Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quotation - HDPE Fittings.exe

Overview

General Information

Sample name:Quotation - HDPE Fittings.exe
Analysis ID:1417527
MD5:10f4c53cf6490bcf1f1cf0f3a88250de
SHA1:4e9d7fd3c9651c205f72a6c696c656e7ae84a9d8
SHA256:af83c0d8ccb38c430dce3b0c4a18eeda3c91832ae8bb432a9614619fd5727e7b
Tags:exe
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Tries to load missing DLLs
Uses 32bit PE files
Uses SMTP (mail sending)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.3229813317.0000000002D0E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000003.00000002.3229813317.0000000002D39000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000000.00000002.1998316965.0000000007450000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000003.00000002.3228561843.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000003.00000002.3228561843.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 10 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Quotation - HDPE Fittings.exe.32c620c.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.Quotation - HDPE Fittings.exe.7450000.11.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.Quotation - HDPE Fittings.exe.32c620c.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0.2.Quotation - HDPE Fittings.exe.7450000.11.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    0.2.Quotation - HDPE Fittings.exe.4580540.9.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 16 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Suspicious Outbound SMTP Connections
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 208.91.199.225, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe, Initiated: true, ProcessId: 5440, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49706

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: Quotation - HDPE Fittings.exeAvira: detected
                      Multi AV Scanner detection for submitted file
                      Source: Quotation - HDPE Fittings.exeReversingLabs: Detection: 28%
                      Source: Quotation - HDPE Fittings.exeVirustotal: Detection: 38%Perma Link
                      Machine Learning detection for sample
                      Source: Quotation - HDPE Fittings.exeJoe Sandbox ML: detected
                      Source: Quotation - HDPE Fittings.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: Quotation - HDPE Fittings.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: CZUl.pdbSHA256 source: Quotation - HDPE Fittings.exe
                      Source: Binary string: CZUl.pdb source: Quotation - HDPE Fittings.exe

                      Networking

                      barindex
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.45baf60.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, type: UNPACKEDPE
                      Source: global trafficTCP traffic: 192.168.2.5:49706 -> 208.91.199.225:587
                      Source: Joe Sandbox ViewIP Address: 208.91.199.225 208.91.199.225
                      Source: global trafficTCP traffic: 192.168.2.5:49706 -> 208.91.199.225:587
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownDNS traffic detected: queries for: us2.smtp.mailhostbox.com
                      Source: Quotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3233170604.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.00000000010C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                      Source: Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.0000000001110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                      Source: Quotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3233170604.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.00000000010C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
                      Source: Quotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3233170604.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.00000000010C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: Quotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3233170604.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.00000000010C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0A
                      Source: Quotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://us2.smtp.mailhostbox.com
                      Source: Quotation - HDPE Fittings.exe, 00000000.00000002.1993283962.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228561843.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: Quotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3233170604.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.00000000010C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to log keystrokes (.Net Source)
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, oAKy.cs.Net Code: KUbbKSnz
                      Source: 0.2.Quotation - HDPE Fittings.exe.45baf60.7.raw.unpack, oAKy.cs.Net Code: KUbbKSnz

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 3.2.Quotation - HDPE Fittings.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Quotation - HDPE Fittings.exe.45baf60.7.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Quotation - HDPE Fittings.exe.45baf60.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: Quotation - HDPE Fittings.exe
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 0_2_0308E16C0_2_0308E16C
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 0_2_03084B000_2_03084B00
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 0_2_07E357900_2_07E35790
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 0_2_07E335E00_2_07E335E0
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 0_2_07E331A80_2_07E331A8
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 0_2_07E39E100_2_07E39E10
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 0_2_07E32D700_2_07E32D70
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 0_2_07E33A180_2_07E33A18
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_05203E803_2_05203E80
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_05209B283_2_05209B28
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_05204A983_2_05204A98
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_052041C83_2_052041C8
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_0520D2703_2_0520D270
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_062C2EE83_2_062C2EE8
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_062C56C83_2_062C56C8
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_062C3F403_2_062C3F40
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_062CBCF83_2_062CBCF8
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_062CDCF83_2_062CDCF8
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_062C9AD83_2_062C9AD8
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_062C8B803_2_062C8B80
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_062C00403_2_062C0040
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_062C36373_2_062C3637
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_062C4FE83_2_062C4FE8
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeCode function: 3_2_0520D2633_2_0520D263
                      Source: Quotation - HDPE Fittings.exe, 00000000.00000002.1990996811.000000000139E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Quotation - HDPE Fittings.exe
                      Source: Quotation - HDPE Fittings.exe, 00000000.00000002.1998832361.00000000078B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Quotation - HDPE Fittings.exe
                      Source: Quotation - HDPE Fittings.exe, 00000000.00000002.1993283962.000000000447E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename63f2af02-233f-4c92-980c-0e5565db4b11.exe4 vs Quotation - HDPE Fittings.exe
                      Source: Quotation - HDPE Fittings.exe, 00000000.00000002.1993283962.000000000447E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Quotation - HDPE Fittings.exe
                      Source: Quotation - HDPE Fittings.exe, 00000000.00000000.1982055927.0000000000F4A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCZUl.exe2 vs Quotation - HDPE Fittings.exe
                      Source: Quotation - HDPE Fittings.exe, 00000000.00000002.1992626012.0000000003307000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename63f2af02-233f-4c92-980c-0e5565db4b11.exe4 vs Quotation - HDPE Fittings.exe
                      Source: Quotation - HDPE Fittings.exe, 00000003.00000002.3228790881.0000000000EF9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Quotation - HDPE Fittings.exe
                      Source: Quotation - HDPE Fittings.exe, 00000003.00000002.3228561843.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename63f2af02-233f-4c92-980c-0e5565db4b11.exe4 vs Quotation - HDPE Fittings.exe
                      Source: Quotation - HDPE Fittings.exeBinary or memory string: OriginalFilenameCZUl.exe2 vs Quotation - HDPE Fittings.exe
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeSection loaded: msasn1.dllJump to behavior
                      Source: Quotation - HDPE Fittings.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 3.2.Quotation - HDPE Fittings.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Quotation - HDPE Fittings.exe.45baf60.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Quotation - HDPE Fittings.exe.45baf60.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: Quotation - HDPE Fittings.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 0.2.Quotation - HDPE Fittings.exe.32c620c.0.raw.unpack, AJO8kvyDr8qxYWB5Qt.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Quotation - HDPE Fittings.exe.32c620c.0.raw.unpack, AJO8kvyDr8qxYWB5Qt.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, ekKu0.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, vKf1z6NvS.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, ZNAvlD7qmXc.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, U2doU2.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, BgffYko.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, HrTdA63.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, Vvp22TrBv9g.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, Vvp22TrBv9g.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, Vvp22TrBv9g.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, Vvp22TrBv9g.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, ALeZd5HJXthoYYUxWS.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, ALeZd5HJXthoYYUxWS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, ALeZd5HJXthoYYUxWS.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, EqxeUBhVqo82x8DKXi.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, ALeZd5HJXthoYYUxWS.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, ALeZd5HJXthoYYUxWS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, ALeZd5HJXthoYYUxWS.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, EqxeUBhVqo82x8DKXi.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Quotation - HDPE Fittings.exe.332d128.2.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                      Source: 0.2.Quotation - HDPE Fittings.exe.32e07b0.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                      Source: 0.2.Quotation - HDPE Fittings.exe.32e87c8.3.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                      Source: 0.2.Quotation - HDPE Fittings.exe.5d90000.10.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@1/1
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quotation - HDPE Fittings.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMutant created: NULL
                      Source: Quotation - HDPE Fittings.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Quotation - HDPE Fittings.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Quotation - HDPE Fittings.exeReversingLabs: Detection: 28%
                      Source: Quotation - HDPE Fittings.exeVirustotal: Detection: 38%
                      Source: unknownProcess created: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe "C:\Users\user\Desktop\Quotation - HDPE Fittings.exe"
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess created: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe "C:\Users\user\Desktop\Quotation - HDPE Fittings.exe"
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess created: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe "C:\Users\user\Desktop\Quotation - HDPE Fittings.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: Quotation - HDPE Fittings.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Quotation - HDPE Fittings.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Quotation - HDPE Fittings.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: CZUl.pdbSHA256 source: Quotation - HDPE Fittings.exe
                      Source: Binary string: CZUl.pdb source: Quotation - HDPE Fittings.exe

