFAAD484BDEBBF8EB48220F24885AD559A3700D378A544CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05C7DE09 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                Download Yara Rule
                                                APIs
                                                • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,05C7DDE5), ref: 05C7DE6F
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2535127269.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_5c70000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID: CallbackDispatcherUser
                                                • String ID:
                                                • API String ID: 2492992576-0
                                                • Opcode ID: 86918eb85ab9faeacd4a2b0a65f62b527a5dca2f9ab19b02afc494cc100b50a0
                                                • Instruction ID: d01c43d8af36c5910b8bf3e0f5def3621cd6b2cf73efabb0bd92c935e7577dbe
                                                • Opcode Fuzzy Hash: 86918eb85ab9faeacd4a2b0a65f62b527a5dca2f9ab19b02afc494cc100b50a0
                                                • Instruction Fuzzy Hash: 931112B58002498FDB10CF9AC584BDEBBF4FF48320F20881AD519A7750D378A944CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0086D01C Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2531604537.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_86d000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e967009b1a7cba6ceee5d5089944385e3028af1036ab391fecb93ba63c0e4b8
                                                • Instruction ID: fb603b64ade2abe4fa0176d00cf5db1c6ea36eac0366ff3367b6b3b496ab1eda
                                                • Opcode Fuzzy Hash: 7e967009b1a7cba6ceee5d5089944385e3028af1036ab391fecb93ba63c0e4b8
                                                • Instruction Fuzzy Hash: 1A21F275A04744DFDB14DF10D9C0B26BB65FB88318F24C569E80A8B286C73BD847CAA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0086D017 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.2531604537.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_86d000_aspnet_compiler.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                                                • Instruction ID: 25fe9c1b3b36758c27e3b8403670f9c81ca13fc70cf04ab7602461aba0d3a6d7
                                                • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                                                • Instruction Fuzzy Hash: F0118E75A04780DFCB15CF14D5C4B15BB62FB84314F24C6AAD8498B696C33AD84ACB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%