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.Quotation - HDPE Fittings.exe.32c620c.0.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 0.2.Quotation - HDPE Fittings.exe.7450000.11.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: Quotation - HDPE Fittings.exe, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                      Source: 0.2.Quotation - HDPE Fittings.exe.32c620c.0.raw.unpack, I1Ds3abkUA5mh3kywv.cs.Net Code: hyVW2X9uL System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.Quotation - HDPE Fittings.exe.7450000.11.raw.unpack, I1Ds3abkUA5mh3kywv.cs.Net Code: hyVW2X9uL System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, ALeZd5HJXthoYYUxWS.cs.Net Code: G6oFW7U3bH System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, ALeZd5HJXthoYYUxWS.cs.Net Code: G6oFW7U3bH System.Reflection.Assembly.Load(byte[])
                      Source: Quotation - HDPE Fittings.exeStatic PE information: section name: .text entropy: 7.964661054278462
                      Source: 0.2.Quotation - HDPE Fittings.exe.32c620c.0.raw.unpack, R87QTajabri3WprdxA.csHigh entropy of concatenated method names: 'SoFXXYTXBr', 'VXePqW7LxoGttIrQMM', 'VJKqh4rSy8UE5CPs2d', 'w7T6rNymrPsVe05ZjX', 'Qa5usbZfG', 'UsaN6r2JI', 'Dispose', 'xdE70OV1R', 'WKG8Nh2TLfQX7DMBJq', 'FCyDZoO16YhsTUYx7V'
                      Source: 0.2.Quotation - HDPE Fittings.exe.32c620c.0.raw.unpack, I1Ds3abkUA5mh3kywv.csHigh entropy of concatenated method names: 'I6pnpGMEc', 'pUPSoKeTB', 'w3OonGh86', 'S3aaCOvyF', 'MagvcleIh', 'hvmph4XfL', 'eXtqEM8mO', 'RC38AH4Bb', 'hyVW2X9uL', 'AbHynsT40'
                      Source: 0.2.Quotation - HDPE Fittings.exe.32c620c.0.raw.unpack, AJO8kvyDr8qxYWB5Qt.csHigh entropy of concatenated method names: 'sRJJ4PC1lt6MgSX9oLN', 'qCuPUJCYMdGJYrcKdqj', 'T9OMNMJAsS', 'KH71sVC96gudd8OjhqS', 'qSoaq8CnboJYXbPCm1H', 'XtbiVDCeUWVlZdG2V08', 'D2TFRiCIaLSytg31rTE', 'MtxGm4CM57HGXUKQMIN', 'RgtTUJcyZL', 'eFmMT9Tlnp'
                      Source: 0.2.Quotation - HDPE Fittings.exe.32c620c.0.raw.unpack, QEHxtuXFnnkJABhbAo.csHigh entropy of concatenated method names: 'Geosg7Hdn', 'wwIBOnTmd', 'siWV4YECO', 'k32FNitut', 'cUAG5mh3k', 'JwvHwu9Dw', 'cr1hyajqeLqaQ4F9dK', 'Pgut89mcfAIn6Hs5oN', 'Dispose', 'MoveNext'
                      Source: 0.2.Quotation - HDPE Fittings.exe.7450000.11.raw.unpack, R87QTajabri3WprdxA.csHigh entropy of concatenated method names: 'SoFXXYTXBr', 'VXePqW7LxoGttIrQMM', 'VJKqh4rSy8UE5CPs2d', 'w7T6rNymrPsVe05ZjX', 'Qa5usbZfG', 'UsaN6r2JI', 'Dispose', 'xdE70OV1R', 'WKG8Nh2TLfQX7DMBJq', 'FCyDZoO16YhsTUYx7V'
                      Source: 0.2.Quotation - HDPE Fittings.exe.7450000.11.raw.unpack, I1Ds3abkUA5mh3kywv.csHigh entropy of concatenated method names: 'I6pnpGMEc', 'pUPSoKeTB', 'w3OonGh86', 'S3aaCOvyF', 'MagvcleIh', 'hvmph4XfL', 'eXtqEM8mO', 'RC38AH4Bb', 'hyVW2X9uL', 'AbHynsT40'
                      Source: 0.2.Quotation - HDPE Fittings.exe.7450000.11.raw.unpack, AJO8kvyDr8qxYWB5Qt.csHigh entropy of concatenated method names: 'sRJJ4PC1lt6MgSX9oLN', 'qCuPUJCYMdGJYrcKdqj', 'T9OMNMJAsS', 'KH71sVC96gudd8OjhqS', 'qSoaq8CnboJYXbPCm1H', 'XtbiVDCeUWVlZdG2V08', 'D2TFRiCIaLSytg31rTE', 'MtxGm4CM57HGXUKQMIN', 'RgtTUJcyZL', 'eFmMT9Tlnp'
                      Source: 0.2.Quotation - HDPE Fittings.exe.7450000.11.raw.unpack, QEHxtuXFnnkJABhbAo.csHigh entropy of concatenated method names: 'Geosg7Hdn', 'wwIBOnTmd', 'siWV4YECO', 'k32FNitut', 'cUAG5mh3k', 'JwvHwu9Dw', 'cr1hyajqeLqaQ4F9dK', 'Pgut89mcfAIn6Hs5oN', 'Dispose', 'MoveNext'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, a46dcsYb1GN3dxPSDA.csHigh entropy of concatenated method names: 'HvleVTx6N9', 'mbCe9V2PGe', 'zameFKHJPQ', 'p7Hecd0Yab', 'IkReTice7q', 'QEme3x01fS', 'GYUe8CRS7K', 'aBruO5xQXO', 'uoBuqOrG3D', 'c2GulKkcQe'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, djKh8xEt83OqpKAHwP.csHigh entropy of concatenated method names: 'Dispose', 'sN1Vlfbydm', 'uRJBMW7V5q', 'N9CPP1GntJ', 'K4pVdtftQV', 'VfjVz3JYgZ', 'ProcessDialogKey', 'vKrBRsGKFM', 'rLJBVHkjfC', 'hQ3BBuQeIq'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, EqxeUBhVqo82x8DKXi.csHigh entropy of concatenated method names: 'TZeTmSLVxt', 'AmATZImUOP', 'fX9TDHXuZq', 'LvyTxy4wFL', 'zbvTNro3Kh', 'HFtToIXIel', 'oVvTOnCS99', 'lg5TqPkUYB', 'nFITlndOry', 'SKBTdVX2Q4'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, hfwFV3FmMvVZ0YY3k3r.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'P5oHmSThlo', 'JvRHZ6RS5T', 'fpAHDT7toV', 'oMBHxJAW1Y', 'axLHN8lFfm', 'gwoHoEs32P', 'h3OHOnS8uL'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, n8FAScXDo3hTORQODp.csHigh entropy of concatenated method names: 'ihMuaYLxng', 'tbyuMPp6L4', 'IihunX4V8n', 'KUTurIerW2', 'oWrumtodGH', 'f6nuwXAxoD', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, VhwjYgQqmToFMGt556.csHigh entropy of concatenated method names: 'ka8WGTCIo', 'cjmbGrjfp', 'keXIEbGQq', 'Kr8kiwUcb', 'pJIgyaibq', 'lamyoccV3', 'PkaknYLSyNuZ1CCSQ8', 'GXebrBTcCASvU0Na9Y', 'FnhuJIdu1', 'JHpHr6vhv'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, tawH8fv8SB1ReFJSW9.csHigh entropy of concatenated method names: 'JgwucvlQq5', 'eekuT87i37', 'hNkupCBijo', 'cUnu3QPDbn', 'BZ7u80Ocsi', 'cfMuhHR5pr', 'koluK9rYbK', 'eP4u0gP9Tt', 'vY9uLIUwcE', 'QVYuCtNv1V'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, a18ITTFDe4mAm2pjlkU.csHigh entropy of concatenated method names: 'nFjeXwdL0A', 'SxVeSJ0vab', 'b7EeWFGmGB', 'A8debvYTXj', 'SFheExrCvN', 'GQSeIZyHd3', 'XDdekgrsUB', 'HXhe7g522T', 'zxyegO6oyG', 'srKeyDhG7I'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, q6AE4JCLvVtUywONIH.csHigh entropy of concatenated method names: 'IbMhX6U6e3', 'uxRhSieuaU', 'P8bhWfhvm0', 'MAmhbcZhZ7', 'GYvhEtQWvI', 'WSNhIsngqi', 'OovhkfnUYr', 'Df8h7QqCU5', 'C4xhggUm0O', 'uXohy80YQk'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, hwZhGlsPbIM6or59Pl.csHigh entropy of concatenated method names: 'vWei7jZrRd', 'IMmigykMJw', 'B9lia8Bd3L', 'HZriM7VJ5M', 'QcSiro7WNN', 'KeoiwHnvUO', 'iJCisStF1M', 'enhi6QRD3d', 'Tc3iA5KDq2', 'UwEijBEW1u'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, VfbPmZZaOY1UguhsMy.csHigh entropy of concatenated method names: 'mmV5qrWvFR', 'mvV5dvpFah', 'XocuR3EKrM', 'sIkuVIVvHV', 'Qxr5jUuomn', 'bBS5flUTu2', 'j8t5QUFTys', 'W085m6Pu7C', 'OH95Z6mwHX', 'xG45DOQfPt'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, lIkIQEzIf2H0Hk8Glb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'He6eiRShpW', 'mLeeJRAqhD', 'HGUe49odxI', 'rTse5tCLN0', 'ShYeuoDiXT', 'OXNee8AfmH', 'LlbeHM4R2c'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, fAWMe6Kf8MjVUNnRA8.csHigh entropy of concatenated method names: 'i5X3EjNgle', 'OrM3kDbuX5', 'DdSpnZBrsx', 'UxFprOjrXB', 'cLMpwQ4O0X', 'KNppGWitbF', 'TxvpsGe42s', 'xanp67LyAr', 'P5tpYAZfap', 'bOMpAevt0p'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, HC51PMMstdLFKtk3dK.csHigh entropy of concatenated method names: 'MI8JAqnH7N', 'iV8Jf0Mhu9', 'JrGJme9EhC', 'YgSJZOTLuh', 'QmBJM4kZ8P', 'ticJn9I8xa', 'kVGJrpyEw6', 'kyTJwtcPSW', 'DxIJG4yk4y', 'jyVJsdOLZx'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, R1nIVrArAGh1fWubMB.csHigh entropy of concatenated method names: 'oyYVh4VUrF', 'q2GVKQ44Y1', 'sAeVLynrA5', 'UFtVCrmsIU', 'KsbVJvlWft', 'Dv3V4BLMKy', 'l2aoOTlZa1KkWsyaHA', 'SWy20hOsF3uyCjL4DV', 'ceKVVNjvFP', 'sONV9YD8cE'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, MveMJY969xsZHNoDdw.csHigh entropy of concatenated method names: 'i7T8vP07ui', 'vJN8Tm61u7', 'vvM83MwFLE', 'c1J8hBPDTp', 'Y7i8KKUfOj', 'FZ83NfGoo3', 'ynR3o91imQ', 'm7F3OHYmUn', 'lEc3qTmZhB', 'OFd3lIlV4W'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, ALeZd5HJXthoYYUxWS.csHigh entropy of concatenated method names: 'WKK9vZ1Stu', 'OyW9ckYQ2v', 'fuV9T9rHcQ', 'WOv9pEEmvw', 'Jg993Xrc6R', 'Wbv98QlPFg', 'BpV9hfI1h9', 'doI9Ko8gWF', 'TgE904GxEc', 'IiT9LA5FgA'
                      Source: 0.2.Quotation - HDPE Fittings.exe.78b0000.12.raw.unpack, AT2Tlt6QMO42fi70Pf.csHigh entropy of concatenated method names: 'yohpbXkV4y', 'r3SpI58ORA', 'bKQp7mNrCL', 'eovpg8OyAT', 'j3NpJaVsju', 'RBkp4qBlLc', 'BbJp50rlCw', 'rTupuaWUY8', 'G5hpeDEqUY', 'UCqpHRwKcK'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, a46dcsYb1GN3dxPSDA.csHigh entropy of concatenated method names: 'HvleVTx6N9', 'mbCe9V2PGe', 'zameFKHJPQ', 'p7Hecd0Yab', 'IkReTice7q', 'QEme3x01fS', 'GYUe8CRS7K', 'aBruO5xQXO', 'uoBuqOrG3D', 'c2GulKkcQe'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, djKh8xEt83OqpKAHwP.csHigh entropy of concatenated method names: 'Dispose', 'sN1Vlfbydm', 'uRJBMW7V5q', 'N9CPP1GntJ', 'K4pVdtftQV', 'VfjVz3JYgZ', 'ProcessDialogKey', 'vKrBRsGKFM', 'rLJBVHkjfC', 'hQ3BBuQeIq'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, EqxeUBhVqo82x8DKXi.csHigh entropy of concatenated method names: 'TZeTmSLVxt', 'AmATZImUOP', 'fX9TDHXuZq', 'LvyTxy4wFL', 'zbvTNro3Kh', 'HFtToIXIel', 'oVvTOnCS99', 'lg5TqPkUYB', 'nFITlndOry', 'SKBTdVX2Q4'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, hfwFV3FmMvVZ0YY3k3r.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'P5oHmSThlo', 'JvRHZ6RS5T', 'fpAHDT7toV', 'oMBHxJAW1Y', 'axLHN8lFfm', 'gwoHoEs32P', 'h3OHOnS8uL'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, n8FAScXDo3hTORQODp.csHigh entropy of concatenated method names: 'ihMuaYLxng', 'tbyuMPp6L4', 'IihunX4V8n', 'KUTurIerW2', 'oWrumtodGH', 'f6nuwXAxoD', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, VhwjYgQqmToFMGt556.csHigh entropy of concatenated method names: 'ka8WGTCIo', 'cjmbGrjfp', 'keXIEbGQq', 'Kr8kiwUcb', 'pJIgyaibq', 'lamyoccV3', 'PkaknYLSyNuZ1CCSQ8', 'GXebrBTcCASvU0Na9Y', 'FnhuJIdu1', 'JHpHr6vhv'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, tawH8fv8SB1ReFJSW9.csHigh entropy of concatenated method names: 'JgwucvlQq5', 'eekuT87i37', 'hNkupCBijo', 'cUnu3QPDbn', 'BZ7u80Ocsi', 'cfMuhHR5pr', 'koluK9rYbK', 'eP4u0gP9Tt', 'vY9uLIUwcE', 'QVYuCtNv1V'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, a18ITTFDe4mAm2pjlkU.csHigh entropy of concatenated method names: 'nFjeXwdL0A', 'SxVeSJ0vab', 'b7EeWFGmGB', 'A8debvYTXj', 'SFheExrCvN', 'GQSeIZyHd3', 'XDdekgrsUB', 'HXhe7g522T', 'zxyegO6oyG', 'srKeyDhG7I'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, q6AE4JCLvVtUywONIH.csHigh entropy of concatenated method names: 'IbMhX6U6e3', 'uxRhSieuaU', 'P8bhWfhvm0', 'MAmhbcZhZ7', 'GYvhEtQWvI', 'WSNhIsngqi', 'OovhkfnUYr', 'Df8h7QqCU5', 'C4xhggUm0O', 'uXohy80YQk'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, hwZhGlsPbIM6or59Pl.csHigh entropy of concatenated method names: 'vWei7jZrRd', 'IMmigykMJw', 'B9lia8Bd3L', 'HZriM7VJ5M', 'QcSiro7WNN', 'KeoiwHnvUO', 'iJCisStF1M', 'enhi6QRD3d', 'Tc3iA5KDq2', 'UwEijBEW1u'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, VfbPmZZaOY1UguhsMy.csHigh entropy of concatenated method names: 'mmV5qrWvFR', 'mvV5dvpFah', 'XocuR3EKrM', 'sIkuVIVvHV', 'Qxr5jUuomn', 'bBS5flUTu2', 'j8t5QUFTys', 'W085m6Pu7C', 'OH95Z6mwHX', 'xG45DOQfPt'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, lIkIQEzIf2H0Hk8Glb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'He6eiRShpW', 'mLeeJRAqhD', 'HGUe49odxI', 'rTse5tCLN0', 'ShYeuoDiXT', 'OXNee8AfmH', 'LlbeHM4R2c'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, fAWMe6Kf8MjVUNnRA8.csHigh entropy of concatenated method names: 'i5X3EjNgle', 'OrM3kDbuX5', 'DdSpnZBrsx', 'UxFprOjrXB', 'cLMpwQ4O0X', 'KNppGWitbF', 'TxvpsGe42s', 'xanp67LyAr', 'P5tpYAZfap', 'bOMpAevt0p'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, HC51PMMstdLFKtk3dK.csHigh entropy of concatenated method names: 'MI8JAqnH7N', 'iV8Jf0Mhu9', 'JrGJme9EhC', 'YgSJZOTLuh', 'QmBJM4kZ8P', 'ticJn9I8xa', 'kVGJrpyEw6', 'kyTJwtcPSW', 'DxIJG4yk4y', 'jyVJsdOLZx'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, R1nIVrArAGh1fWubMB.csHigh entropy of concatenated method names: 'oyYVh4VUrF', 'q2GVKQ44Y1', 'sAeVLynrA5', 'UFtVCrmsIU', 'KsbVJvlWft', 'Dv3V4BLMKy', 'l2aoOTlZa1KkWsyaHA', 'SWy20hOsF3uyCjL4DV', 'ceKVVNjvFP', 'sONV9YD8cE'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, MveMJY969xsZHNoDdw.csHigh entropy of concatenated method names: 'i7T8vP07ui', 'vJN8Tm61u7', 'vvM83MwFLE', 'c1J8hBPDTp', 'Y7i8KKUfOj', 'FZ83NfGoo3', 'ynR3o91imQ', 'm7F3OHYmUn', 'lEc3qTmZhB', 'OFd3lIlV4W'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, ALeZd5HJXthoYYUxWS.csHigh entropy of concatenated method names: 'WKK9vZ1Stu', 'OyW9ckYQ2v', 'fuV9T9rHcQ', 'WOv9pEEmvw', 'Jg993Xrc6R', 'Wbv98QlPFg', 'BpV9hfI1h9', 'doI9Ko8gWF', 'TgE904GxEc', 'IiT9LA5FgA'
                      Source: 0.2.Quotation - HDPE Fittings.exe.4682c00.8.raw.unpack, AT2Tlt6QMO42fi70Pf.csHigh entropy of concatenated method names: 'yohpbXkV4y', 'r3SpI58ORA', 'bKQp7mNrCL', 'eovpg8OyAT', 'j3NpJaVsju', 'RBkp4qBlLc', 'BbJp50rlCw', 'rTupuaWUY8', 'G5hpeDEqUY', 'UCqpHRwKcK'
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: Quotation - HDPE Fittings.exe PID: 4080, type: MEMORYSTR
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMemory allocated: 3080000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMemory allocated: 32A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMemory allocated: 30B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMemory allocated: 7E40000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMemory allocated: 8E40000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMemory allocated: 90E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMemory allocated: A0E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMemory allocated: 2CC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMemory allocated: 2CC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMemory allocated: 4CC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeWindow / User API: threadDelayed 507Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeWindow / User API: threadDelayed 5971Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 4028Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7228Thread sleep count: 507 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -99890s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7228Thread sleep count: 5971 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -99781s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -99672s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -99562s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -99453s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -99344s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -99219s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -99109s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -99000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -98890s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -98781s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -98672s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -98562s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -98453s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -98344s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -98234s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -98122s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -98015s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -97906s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -97796s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -97687s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -97578s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -97469s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -97359s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -97250s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -97140s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -97031s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -96922s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -96812s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -96703s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -96594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe TID: 7220Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 99890Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 99781Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 99672Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 99562Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 99453Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 99344Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 99219Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 99109Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 99000Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 98890Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 98781Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 98672Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 98562Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 98453Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 98344Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 98234Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 98122Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 98015Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 97906Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 97796Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 97687Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 97578Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 97469Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 97359Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 97250Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 97140Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 97031Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 96922Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 96812Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 96703Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 96594Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.00000000010C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllF
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeMemory written: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeProcess created: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe "C:\Users\user\Desktop\Quotation - HDPE Fittings.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeQueries volume information: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeQueries volume information: C:\Users\user\Desktop\Quotation - HDPE Fittings.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Quotation - HDPE Fittings.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.45baf60.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.45baf60.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.3229813317.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3229813317.0000000002D39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3228561843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3229813317.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1993283962.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation - HDPE Fittings.exe PID: 4080, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Quotation - HDPE Fittings.exe PID: 5440, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.32c620c.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.7450000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.32c620c.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.7450000.11.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1998316965.0000000007450000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1992626012.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Users\user\Desktop\Quotation - HDPE Fittings.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Quotation - HDPE Fittings.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.45baf60.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.45baf60.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.3228561843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3229813317.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1993283962.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation - HDPE Fittings.exe PID: 4080, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Quotation - HDPE Fittings.exe PID: 5440, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Quotation - HDPE Fittings.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.45baf60.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.45baf60.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.4580540.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.3229813317.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3229813317.0000000002D39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3228561843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.3229813317.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1993283962.000000000447E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation - HDPE Fittings.exe PID: 4080, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Quotation - HDPE Fittings.exe PID: 5440, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.32c620c.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.7450000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.32c620c.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation - HDPE Fittings.exe.7450000.11.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1998316965.0000000007450000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1992626012.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		111
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		1
                      Query Registry                      		Remote Services1
                      Email Collection                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		1
                      Input Capture                      		111
                      Security Software Discovery                      		Remote Desktop Protocol1
                      Input Capture                      		1
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)141
                      Virtualization/Sandbox Evasion                      		1
                      Credentials in Registry                      		1
                      Process Discovery                      		SMB/Windows Admin Shares11
                      Archive Collected Data                      		1
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                      Process Injection                      		NTDS141
                      Virtualization/Sandbox Evasion                      		Distributed Component Object Model1
                      Data from Local System                      		11
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets1
                      Application Window Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Obfuscated Files or Information                      		Cached Domain Credentials1
                      File and Directory Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
                      Software Packing                      		DCSync24
                      System Information Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      DLL Side-Loading                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Quotation - HDPE Fittings.exe29%ReversingLabsByteCode-MSIL.Trojan.Generic
                      Quotation - HDPE Fittings.exe38%VirustotalBrowse
                      Quotation - HDPE Fittings.exe100%AviraHEUR/AGEN.1309278
                      Quotation - HDPE Fittings.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                      http://ocsp.sectigo.com0A0%URL Reputationsafe
                      https://sectigo.com/CPS00%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      us2.smtp.mailhostbox.com
                      		208.91.199.225
                      		truefalse
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#Quotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3233170604.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.00000000010C0000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://ocsp.sectigo.com0AQuotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3233170604.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.00000000010C0000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://sectigo.com/CPS0Quotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3233170604.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228840094.00000000010C0000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://account.dyn.com/Quotation - HDPE Fittings.exe, 00000000.00000002.1993283962.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Quotation - HDPE Fittings.exe, 00000003.00000002.3228561843.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                          		high
                          http://us2.smtp.mailhostbox.comQuotation - HDPE Fittings.exe, 00000003.00000002.3229813317.0000000002D16000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            208.91.199.225
                            		us2.smtp.mailhostbox.comUnited States
                            		394695PUBLIC-DOMAIN-REGISTRYUSfalse

                            General Information

                            Joe Sandbox version:40.0.0 Tourmaline
                            Analysis ID:1417527
                            Start date and time:2024-03-29 15:01:10 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 6m 7s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:6
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:Quotation - HDPE Fittings.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@3/1@1/1
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 84
                            • Number of non-executed functions: 7
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            15:01:55API Interceptor33x Sleep call for process: Quotation - HDPE Fittings.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            208.91.199.225CV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                              CV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                                CV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                                  FedEx_773099516146.exeGet hashmaliciousAgentTeslaBrowse
                                    FedEx_ 239071091.exeGet hashmaliciousAgentTeslaBrowse
                                      vJRoTmuNBS4S30j.exeGet hashmaliciousAgentTeslaBrowse
                                        IHf0UdzLac.exeGet hashmaliciousAgentTeslaBrowse
                                          FedEx_2341717012.exeGet hashmaliciousAgentTeslaBrowse
                                            CV INTERNSHIP ENG.exeGet hashmaliciousAgentTeslaBrowse
                                              HSBC Payment Advice.exeGet hashmaliciousAgentTeslaBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                us2.smtp.mailhostbox.comCV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.225
                                                CV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.225
                                                CV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.224
                                                CV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.225
                                                FedEx Invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.223
                                                FedEx_773099516146.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.225
                                                Maersk Bill of Lading.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.198.143
                                                FedEx_ 239071091.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.225
                                                DHL9407155789.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.224
                                                Maersk Shipping DOC.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.223

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                PUBLIC-DOMAIN-REGISTRYUSCamScanner.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 207.174.215.2
                                                Quote#U00a0UPDATE#U00a0#U00a027-03-24.exeGet hashmaliciousAgentTeslaBrowse
                                                • 199.79.62.115
                                                PO 20240105.exeGet hashmaliciousAgentTeslaBrowse
                                                • 207.174.215.249
                                                CV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.225
                                                CV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.225
                                                Quote_Q9555.exeGet hashmaliciousAgentTeslaBrowse
                                                • 199.79.62.115
                                                CV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.224
                                                CV Mariana Alvarez.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.225
                                                Quote#U00a0UPDATE#U00a0#U00a027-03-24.exeGet hashmaliciousAgentTeslaBrowse
                                                • 199.79.62.115
                                                FedEx Invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                • 208.91.199.223

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quotation - HDPE Fittings.exe.log

                                                Download File
                                                Process:C:\Users\user\Desktop\Quotation - HDPE Fittings.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1216
                                                Entropy (8bit):5.34331486778365
                                                Encrypted:false
                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                Malicious:false
                                                Reputation:high, very likely benign file
                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):7.958887611753827
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                • Windows Screen Saver (13104/52) 0.07%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                File name:Quotation - HDPE Fittings.exe
                                                File size:683'520 bytes
                                                MD5:10f4c53cf6490bcf1f1cf0f3a88250de
                                                SHA1:4e9d7fd3c9651c205f72a6c696c656e7ae84a9d8
                                                SHA256:af83c0d8ccb38c430dce3b0c4a18eeda3c91832ae8bb432a9614619fd5727e7b
                                                SHA512:24b71b5339000c364858c137a7955cd7b464466da658ccb44c3659bedc55dcab89c185ceeb2bc5debd42d0e34ffd01f0f81d761c6a22e11dbc70bdd7786f30d5
                                                SSDEEP:12288:JBLK1sKjd9+wrOGCZ8SBvAxi/MgUd7YN0hMJqGcIlHI16CDYWEVy4Zw13vHruup:JBisKjdTOGu8SVIsmqaM7lHw6COtw1fr
                                                TLSH:7BE422503BEC0766F4E26FB518B1A10093B7BA57716DE74C2D4C50AC0EBA75A85C27B3
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0..d............... ........@.. ....................................@................................

                                                File Icon

                                                Icon Hash:00928e8e8686b000

                                                Static PE Info

                                                General

                                                Entrypoint:0x4a81ee
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x6606A2CD [Fri Mar 29 11:15:25 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                inc ebx
                                                inc edi
                                                inc edi
                                                dec eax
                                                aaa
                                                aaa
                                                inc edi
                                                dec ecx
                                                xor al, 00h
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                cmp byte ptr [eax+44h], cl
                                                xor eax, 00000047h
                                                cmp byte ptr [esp+eax*2], dh
                                                inc ebp
                                                push ebx
                                                xor al, 33h
                                                cmp byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xa81990x4f.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xaa0000x59c.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xac0000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0xa66480x54.text
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000xa62140xa6400257a4fa9a943281468cabaa2b89270c1False0.9536272321428572data7.964661054278462IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rsrc0xaa0000x59c0x600c22bfb586503c2b833cd97a5c4eda7cdFalse0.41796875data4.059667991800482IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0xac0000xc0x200af05054523563410ae9a10410b3fc7f9False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_VERSION0xaa0900x30cdata0.43333333333333335
                                                RT_MANIFEST0xaa3ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Mar 29, 2024 15:01:57.963246107 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:01:58.144895077 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:01:58.144982100 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:01:58.858696938 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:01:58.859416008 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:01:59.039602041 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:01:59.039735079 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:01:59.041968107 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:01:59.224355936 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:01:59.228791952 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:01:59.409742117 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:01:59.409760952 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:01:59.409838915 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:01:59.409851074 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:01:59.409929991 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:01:59.409929991 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:01:59.591964960 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:01:59.626760960 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:01:59.809027910 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:01:59.820808887 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:02:00.002918005 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:02:00.003910065 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:02:00.187514067 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:02:00.188433886 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:02:00.375876904 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:02:00.376199007 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:02:00.559729099 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:02:00.559995890 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:02:00.766870975 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:02:00.767112017 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:02:00.949774981 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:02:00.954921007 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:02:00.954998016 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:02:00.955029011 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:02:00.955049038 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:02:01.136066914 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:02:01.136085987 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:02:01.267664909 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:02:01.321151972 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:03:37.884021997 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:03:38.066225052 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:03:38.066643953 CET58749706208.91.199.225192.168.2.5
                                                Mar 29, 2024 15:03:38.066695929 CET49706587192.168.2.5208.91.199.225
                                                Mar 29, 2024 15:03:38.069710016 CET49706587192.168.2.5208.91.199.225

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Mar 29, 2024 15:01:57.856822968 CET5145953192.168.2.51.1.1.1
                                                Mar 29, 2024 15:01:57.956413984 CET53514591.1.1.1192.168.2.5

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Mar 29, 2024 15:01:57.856822968 CET192.168.2.51.1.1.10xd32dStandard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Mar 29, 2024 15:01:57.956413984 CET1.1.1.1192.168.2.50xd32dNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                Mar 29, 2024 15:01:57.956413984 CET1.1.1.1192.168.2.50xd32dNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                Mar 29, 2024 15:01:57.956413984 CET1.1.1.1192.168.2.50xd32dNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                Mar 29, 2024 15:01:57.956413984 CET1.1.1.1192.168.2.50xd32dNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false

                                                SMTP Packets

                                                TimestampSource PortDest PortSource IPDest IPCommands
                                                Mar 29, 2024 15:01:58.858696938 CET58749706208.91.199.225192.168.2.5220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                Mar 29, 2024 15:01:58.859416008 CET49706587192.168.2.5208.91.199.225EHLO 910646
                                                Mar 29, 2024 15:01:59.039735079 CET58749706208.91.199.225192.168.2.5250-us2.outbound.mailhostbox.com
                                                250-PIPELINING
                                                250-SIZE 41648128
                                                250-VRFY
                                                250-ETRN
                                                250-STARTTLS
                                                250-AUTH PLAIN LOGIN
                                                250-AUTH=PLAIN LOGIN
                                                250-ENHANCEDSTATUSCODES
                                                250-8BITMIME
                                                250-DSN
                                                250 CHUNKING
                                                Mar 29, 2024 15:01:59.041968107 CET49706587192.168.2.5208.91.199.225STARTTLS
                                                Mar 29, 2024 15:01:59.224355936 CET58749706208.91.199.225192.168.2.5220 2.0.0 Ready to start TLS

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:15:01:55
                                                Start date:29/03/2024
                                                Path:C:\Users\user\Desktop\Quotation - HDPE Fittings.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\Quotation - HDPE Fittings.exe"
                                                Imagebase:0xea0000
                                                File size:683'520 bytes
                                                MD5 hash:10F4C53CF6490BCF1F1CF0F3A88250DE
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1998316965.0000000007450000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1992626012.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1993283962.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1993283962.000000000447E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:3
                                                Start time:15:01:56
                                                Start date:29/03/2024
                                                Path:C:\Users\user\Desktop\Quotation - HDPE Fittings.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\Quotation - HDPE Fittings.exe"
                                                Imagebase:0x9e0000
                                                File size:683'520 bytes
                                                MD5 hash:10F4C53CF6490BCF1F1CF0F3A88250DE
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3229813317.0000000002D0E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3229813317.0000000002D39000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3228561843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3228561843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3229813317.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3229813317.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:false

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:9%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:190
                                                  Total number of Limit Nodes:14
                                                  execution_graph 22305 3084668 22306 3084669 22305->22306 22307 3084686 22306->22307 22309 3084779 22306->22309 22310 308477c 22309->22310 22314 3084888 22310->22314 22318 3084879 22310->22318 22316 3084889 22314->22316 22315 308498c 22316->22315 22322 30844d4 22316->22322 22320 308487c 22318->22320 22319 308498c 22319->22319 22320->22319 22321 30844d4 CreateActCtxA 22320->22321 22321->22319 22323 3085918 CreateActCtxA 22322->22323 22325 30859db 22323->22325 22500 308b238 22501 308b239 22500->22501 22504 308b320 22501->22504 22502 308b247 22505 308b330 22504->22505 22506 308b364 22505->22506 22512 308b5b8 22505->22512 22516 308b5c8 22505->22516 22506->22502 22507 308b568 GetModuleHandleW 22509 308b595 22507->22509 22508 308b35c 22508->22506 22508->22507 22509->22502 22513 308b5bc 22512->22513 22514 308b601 22513->22514 22520 308ad60 22513->22520 22514->22508 22517 308b5c9 22516->22517 22518 308ad60 LoadLibraryExW 22517->22518 22519 308b601 22517->22519 22518->22519 22519->22508 22521 308b7a8 LoadLibraryExW 22520->22521 22523 308b821 22521->22523 22523->22514 22524 308d5b8 22525 308d5fe 22524->22525 22529 308d798 22525->22529 22533 308d788 22525->22533 22526 308d6eb 22530 308d799 22529->22530 22537 308ce90 22530->22537 22534 308d78c 22533->22534 22535 308ce90 DuplicateHandle 22534->22535 22536 308d7c6 22535->22536 22536->22526 22538 308d800 DuplicateHandle 22537->22538 22540 308d7c6 22538->22540 22540->22526 22326 7e364c2 22327 7e36321 22326->22327 22328 7e36346 22327->22328 22332 7e36d60 22327->22332 22347 7e36dd6 22327->22347 22363 7e36d70 22327->22363 22333 7e36d8a 22332->22333 22378 7e37602 22333->22378 22383 7e37222 22333->22383 22388 7e373de 22333->22388 22392 7e3717f 22333->22392 22396 7e37a6a 22333->22396 22403 7e3743a 22333->22403 22412 7e375ab 22333->22412 22417 7e37657 22333->22417 22422 7e374c7 22333->22422 22427 7e379d0 22333->22427 22432 7e37690 22333->22432 22437 7e37841 22333->22437 22334 7e36d92 22334->22328 22348 7e36d64 22347->22348 22350 7e36dd9 22347->22350 22351 7e37222 2 API calls 22348->22351 22352 7e37602 2 API calls 22348->22352 22353 7e37841 2 API calls 22348->22353 22354 7e37690 2 API calls 22348->22354 22355 7e379d0 2 API calls 22348->22355 22356 7e374c7 2 API calls 22348->22356 22357 7e37657 2 API calls 22348->22357 22358 7e375ab 2 API calls 22348->22358 22359 7e3743a 2 API calls 22348->22359 22360 7e37a6a 4 API calls 22348->22360 22361 7e3717f 2 API calls 22348->22361 22362 7e373de 2 API calls 22348->22362 22349 7e36d92 22349->22328 22350->22328 22351->22349 22352->22349 22353->22349 22354->22349 22355->22349 22356->22349 22357->22349 22358->22349 22359->22349 22360->22349 22361->22349 22362->22349 22364 7e36d8a 22363->22364 22366 7e37222 2 API calls 22364->22366 22367 7e37602 2 API calls 22364->22367 22368 7e37841 2 API calls 22364->22368 22369 7e37690 2 API calls 22364->22369 22370 7e379d0 2 API calls 22364->22370 22371 7e374c7 2 API calls 22364->22371 22372 7e37657 2 API calls 22364->22372 22373 7e375ab 2 API calls 22364->22373 22374 7e3743a 2 API calls 22364->22374 22375 7e37a6a 4 API calls 22364->22375 22376 7e3717f 2 API calls 22364->22376 22377 7e373de 2 API calls 22364->22377 22365 7e36d92 22365->22328 22366->22365 22367->22365 22368->22365 22369->22365 22370->22365 22371->22365 22372->22365 22373->22365 22374->22365 22375->22365 22376->22365 22377->22365 22379 7e3760a 22378->22379 22442 7e35bc0 22379->22442 22446 7e35bc8 22379->22446 22380 7e37628 22384 7e37218 22383->22384 22385 7e3722a 22384->22385 22450 7e35c81 22384->22450 22454 7e35c88 22384->22454 22385->22334 22458 7e356b0 22388->22458 22462 7e356b8 22388->22462 22389 7e373f8 22389->22334 22466 7e35f10 22392->22466 22470 7e35f04 22392->22470 22401 7e356b0 Wow64SetThreadContext 22396->22401 22402 7e356b8 Wow64SetThreadContext 22396->22402 22397 7e3785f 22398 7e37afa 22397->22398 22474 7e35608 22397->22474 22478 7e35600 22397->22478 22398->22334 22401->22397 22402->22397 22405 7e37440 22403->22405 22404 7e3747c 22410 7e35c81 WriteProcessMemory 22404->22410 22411 7e35c88 WriteProcessMemory 22404->22411 22405->22404 22407 7e37218 22405->22407 22406 7e3722a 22406->22334 22407->22406 22408 7e35c81 WriteProcessMemory 22407->22408 22409 7e35c88 WriteProcessMemory 22407->22409 22408->22407 22409->22407 22410->22406 22411->22406 22413 7e375b1 22412->22413 22415 7e35c81 WriteProcessMemory 22413->22415 22416 7e35c88 WriteProcessMemory 22413->22416 22414 7e375e3 22414->22334 22415->22414 22416->22414 22419 7e37671 22417->22419 22418 7e37b0d 22418->22334 22419->22418 22420 7e35600 ResumeThread 22419->22420 22421 7e35608 ResumeThread 22419->22421 22420->22419 22421->22419 22423 7e374ea 22422->22423 22425 7e35c81 WriteProcessMemory 22423->22425 22426 7e35c88 WriteProcessMemory 22423->22426 22424 7e37568 22425->22424 22426->22424 22428 7e379d6 22427->22428 22429 7e37b0d 22428->22429 22430 7e35600 ResumeThread 22428->22430 22431 7e35608 ResumeThread 22428->22431 22429->22334 22430->22428 22431->22428 22433 7e37218 22432->22433 22433->22432 22434 7e3722a 22433->22434 22435 7e35c81 WriteProcessMemory 22433->22435 22436 7e35c88 WriteProcessMemory 22433->22436 22434->22334 22435->22433 22436->22433 22438 7e37847 22437->22438 22439 7e37b0d 22438->22439 22440 7e35600 ResumeThread 22438->22440 22441 7e35608 ResumeThread 22438->22441 22439->22334 22440->22438 22441->22438 22443 7e35c08 VirtualAllocEx 22442->22443 22445 7e35c45 22443->22445 22445->22380 22447 7e35c08 VirtualAllocEx 22446->22447 22449 7e35c45 22447->22449 22449->22380 22451 7e35c88 WriteProcessMemory 22450->22451 22453 7e35d27 22451->22453 22453->22384 22455 7e35cd0 WriteProcessMemory 22454->22455 22457 7e35d27 22455->22457 22457->22384 22459 7e356b8 Wow64SetThreadContext 22458->22459 22461 7e35745 22459->22461 22461->22389 22463 7e356fd Wow64SetThreadContext 22462->22463 22465 7e35745 22463->22465 22465->22389 22467 7e35f99 22466->22467 22467->22467 22468 7e360fe CreateProcessA 22467->22468 22469 7e3615b 22468->22469 22471 7e35f99 CreateProcessA 22470->22471 22473 7e3615b 22471->22473 22475 7e35648 ResumeThread 22474->22475 22477 7e35679 22475->22477 22477->22397 22479 7e35608 ResumeThread 22478->22479 22481 7e35679 22479->22481 22481->22397 22294 7e37ef0 22295 7e3807b 22294->22295 22297 7e37f16 22294->22297 22297->22295 22298 7e348e8 22297->22298 22299 7e38170 PostMessageW 22298->22299 22300 7e381dc 22299->22300 22300->22297 22301 7e35d78 22302 7e35dc3 ReadProcessMemory 22301->22302 22304 7e35e07 22302->22304 22482 7e3a348 22483 7e3a366 22482->22483 22484 7e3a370 22482->22484 22487 7e3a3b0 22483->22487 22492 7e3a39b 22483->22492 22488 7e3a3be 22487->22488 22491 7e3a3dd 22487->22491 22497 7e39c50 22488->22497 22491->22484 22493 7e3a3b0 22492->22493 22494 7e39c50 FindCloseChangeNotification 22493->22494 22496 7e3a3dd 22493->22496 22495 7e3a3d9 22494->22495 22495->22484 22496->22484 22498 7e3a528 FindCloseChangeNotification 22497->22498 22499 7e3a3d9 22498->22499 22499->22484

                                                  Executed Functions

                                                  Function 03084B00 Relevance: .5, Instructions: 518COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991797715.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3080000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 950008b73eece272d6a3ff3da691a672cd6a82ee5b8efe5a3493dbec29fdc5a7
                                                  • Instruction ID: c039280cf5d73470b81a882bbca511bd2f5bebcdd85c98cc54c1006fd2a5c2f7
                                                  • Opcode Fuzzy Hash: 950008b73eece272d6a3ff3da691a672cd6a82ee5b8efe5a3493dbec29fdc5a7
                                                  • Instruction Fuzzy Hash: ED023D51B1A2D7DFCF62EB7F68129616ADC8BBA218F0D41A5E9C1CF367D065C820C325
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E35F04 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 443 7e35f04-7e35fa5 445 7e35fa7-7e35fb1 443->445 446 7e35fde-7e35ffe 443->446 445->446 447 7e35fb3-7e35fb5 445->447 451 7e36000-7e3600a 446->451 452 7e36037-7e36066 446->452 449 7e35fb7-7e35fc1 447->449 450 7e35fd8-7e35fdb 447->450 453 7e35fc3 449->453 454 7e35fc5-7e35fd4 449->454 450->446 451->452 456 7e3600c-7e3600e 451->456 462 7e36068-7e36072 452->462 463 7e3609f-7e36159 CreateProcessA 452->463 453->454 454->454 455 7e35fd6 454->455 455->450 457 7e36031-7e36034 456->457 458 7e36010-7e3601a 456->458 457->452 460 7e3601e-7e3602d 458->460 461 7e3601c 458->461 460->460 465 7e3602f 460->465 461->460 462->463 464 7e36074-7e36076 462->464 474 7e36162-7e361e8 463->474 475 7e3615b-7e36161 463->475 466 7e36099-7e3609c 464->466 467 7e36078-7e36082 464->467 465->457 466->463 469 7e36086-7e36095 467->469 470 7e36084 467->470 469->469 471 7e36097 469->471 470->469 471->466 485 7e361ea-7e361ee 474->485 486 7e361f8-7e361fc 474->486 475->474 485->486 487 7e361f0 485->487 488 7e361fe-7e36202 486->488 489 7e3620c-7e36210 486->489 487->486 488->489 490 7e36204 488->490 491 7e36212-7e36216 489->491 492 7e36220-7e36224 489->492 490->489 491->492 493 7e36218 491->493 494 7e36236-7e3623d 492->494 495 7e36226-7e3622c 492->495 493->492 496 7e36254 494->496 497 7e3623f-7e3624e 494->497 495->494 499 7e36255 496->499 497->496 499->499
                                                  APIs
                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07E36146
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID:
                                                  • API String ID: 963392458-0
                                                  • Opcode ID: cfc53e4541fe5a4251776ff2d05ed8da88f1e3f9a2ed3b64eecdcab6a9037af3
                                                  • Instruction ID: 0d5f0cefd37637df97f8d7b4b6f7c9c4892a482a42dd68d885e18a07e4cb1873
                                                  • Opcode Fuzzy Hash: cfc53e4541fe5a4251776ff2d05ed8da88f1e3f9a2ed3b64eecdcab6a9037af3
                                                  • Instruction Fuzzy Hash: 92A18FB1D0121ADFDB24CFA8C845BEDBBF2BF44318F1481A9D808A7250DB759995CF92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E35F10 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 500 7e35f10-7e35fa5 502 7e35fa7-7e35fb1 500->502 503 7e35fde-7e35ffe 500->503 502->503 504 7e35fb3-7e35fb5 502->504 508 7e36000-7e3600a 503->508 509 7e36037-7e36066 503->509 506 7e35fb7-7e35fc1 504->506 507 7e35fd8-7e35fdb 504->507 510 7e35fc3 506->510 511 7e35fc5-7e35fd4 506->511 507->503 508->509 513 7e3600c-7e3600e 508->513 519 7e36068-7e36072 509->519 520 7e3609f-7e36159 CreateProcessA 509->520 510->511 511->511 512 7e35fd6 511->512 512->507 514 7e36031-7e36034 513->514 515 7e36010-7e3601a 513->515 514->509 517 7e3601e-7e3602d 515->517 518 7e3601c 515->518 517->517 522 7e3602f 517->522 518->517 519->520 521 7e36074-7e36076 519->521 531 7e36162-7e361e8 520->531 532 7e3615b-7e36161 520->532 523 7e36099-7e3609c 521->523 524 7e36078-7e36082 521->524 522->514 523->520 526 7e36086-7e36095 524->526 527 7e36084 524->527 526->526 528 7e36097 526->528 527->526 528->523 542 7e361ea-7e361ee 531->542 543 7e361f8-7e361fc 531->543 532->531 542->543 544 7e361f0 542->544 545 7e361fe-7e36202 543->545 546 7e3620c-7e36210 543->546 544->543 545->546 547 7e36204 545->547 548 7e36212-7e36216 546->548 549 7e36220-7e36224 546->549 547->546 548->549 550 7e36218 548->550 551 7e36236-7e3623d 549->551 552 7e36226-7e3622c 549->552 550->549 553 7e36254 551->553 554 7e3623f-7e3624e 551->554 552->551 556 7e36255 553->556 554->553 556->556
                                                  APIs
                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07E36146
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID:
                                                  • API String ID: 963392458-0
                                                  • Opcode ID: 87483831a280c3f7069ba8eaf698e3fafbef9e17e3b88b775e03f9effdbba19d
                                                  • Instruction ID: d632c5d4fb357c65124ec77b0008ad84ac74c31fa04a1dd132c220f000e2866d
                                                  • Opcode Fuzzy Hash: 87483831a280c3f7069ba8eaf698e3fafbef9e17e3b88b775e03f9effdbba19d
                                                  • Instruction Fuzzy Hash: 34917CB1D0121ADFDB20DFA8C845BEDBBF2BF44318F1481A9D808A7250DB759995CF92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0308B320 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 557 308b320-308b32e 558 308b330-308b334 557->558 559 308b335-308b33f 557->559 558->559 560 308b36b-308b36f 559->560 561 308b341-308b34e call 3088870 559->561 563 308b371-308b37b 560->563 564 308b383-308b3c4 560->564 566 308b350 561->566 567 308b364 561->567 563->564 570 308b3d1-308b3df 564->570 571 308b3c6-308b3ce 564->571 618 308b356 call 308b5b8 566->618 619 308b356 call 308b5c8 566->619 567->560 572 308b3e1-308b3e6 570->572 573 308b403-308b405 570->573 571->570 575 308b3e8-308b3ef call 308ad04 572->575 576 308b3f1 572->576 578 308b408-308b40f 573->578 574 308b35c-308b35e 574->567 577 308b4a0-308b51a 574->577 580 308b3f3-308b401 575->580 576->580 609 308b51c-308b51e 577->609 610 308b521-308b524 577->610 581 308b41c-308b423 578->581 582 308b411-308b419 578->582 580->578 584 308b430-308b439 call 308ad14 581->584 585 308b425-308b42d 581->585 582->581 590 308b43b-308b443 584->590 591 308b446-308b44b 584->591 585->584 590->591 592 308b469-308b476 591->592 593 308b44d-308b454 591->593 600 308b478-308b496 592->600 601 308b499-308b49f 592->601 593->592 595 308b456-308b466 call 308ad24 call 308ad34 593->595 595->592 600->601 611 308b525-308b560 609->611 612 308b520 609->612 610->611 613 308b568-308b593 GetModuleHandleW 611->613 614 308b562-308b565 611->614 612->610 615 308b59c-308b5b0 613->615 616 308b595-308b59b 613->616 614->613 616->615 618->574 619->574
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991797715.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3080000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9535d4368afa69a554ae37b23e9a99ea2e51e66c9ff4c3bb6267a288d71d9ebf
                                                  • Instruction ID: af46ac95c16e58d9d2ed9a840248c28d8ce999b232fe357c7bb49a6d67241dd6
                                                  • Opcode Fuzzy Hash: 9535d4368afa69a554ae37b23e9a99ea2e51e66c9ff4c3bb6267a288d71d9ebf
                                                  • Instruction Fuzzy Hash: A0814570A01B059FD764EF2AD04575ABBF5FF88300F048969D48ADBB50EB78E805CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0308590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 620 308590c-3085916 621 3085918-308591c 620->621 622 308591d-30859d9 CreateActCtxA 620->622 621->622 624 30859db-30859e1 622->624 625 30859e2-3085a3c 622->625 624->625 632 3085a4b-3085a4f 625->632 633 3085a3e-3085a41 625->633 634 3085a60 632->634 635 3085a51-3085a5d 632->635 633->632 636 3085a61 634->636 635->634 636->636
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 030859C9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991797715.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3080000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 966f0822fa7c69c933405d38fc3a569f506d304077c2a1653c8964954fbd6e30
                                                  • Instruction ID: 2bb394fbb056d5df57f5351c943440ca59a9c3a60f10f4357dbf9968c4b4f9d4
                                                  • Opcode Fuzzy Hash: 966f0822fa7c69c933405d38fc3a569f506d304077c2a1653c8964954fbd6e30
                                                  • Instruction Fuzzy Hash: 73410FB0C01719CBDB24DFA9C884BCDBBF6BF49704F24806AD448AB255DBB56946CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 030844D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 638 30844d4-30859d9 CreateActCtxA 642 30859db-30859e1 638->642 643 30859e2-3085a3c 638->643 642->643 650 3085a4b-3085a4f 643->650 651 3085a3e-3085a41 643->651 652 3085a60 650->652 653 3085a51-3085a5d 650->653 651->650 654 3085a61 652->654 653->652 654->654
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 030859C9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991797715.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3080000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 2f75a481cf370ec1f19503493d18120447b0a775d974d8c05d2f1463a65cbb38
                                                  • Instruction ID: b2b260dfdf55421aeceedea82075748be9646bd5e2ef44ab8d0a2e81cfe6015d
                                                  • Opcode Fuzzy Hash: 2f75a481cf370ec1f19503493d18120447b0a775d974d8c05d2f1463a65cbb38
                                                  • Instruction Fuzzy Hash: EE41FFB0C01619CBDB24DFA9C884BDDBBF6BF49304F24806AD448AB255DBB56946CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E35C81 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 656 7e35c81-7e35cd6 659 7e35ce6-7e35d25 WriteProcessMemory 656->659 660 7e35cd8-7e35ce4 656->660 662 7e35d27-7e35d2d 659->662 663 7e35d2e-7e35d5e 659->663 660->659 662->663
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07E35D18
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: 71625fa2c7b4dd4dff6ea8e35b1e9ba944a101dd7a3d08ab9e6da874f83e016d
                                                  • Instruction ID: 45dfaa91246574f75cebbec111d3a7fc785ed3d4cfcfcd9c298543583ef02bd1
                                                  • Opcode Fuzzy Hash: 71625fa2c7b4dd4dff6ea8e35b1e9ba944a101dd7a3d08ab9e6da874f83e016d
                                                  • Instruction Fuzzy Hash: C02146B59003599FCB10CFA9C985BEEBBF5FF48314F10842AE919A7240D7789954CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E35C88 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 667 7e35c88-7e35cd6 669 7e35ce6-7e35d25 WriteProcessMemory 667->669 670 7e35cd8-7e35ce4 667->670 672 7e35d27-7e35d2d 669->672 673 7e35d2e-7e35d5e 669->673 670->669 672->673
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07E35D18
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: 7cf0a8ffb050ba502a7f902f97d053da940e6a3e269d0b3ce9198f64b27f5a9d
                                                  • Instruction ID: 336772c1c541d7c3fb861ee0a15dc9156c67fae2e1376f9c4c926d2db796b8a5
                                                  • Opcode Fuzzy Hash: 7cf0a8ffb050ba502a7f902f97d053da940e6a3e269d0b3ce9198f64b27f5a9d
                                                  • Instruction Fuzzy Hash: 8B2139B59003099FCB10DFA9C985BEEBBF5FF48314F108429E919A7340D7789954CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E356B0 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 677 7e356b0-7e35703 680 7e35713-7e35743 Wow64SetThreadContext 677->680 681 7e35705-7e35711 677->681 683 7e35745-7e3574b 680->683 684 7e3574c-7e3577c 680->684 681->680 683->684
                                                  APIs
                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07E35736
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: ContextThreadWow64
                                                  • String ID:
                                                  • API String ID: 983334009-0
                                                  • Opcode ID: cf140abd6ce6b62d750a83c43f8f8f0ec66d18065de2bcc67d78fdd63ee101d3
                                                  • Instruction ID: 537601cee4cae29541790fbf20d50f8193a3493189fcde6d093744b4b1ab2646
                                                  • Opcode Fuzzy Hash: cf140abd6ce6b62d750a83c43f8f8f0ec66d18065de2bcc67d78fdd63ee101d3
                                                  • Instruction Fuzzy Hash: 692148B19002099FDB10DFAAC4857EEBBF4EF49314F148429D419A7240CB789645CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E35D70 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07E35DF8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID:
                                                  • API String ID: 1726664587-0
                                                  • Opcode ID: 688168ce700d490a9637d11d5484777424198da886626bfc945d79140348ec0c
                                                  • Instruction ID: 0617d432e4d8c9ef4b618ae22c0d917fb3e68d85ed36f71ea762254da2cab3c9
                                                  • Opcode Fuzzy Hash: 688168ce700d490a9637d11d5484777424198da886626bfc945d79140348ec0c
                                                  • Instruction Fuzzy Hash: FF2148B1C003499FCB10DFAAC884AEEFBF5FF49314F10842AE919A7250C7389540CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0308D7F8 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 688 308d7f8-308d7fe 689 308d800-308d804 688->689 690 308d805-308d894 DuplicateHandle 688->690 689->690 691 308d89d-308d8ba 690->691 692 308d896-308d89c 690->692 692->691
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0308D7C6,?,?,?,?,?), ref: 0308D887
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991797715.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3080000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: bd11ae311c893ece8fb421797d0b4cac5241f578b7878fb87f15a2d842fd5df6
                                                  • Instruction ID: cebc13dc7890a13acd5f30ac235b02f1066599d3f529e69b5cfb5766d305c25a
                                                  • Opcode Fuzzy Hash: bd11ae311c893ece8fb421797d0b4cac5241f578b7878fb87f15a2d842fd5df6
                                                  • Instruction Fuzzy Hash: 2021F6B5901208EFDB10DF9AD984ADEBBF4FB48310F14841AE954A3250D378A944CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0308CE90 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0308D7C6,?,?,?,?,?), ref: 0308D887
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991797715.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3080000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: b5aa763a44bf445a3924ca1170297cac96cffb55313a87091309b13b5747d2bc
                                                  • Instruction ID: 0c7b2e5e45524ad7ce23fec21b9dc690a8fff9cb6fc716dc36e09ed4fcf54240
                                                  • Opcode Fuzzy Hash: b5aa763a44bf445a3924ca1170297cac96cffb55313a87091309b13b5747d2bc
                                                  • Instruction Fuzzy Hash: 6E21E7B5901208EFDB10DF9AD584AEEBBF4FB48310F14846AE954A3350D378A944CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E356B8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07E35736
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: ContextThreadWow64
                                                  • String ID:
                                                  • API String ID: 983334009-0
                                                  • Opcode ID: 056054b9c8338daef5fd9f8bb1a9a479de9a0b939e0ea17341b6767237b005c6
                                                  • Instruction ID: c50c33b118d9284b0b3c3574b96526a3f8ea7d0c69bd2f058126e3098b7ea9ad
                                                  • Opcode Fuzzy Hash: 056054b9c8338daef5fd9f8bb1a9a479de9a0b939e0ea17341b6767237b005c6
                                                  • Instruction Fuzzy Hash: 3C2118B5D002099FDB10DFAAC4857EEBBF4EF48314F548429D519A7340DB789A85CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E35D78 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07E35DF8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID:
                                                  • API String ID: 1726664587-0
                                                  • Opcode ID: ac284625d9d8b49919be3d98e86b4b7d9fd5bd6015a116757ed25a2c789ca207
                                                  • Instruction ID: a6ae725bbfe7241da9773650c1a33261e375e5fe058dd952f5d35d151e39197f
                                                  • Opcode Fuzzy Hash: ac284625d9d8b49919be3d98e86b4b7d9fd5bd6015a116757ed25a2c789ca207
                                                  • Instruction Fuzzy Hash: DA2138B1C003499FDB10DFAAC885AEEFBF5FF48310F50842AE919A7240C7389940CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0308AD60 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0308B601,00000800,00000000,00000000), ref: 0308B812
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991797715.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3080000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: 9f84a197b43de9c4688f1b5da0f9bc1fb9729f1eb34a3d4c0609736451a9c146
                                                  • Instruction ID: e58db33418d45b365c74477654430d3cc13eb63f7e201f6b88f0d29e0001e1ff
                                                  • Opcode Fuzzy Hash: 9f84a197b43de9c4688f1b5da0f9bc1fb9729f1eb34a3d4c0609736451a9c146
                                                  • Instruction Fuzzy Hash: F11112B6D003499FDB20DF9AD444AAEFBF4EB48320F14842AE959A7300C379A545CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E35BC0 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07E35C36
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 92ac0293fcced4f9b38d767dd4a01a37e6117fdc8bc4bb0a1a434e09a0cc72ec
                                                  • Instruction ID: 233a3e5c528f2d835946f5870da6fb6c0183a338124ddfa777c7d9d84ba3684f
                                                  • Opcode Fuzzy Hash: 92ac0293fcced4f9b38d767dd4a01a37e6117fdc8bc4bb0a1a434e09a0cc72ec
                                                  • Instruction Fuzzy Hash: 671179B59002499FCB20DFAAC845AEFBFF5FF48314F108819E519A7250C7799940CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E35BC8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07E35C36
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 78d29bcdd9b527948ed10c9591e4d33dbe1b29d1697afa2770d1b5b2d66080f0
                                                  • Instruction ID: 9ed12ce30ade0107cc39fe005a36b1d4043ac34d6d67a125ff92fa7ff8083347
                                                  • Opcode Fuzzy Hash: 78d29bcdd9b527948ed10c9591e4d33dbe1b29d1697afa2770d1b5b2d66080f0
                                                  • Instruction Fuzzy Hash: FB1137B59002499FCB10DFAAC845AEEBFF5FF48314F148819E519A7250C779A950CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0308B7A3 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0308B601,00000800,00000000,00000000), ref: 0308B812
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991797715.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3080000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: 1386a10308722c2ef25a9a41c14ecbfb7e206bf3379d1e32c27248e1489dfb89
                                                  • Instruction ID: 97db483001c15c3ca28e4e8c742e81d75879bc8ae91c82463b57ced42385a360
                                                  • Opcode Fuzzy Hash: 1386a10308722c2ef25a9a41c14ecbfb7e206bf3379d1e32c27248e1489dfb89
                                                  • Instruction Fuzzy Hash: AC1123B6C003499FDB10DF9AD844ADEFBF4EB48310F14842AD419A7300C379A545CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E35600 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: 6f7af328a8657731c43d1cabab186008d88ab2ebeadaba02ba2588eaef85e7e6
                                                  • Instruction ID: a9b250fe00b1b70269eac818f4f613817ccfc4178144dcb72ef33a210356cfd7
                                                  • Opcode Fuzzy Hash: 6f7af328a8657731c43d1cabab186008d88ab2ebeadaba02ba2588eaef85e7e6
                                                  • Instruction Fuzzy Hash: 461146B19003498FDB20DFAAC4457AEFBF5EF89724F24881AD519A7240CB38A544CBA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E39C50 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,07E3A3D9,?,?), ref: 07E3A580
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: ChangeCloseFindNotification
                                                  • String ID:
                                                  • API String ID: 2591292051-0
                                                  • Opcode ID: a7996fd9aad1ccb2715efbdd410707d2c62499816555d10987f88593a434a7a0
                                                  • Instruction ID: a0235d45f24121c9a95f918ff8a356361f95a7bb3dcee00219aed3bed23d14ff
                                                  • Opcode Fuzzy Hash: a7996fd9aad1ccb2715efbdd410707d2c62499816555d10987f88593a434a7a0
                                                  • Instruction Fuzzy Hash: F0113AB58003499FDB20DF99C549BEEBBF4EB48320F10842AE559A7340D378A984CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E35608 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: 83c8c690b1a7e9556f81529cd3e0b004e49ca8b2a6707a2b67a4f1fb2714840b
                                                  • Instruction ID: dc847dbff5f8aa9b6ce67f2e9fe5534f0644b0e41b53125195bfe901e1abf75a
                                                  • Opcode Fuzzy Hash: 83c8c690b1a7e9556f81529cd3e0b004e49ca8b2a6707a2b67a4f1fb2714840b
                                                  • Instruction Fuzzy Hash: 6A1128B1D002498FDB20DFAAC4457AEFBF5EF88324F248819D519A7240CB79A544CBA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E3A520 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,07E3A3D9,?,?), ref: 07E3A580
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: ChangeCloseFindNotification
                                                  • String ID:
                                                  • API String ID: 2591292051-0
                                                  • Opcode ID: f8b8fe74c67d69b1db2e2cd7b5ed2bf96ca9c063e4ba2cdccf662837dfb1e949
                                                  • Instruction ID: 4f0fb0a687ed3a5be28c4a52d66b8354535584b084e69ee682b83653976bd532
                                                  • Opcode Fuzzy Hash: f8b8fe74c67d69b1db2e2cd7b5ed2bf96ca9c063e4ba2cdccf662837dfb1e949
                                                  • Instruction Fuzzy Hash: 7F1116B58003499FCB20DF99D545BDEBBF4EB48324F14845AD558A7341D338A684CBA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E348E8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 07E381CD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: 50125a0200cc2f3d26cffa54937435cb0a06f03debf142160870a8feb1e4cef4
                                                  • Instruction ID: 6483f08c6bea642a7143b125d89df4d7276b98da3162f10d99ac144bc5a72a25
                                                  • Opcode Fuzzy Hash: 50125a0200cc2f3d26cffa54937435cb0a06f03debf142160870a8feb1e4cef4
                                                  • Instruction Fuzzy Hash: 8F1106B58003499FDB10DF9AD449BDEBBF8FB48310F108459E518A7200D379A944CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0308B520 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0308B586
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991797715.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3080000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: 2e9a8d704d43ba6ffe666e5973cfebe07e0e5ff9410c636a10bcc13f6f1183a1
                                                  • Instruction ID: 28a3afbeeed4ff738ca81af99a001875cd7f1840c3c5ac93a83408fd64ed7eef
                                                  • Opcode Fuzzy Hash: 2e9a8d704d43ba6ffe666e5973cfebe07e0e5ff9410c636a10bcc13f6f1183a1
                                                  • Instruction Fuzzy Hash: 6F11DFB5C012498FDB10DF9AD444B9EFBF4EB89314F14842AD469B7210D379A545CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E3816B Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 07E381CD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: 7d459041a0e0b825ce2c4daf0198f5a7711971fdf3f695db6319ddf6dc377851
                                                  • Instruction ID: e2b2a16c29f0324e9c165514a0e906b57e30313fdee93d2d099711a5aa31ec6f
                                                  • Opcode Fuzzy Hash: 7d459041a0e0b825ce2c4daf0198f5a7711971fdf3f695db6319ddf6dc377851
                                                  • Instruction Fuzzy Hash: 571103B5800249DFDB20DF99D889BDEBBF4FB88314F148959E518A7300C379A584CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0172D1FC Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991288393.000000000172D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0172D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_172d000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8c126bc369ed0086b7283e519abb2b612c5dc14639deaafb26a1d52bd8a95ba0
                                                  • Instruction ID: d178e090ae33bc65a6e4ffbac17d7dcb0aa7533543fe9f3d0f263c83a9c619ae
                                                  • Opcode Fuzzy Hash: 8c126bc369ed0086b7283e519abb2b612c5dc14639deaafb26a1d52bd8a95ba0
                                                  • Instruction Fuzzy Hash: 0A210672508240DFDB16DF98D9C4B26FFA5FB89320F20C5A9E9090B256C33AD417CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0172D4C4 Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991288393.000000000172D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0172D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_172d000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e5386886e6f58c2d665f0510e50ca590bbb47cc22f71890bac88093564cbdea
                                                  • Instruction ID: 3ea29b92a37176bcbe650fc3bab719f8124894db95dc721edaba1485f9243093
                                                  • Opcode Fuzzy Hash: 3e5386886e6f58c2d665f0510e50ca590bbb47cc22f71890bac88093564cbdea
                                                  • Instruction Fuzzy Hash: 93210371504240DFDB25DF98D9C0F26FF65FB88318F30C5A9E9090B256C37AD456CAA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019DD01C Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991480091.00000000019DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 019DD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_19dd000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e76696b3b5173f9743c50f21ca9d98c0a823c4617240c159c5466a3eb0d9aa12
                                                  • Instruction ID: 59ec7aec6e016c871fc0fb876aad502369a3dcf9a58a9c268c525cc20de5563b
                                                  • Opcode Fuzzy Hash: e76696b3b5173f9743c50f21ca9d98c0a823c4617240c159c5466a3eb0d9aa12
                                                  • Instruction Fuzzy Hash: F321D071604204DFDB15DFA8D984F26BFA9EBC8354F24C969D90E4B296C33AD406CAA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019DD1D4 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991480091.00000000019DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 019DD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_19dd000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7cce2e6724fc061b91134f7148be4171f06fbc8194ffed6b3c95b68ac1c46a35
                                                  • Instruction ID: 12b252b62f3c38096201591eecb0bc9a7affc397b8d37eb207dadfa3e968842d
                                                  • Opcode Fuzzy Hash: 7cce2e6724fc061b91134f7148be4171f06fbc8194ffed6b3c95b68ac1c46a35
                                                  • Instruction Fuzzy Hash: CB21F571544204EFDB05DFA8D9C0F26BBA9FB84324F20C96DDA4D4B296C33AD406CA61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019DD005 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991480091.00000000019DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 019DD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_19dd000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3df1b655a736082d3e39f0dc5f10b8303bb8a1e7446110ac545b88bf942e6131
                                                  • Instruction ID: d238d12acc5de6d234b790421457cee0183acad9d83149f096826da1c2bbf864
                                                  • Opcode Fuzzy Hash: 3df1b655a736082d3e39f0dc5f10b8303bb8a1e7446110ac545b88bf942e6131
                                                  • Instruction Fuzzy Hash: 3921A4755093C08FDB13CF24D994715BFB1EB86214F28C5DAD8498B697C33A940ACB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0172D1F7 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991288393.000000000172D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0172D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_172d000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d06fae078f3ccc2112caf8552f6b645ede566e603d6c7b0d9faf10800b04cc1c
                                                  • Instruction ID: 4606c010c8eb69469c8e926a962083336b21b132e2c0f20ac526841f8e0d93bd
                                                  • Opcode Fuzzy Hash: d06fae078f3ccc2112caf8552f6b645ede566e603d6c7b0d9faf10800b04cc1c
                                                  • Instruction Fuzzy Hash: 6821CD76408240CFDB16CF44D9C4B16FFA2FB89320F24C5A9DD080A256C33AD42ACBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0172D4BF Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991288393.000000000172D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0172D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_172d000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction ID: c18dff122618d1c63fd292bf045bd9652457aaecd417b4428c9498ff5d305175
                                                  • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                  • Instruction Fuzzy Hash: 2111CA72404280CFDB12CF54D9C4B16BF62FB88228F34C6A9D9490B256C33AD45ACBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 019DD1CF Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991480091.00000000019DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 019DD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_19dd000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                  • Instruction ID: 9c3243cffcc470a5aa72dec0b27b323aede5dd28adf83d149100a32cbe702820
                                                  • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                  • Instruction Fuzzy Hash: 4B11BB75504280DFDB02CF54C5C4B15BFB1FB84224F24C6A9D9494B696C33AD40ACB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0172D745 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991288393.000000000172D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0172D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_172d000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 47a1e153cd982f9779ca8be8052001038823249afa54118edbd1722f4b4801cf
                                                  • Instruction ID: 1cc5d31fc39944306eaa4566b74c8c3d18e68e74af30dee8c820a823c90aca0f
                                                  • Opcode Fuzzy Hash: 47a1e153cd982f9779ca8be8052001038823249afa54118edbd1722f4b4801cf
                                                  • Instruction Fuzzy Hash: C5012B310043909AE7308EA9CD84B67FF9CEF45324F18C56AED084A386D23D9802CAB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0172D744 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991288393.000000000172D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0172D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_172d000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bb4c7c5c18ca32b7cf904348dde6c3729eaa3c2e77d3f0f38b6e072652769c71
                                                  • Instruction ID: a16f18ffdb915a1bc1b5e189d06354dd3c48e1f903670bacbc98b65aa9258728
                                                  • Opcode Fuzzy Hash: bb4c7c5c18ca32b7cf904348dde6c3729eaa3c2e77d3f0f38b6e072652769c71
                                                  • Instruction Fuzzy Hash: 61F0F6714043949EE7208E1ACC88B62FFD8EF45334F18C45AED484B386C3799841CBB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 07E39E10 Relevance: .4, Instructions: 354COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bfc101b8d89d92f11d72759fef8b9071193450a953df0780040b5b69d28a8917
                                                  • Instruction ID: 00042fbf7a6b0156802a9cc5a78407f86d030888f7e338011640cf7a6caf4a09
                                                  • Opcode Fuzzy Hash: bfc101b8d89d92f11d72759fef8b9071193450a953df0780040b5b69d28a8917
                                                  • Instruction Fuzzy Hash: 4ED1DDB07067018FDB19EB35C4147AEB7F6AF89304F14846ED1869B791DB39E882CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E35790 Relevance: .3, Instructions: 312COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 78b4e9d8a5d5335607801fc3072ac7b0a68b8ac45daa783d0a7c7138507e3358
                                                  • Instruction ID: 50d11cc20640093bf8ce85c43f9cbf6e91b1bf68e035da0b014f4361b0938bbb
                                                  • Opcode Fuzzy Hash: 78b4e9d8a5d5335607801fc3072ac7b0a68b8ac45daa783d0a7c7138507e3358
                                                  • Instruction Fuzzy Hash: 8EE119B4E012198FCB14CFA9C5849AEFBB2FF89305F249169E815AB356D730AD41CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E335E0 Relevance: .3, Instructions: 312COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4f271a2c6496b8587f730ce361a2969d7525f66488721e1c55fd7072b5ecc5b2
                                                  • Instruction ID: 4fdeab1577f950d9d6492886d1964ca257534de65a09ab46f9cdc249ea30538d
                                                  • Opcode Fuzzy Hash: 4f271a2c6496b8587f730ce361a2969d7525f66488721e1c55fd7072b5ecc5b2
                                                  • Instruction Fuzzy Hash: 6DE11AB4E011198FCB14CFA9C5849AEFBB2FF89305F249169D815AB35AD730AD81CF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E32D70 Relevance: .3, Instructions: 312COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6861c157fa36ad9dabca5da87905375694df1e07087fc93f3f2720fe15030ef2
                                                  • Instruction ID: fd335cb2da2dc55c8c9a52d334b07d3f25506c08b7c1be3a1c2942bed2341a0a
                                                  • Opcode Fuzzy Hash: 6861c157fa36ad9dabca5da87905375694df1e07087fc93f3f2720fe15030ef2
                                                  • Instruction Fuzzy Hash: D8E118B4E011198FCB14CFA9C5849AEFBB2FF89305F249269E815AB356C730AD41CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E33A18 Relevance: .3, Instructions: 312COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 687d6d05aa89af1d4883b4db1c9a75c59e5e3512c91f8ab9fc0a06ea649e106f
                                                  • Instruction ID: badb0195e4497918dc607ee070b6b4ca065bd1cce6b44c8ff644bb0ccfd1ba34
                                                  • Opcode Fuzzy Hash: 687d6d05aa89af1d4883b4db1c9a75c59e5e3512c91f8ab9fc0a06ea649e106f
                                                  • Instruction Fuzzy Hash: 0BE12AB4E012198FCB14CFA9C5849AEFBB2FF89305F249169D815AB356C730AD41CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 07E331A8 Relevance: .3, Instructions: 312COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1999003559.0000000007E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E30000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7e30000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 13a029c28b9287b1e4635ed6a533deae2b95fdf847ebf45394e1062f52d0415f
                                                  • Instruction ID: 2eaaaa2dd7aab0bbe3aeb542d78c680be4e1dd017c04cb1da3f55c71072d5a6c
                                                  • Opcode Fuzzy Hash: 13a029c28b9287b1e4635ed6a533deae2b95fdf847ebf45394e1062f52d0415f
                                                  • Instruction Fuzzy Hash: 1AE108B4E011198FCB14CFA9C5849AEFBB2FF89305F248169E815AB356D734AD41CF60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0308E16C Relevance: .3, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1991797715.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3080000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cf2201a973ad5b632c55494108c72276090f6ba0e55e7362ff84eb3aef29ab95
                                                  • Instruction ID: ab1c776cb6785efd794e4166d7a265bc1d8123e1aa125dac0d5a193e1c01c896
                                                  • Opcode Fuzzy Hash: cf2201a973ad5b632c55494108c72276090f6ba0e55e7362ff84eb3aef29ab95
                                                  • Instruction Fuzzy Hash: CCA18F36E0120ACFCF15EFB4D8404DEB7B2FF85300B19856AE845AB265DB31E955CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Execution Graph

                                                  Execution Coverage:11.7%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:17
                                                  Total number of Limit Nodes:4
                                                  execution_graph 24921 5200848 24923 520084e 24921->24923 24922 520091b 24923->24922 24925 520137f 24923->24925 24927 5201383 24925->24927 24926 5201480 24926->24923 24927->24926 24929 5207088 24927->24929 24930 5207092 24929->24930 24931 52070ac 24930->24931 24934 62cd390 24930->24934 24938 62cd351 24930->24938 24931->24927 24936 62cd3a5 24934->24936 24935 62cd5ba 24935->24931 24936->24935 24937 62cd5d0 GlobalMemoryStatusEx 24936->24937 24937->24936 24940 62cd365 24938->24940 24939 62cd5ba 24939->24931 24940->24939 24941 62cd5d0 GlobalMemoryStatusEx 24940->24941 24941->24940

                                                  Executed Functions

                                                  Function 05209B28 Relevance: 2.8, Instructions: 2849COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 47967306d5e405d5b31de80f4a18f037620df8710130f8f58c0722b6e97e5ca9
                                                  • Instruction ID: 09cddb13973881dbbde170ad1167c320f327f446f0dbee20f2766689d9082c63
                                                  • Opcode Fuzzy Hash: 47967306d5e405d5b31de80f4a18f037620df8710130f8f58c0722b6e97e5ca9
                                                  • Instruction Fuzzy Hash: 3563E731D10B1A8ADB11EB68C8849ADF7B1FF99300F51D79AE45877121EB70AAD4CF81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05204A98 Relevance: .3, Instructions: 266COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d16c8f814f4d2d91ddcc110c8fccf4875bfccd182052ea1459906935765e53fa
                                                  • Instruction ID: bf0e431ab0472badbd2dcd26dd354cb46e712ee68cb06481fe479ad4f0eca7b7
                                                  • Opcode Fuzzy Hash: d16c8f814f4d2d91ddcc110c8fccf4875bfccd182052ea1459906935765e53fa
                                                  • Instruction Fuzzy Hash: 5DB19070E1120A9FDF10EFA8C8857ADBBF2BF88314F14D129D519A7295EB749842CBC1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05203E80 Relevance: .2, Instructions: 238COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 72b3d5adb20fa2b2a459ce915e6e35b16d8751967c71c3544bdfe9d3a9a01d43
                                                  • Instruction ID: 4032ea87fcbd936c9360da51a41046732bfe11496d267cf09a082898f479728a
                                                  • Opcode Fuzzy Hash: 72b3d5adb20fa2b2a459ce915e6e35b16d8751967c71c3544bdfe9d3a9a01d43
                                                  • Instruction Fuzzy Hash: 2B91CF70E1120ACFDF10DFA8C9857DEBBF2BF88304F149129E409A7294EB349846CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05206ED3 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2113 5206ed3-5206f3a call 5206c38 2122 5206f56-5206f84 2113->2122 2123 5206f3c-5206f55 call 5206384 2113->2123 2127 5206f86-5206f89 2122->2127 2128 5206f99-5206f9c 2127->2128 2129 5206f8b call 5207903 2127->2129 2131 5206fb0-5206fb3 2128->2131 2132 5206f9e-5206fa5 2128->2132 2133 5206f91-5206f94 2129->2133 2136 5206fb5-5206fc9 2131->2136 2137 5206fe6-5206fe9 2131->2137 2134 52070e3-52070e9 2132->2134 2135 5206fab 2132->2135 2133->2128 2135->2131 2144 5206fcb-5206fcd 2136->2144 2145 5206fcf 2136->2145 2138 5207025-5207027 2137->2138 2139 5206feb-5207020 2137->2139 2140 5207029 2138->2140 2141 520702e-5207031 2138->2141 2139->2138 2140->2141 2141->2127 2143 5207037-5207046 2141->2143 2148 5207070-5207085 2143->2148 2149 5207048-520704b 2143->2149 2146 5206fd2-5206fe1 2144->2146 2145->2146 2146->2137 2148->2134 2152 5207053-520706e 2149->2152 2152->2148 2152->2149
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LR]q$LR]q
                                                  • API String ID: 0-3917262905
                                                  • Opcode ID: 2084cdeeb5692ccd1605928fc33e6ed64e87b02bf15440dded7d92b248288f3e
                                                  • Instruction ID: 4e203e9faf53de092def17e84e1b5929f078d2398b0e3e3b49951d0433bc9ab2
                                                  • Opcode Fuzzy Hash: 2084cdeeb5692ccd1605928fc33e6ed64e87b02bf15440dded7d92b248288f3e
                                                  • Instruction Fuzzy Hash: 7A41E531A2121A9FDB15DB74C4547AEB7B3FF85304F148529E40AEB381EB71A846CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 062CE190 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2334 62ce190-62ce1ab 2335 62ce1ad-62ce1d4 call 62cd344 2334->2335 2336 62ce1d5-62ce1f4 call 62cd350 2334->2336 2342 62ce1fa-62ce24a 2336->2342 2343 62ce1f6-62ce1f9 2336->2343 2348 62ce24c-62ce259 2342->2348 2349 62ce2ca-62ce2ec GlobalMemoryStatusEx 2342->2349 2355 62ce25f-62ce2c9 2348->2355 2356 62ce25b-62ce25e 2348->2356 2350 62ce2ee-62ce2f4 2349->2350 2351 62ce2f5-62ce31d 2349->2351 2350->2351 2355->2349
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232899987.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_62c0000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7a129bbc881a170c9fbc907c9412dfb0649ef86b0ed60c95a249c201105f05d6
                                                  • Instruction ID: 4fc124db6a800b0173ec6a5b9a97d4d8a2c9013d1f19e8d6a374fa72207b21b7
                                                  • Opcode Fuzzy Hash: 7a129bbc881a170c9fbc907c9412dfb0649ef86b0ed60c95a249c201105f05d6
                                                  • Instruction Fuzzy Hash: 69416671D143968FCB04CF68D8502EEBFF1AF89220F0586AAD849A7241DB389844CBD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 062CE278 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2359 62ce278-62ce2c9 2361 62ce2ca-62ce2ec GlobalMemoryStatusEx 2359->2361 2362 62ce2ee-62ce2f4 2361->2362 2363 62ce2f5-62ce31d 2361->2363 2362->2363
                                                  APIs
                                                  • GlobalMemoryStatusEx.KERNELBASE(8B550542), ref: 062CE2DF
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232899987.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_62c0000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID: GlobalMemoryStatus
                                                  • String ID:
                                                  • API String ID: 1890195054-0
                                                  • Opcode ID: 2b8b489d4573a1ccb29b6e04013f749b4bd5e55dd9a688dc31f6e461c4b516b9
                                                  • Instruction ID: 4015f081d3e4fcbcc761c75cc0bf7e6a041d95fca64ba2fe50d8336973efd2c6
                                                  • Opcode Fuzzy Hash: 2b8b489d4573a1ccb29b6e04013f749b4bd5e55dd9a688dc31f6e461c4b516b9
                                                  • Instruction Fuzzy Hash: 2311E2B1C1066A9BCB10DF9AC544B9EFBF4AF48320F15816AD818A7640D778A944CFE5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05203E74 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2366 5203e74-5203ee6 2369 5203f30-5203f32 2366->2369 2370 5203ee8-5203ef3 2366->2370 2372 5203f34-5203f8c 2369->2372 2370->2369 2371 5203ef5-5203f01 2370->2371 2373 5203f03-5203f0d 2371->2373 2374 5203f24-5203f2e 2371->2374 2381 5203fd6-5203fd8 2372->2381 2382 5203f8e-5203f99 2372->2382 2375 5203f11-5203f20 2373->2375 2376 5203f0f 2373->2376 2374->2372 2375->2375 2378 5203f22 2375->2378 2376->2375 2378->2374 2383 5203fda-5203ff2 2381->2383 2382->2381 2384 5203f9b-5203fa7 2382->2384 2391 5203ff4-5203fff 2383->2391 2392 520403c-520403e 2383->2392 2385 5203fa9-5203fb3 2384->2385 2386 5203fca-5203fd4 2384->2386 2387 5203fb5 2385->2387 2388 5203fb7-5203fc6 2385->2388 2386->2383 2387->2388 2388->2388 2390 5203fc8 2388->2390 2390->2386 2391->2392 2394 5204001-520400d 2391->2394 2393 5204040-5204052 2392->2393 2401 5204059-520408e 2393->2401 2395 5204030-520403a 2394->2395 2396 520400f-5204019 2394->2396 2395->2393 2398 520401b 2396->2398 2399 520401d-520402c 2396->2399 2398->2399 2399->2399 2400 520402e 2399->2400 2400->2395 2402 5204094-52040a2 2401->2402 2403 52040a4-52040aa 2402->2403 2404 52040ab-520410b 2402->2404 2403->2404 2411 520411b-520411f 2404->2411 2412 520410d-5204111 2404->2412 2414 5204121-5204125 2411->2414 2415 520412f-5204133 2411->2415 2412->2411 2413 5204113 2412->2413 2413->2411 2414->2415 2416 5204127-520412a call 5200ab8 2414->2416 2417 5204143-5204147 2415->2417 2418 5204135-5204139 2415->2418 2416->2415 2421 5204157-520415b 2417->2421 2422 5204149-520414d 2417->2422 2418->2417 2420 520413b-520413e call 5200ab8 2418->2420 2420->2417 2425 520416b-520416f 2421->2425 2426 520415d-5204161 2421->2426 2422->2421 2424 520414f-5204152 call 5200ab8 2422->2424 2424->2421 2429 5204171-5204175 2425->2429 2430 520417f 2425->2430 2426->2425 2428 5204163 2426->2428 2428->2425 2429->2430 2431 5204177 2429->2431 2432 5204180 2430->2432 2431->2430 2432->2432
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (
                                                  • API String ID: 0-3887548279
                                                  • Opcode ID: 14bdb570248a451c8ad72dc7955cdb21401f615b4700ce80067606604e978f86
                                                  • Instruction ID: f5beb8f5486e3c65925d8fa4b5db05250f6cc8c923bec21a4b4c860a8b14f60d
                                                  • Opcode Fuzzy Hash: 14bdb570248a451c8ad72dc7955cdb21401f615b4700ce80067606604e978f86
                                                  • Instruction Fuzzy Hash: F791AF70E1520ADFDF10DFA8C9857DEBBF2BF88304F149129E509A7295EB749846CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0520F3F5 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: PH]q
                                                  • API String ID: 0-3168235125
                                                  • Opcode ID: a2663a2354a7da329315256640919530594305a760bc18e4fd8759dea8cc012c
                                                  • Instruction ID: 91c05b2ae8998714f00275d6e6b3664a7d9a1c1f8cccbc7cb95ccf359e127549
                                                  • Opcode Fuzzy Hash: a2663a2354a7da329315256640919530594305a760bc18e4fd8759dea8cc012c
                                                  • Instruction Fuzzy Hash: 77312E307102028FDB29AB3496A4A6F3BE3BF89240F244538D40ADB396EF35DC46C791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05206F70 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LR]q
                                                  • API String ID: 0-3081347316
                                                  • Opcode ID: b4d75642ed6ba00ef7f96d4193937f4f17a2b5f3975119b1e89bc0181f3fe134
                                                  • Instruction ID: 44ca5999a0e82e311c5514a9d1819c013279c8c84d94fe33d9a540ebed4dd9b3
                                                  • Opcode Fuzzy Hash: b4d75642ed6ba00ef7f96d4193937f4f17a2b5f3975119b1e89bc0181f3fe134
                                                  • Instruction Fuzzy Hash: EB31A430E2121A9FDF14CF64C454BAEB7B3FF85300F249529E40AE7281EBB1A946CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05206B99 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LR]q
                                                  • API String ID: 0-3081347316
                                                  • Opcode ID: 2a557d1959ba8a62b632d161268d25955d3bcea8f02b05541f6e36d772e4ec00
                                                  • Instruction ID: 210f47a3d79701b27c6264367b577c5b1c2daab7de63643439887aa99a40acef
                                                  • Opcode Fuzzy Hash: 2a557d1959ba8a62b632d161268d25955d3bcea8f02b05541f6e36d772e4ec00
                                                  • Instruction Fuzzy Hash: 7E11C432714204AFC31AAB78C46436E7BF6EF8A714F1048AED116CB391DE75A8518791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05207903 Relevance: .6, Instructions: 551COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e493394c6182b1f988fa03560066bc9062e8199cd2bc7ececf6ebb1740a18581
                                                  • Instruction ID: 19c2e8344e18da9e647e86690c91b38cccedb028e4115c583796b38c587f0e7c
                                                  • Opcode Fuzzy Hash: e493394c6182b1f988fa03560066bc9062e8199cd2bc7ececf6ebb1740a18581
                                                  • Instruction Fuzzy Hash: 0712B1307212168BCB2DEB38E588A2837A7FF85714B544939E019CB3A5DF35EC46CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052096D8 Relevance: .4, Instructions: 355COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 25d89060dd42ab39e52d73148e6ccfe741096523024033a908a608b54ada3a37
                                                  • Instruction ID: 38c8cb107cc98403401a52253b1be538de0711f50b052165930e7101098dc274
                                                  • Opcode Fuzzy Hash: 25d89060dd42ab39e52d73148e6ccfe741096523024033a908a608b54ada3a37
                                                  • Instruction Fuzzy Hash: D7C1D371B112068FDB14CFA9D880BAEB7B2FF88310F148569D50ADB396DB70D885CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0520935C Relevance: .3, Instructions: 295COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a9427fbd5ac20d6b1006c4cf10fe306b447a1594ed64e873b6f44ff726b8c109
                                                  • Instruction ID: 2987ef9bc7f85a584c9f36b1f73fa27b2f1f605d3ff1e1399aabfe013aeac4bb
                                                  • Opcode Fuzzy Hash: a9427fbd5ac20d6b1006c4cf10fe306b447a1594ed64e873b6f44ff726b8c109
                                                  • Instruction Fuzzy Hash: 73B19F35B152158FCB18DFA4D584AADBBB2FF88310F158569E40AE73A6CB74DC82CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05204A8F Relevance: .3, Instructions: 260COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 42daec625eb9c21658748ec1f05fbcf06f12a96192c520aae820706fcfe5c776
                                                  • Instruction ID: 4374b01ca2a8d20d338ffbaa224c5b2f1a797171c434926f9e06f5a39050532d
                                                  • Opcode Fuzzy Hash: 42daec625eb9c21658748ec1f05fbcf06f12a96192c520aae820706fcfe5c776
                                                  • Instruction Fuzzy Hash: DDA19E70E1120A9FDF10EFA8C8857ADBBF2BF48314F14D129D519A7295EB749882CBC1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05204810 Relevance: .2, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d95a2a86244b242828697ec2b3b329187cda30500ecf15662c164e77cb349abb
                                                  • Instruction ID: c0db43fedc7cbe18ccdc183330ac7a5846a21a553ec729aab0b6a26e7796c639
                                                  • Opcode Fuzzy Hash: d95a2a86244b242828697ec2b3b329187cda30500ecf15662c164e77cb349abb
                                                  • Instruction Fuzzy Hash: 7471AD70E1121ACFDF10DFA9C884B9EBBF2BF88304F14C129E519A7294EB349841CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05204804 Relevance: .2, Instructions: 178COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 55f6f0d5718563479a7afc842abc0131af8f03fe2fde592900090edd8181e73f
                                                  • Instruction ID: e8fff1f050d1aa671331425a38681f598b7fa20ab24cdbe8fbee3a735a287aca
                                                  • Opcode Fuzzy Hash: 55f6f0d5718563479a7afc842abc0131af8f03fe2fde592900090edd8181e73f
                                                  • Instruction Fuzzy Hash: 2971AE70E1125ACFDF10DFA9C885B9DBBF2BF88314F14C129E519A7295EB349841CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05206CD4 Relevance: .1, Instructions: 133COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0ed7d3988600c53395a6f58760225e6ee767cc39f8b58eef7680448420bb969d
                                                  • Instruction ID: 84dbdd2331e0b49395169f297a092d8c5c0bda026d995ffdea003b7bd49800ee
                                                  • Opcode Fuzzy Hash: 0ed7d3988600c53395a6f58760225e6ee767cc39f8b58eef7680448420bb969d
                                                  • Instruction Fuzzy Hash: F3513670D212298FDB14CFA9C889B9DBBF1BF48304F14811AD81ABB392D774A845CF95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05206CE0 Relevance: .1, Instructions: 132COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 05f1cff7920577b9e1919bc08dc48752716c66f39eb4af888443fdf190c38568
                                                  • Instruction ID: c4270401f2fbb066a9830fff7dffa23f9c5ef8ee7a8294a4e5089f807306e096
                                                  • Opcode Fuzzy Hash: 05f1cff7920577b9e1919bc08dc48752716c66f39eb4af888443fdf190c38568
                                                  • Instruction Fuzzy Hash: E4512570D212298FDB14CFA9C889B9DBBF1BF48314F148129D81ABB391D774A845CF95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0520D19E Relevance: .1, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 869de2e482565c944985399b8db3eaa4a89fb88fdfdd92c835fa633c4680ac24
                                                  • Instruction ID: f82e42a14c1aef16ec14321728aee18eb1e110349773521f81b6469429ac6466
                                                  • Opcode Fuzzy Hash: 869de2e482565c944985399b8db3eaa4a89fb88fdfdd92c835fa633c4680ac24
                                                  • Instruction Fuzzy Hash: 3C41E275B01211AFDB05CF78D880E7A7BBAFF84304F148059E4059B29ACB35E843CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05201128 Relevance: .1, Instructions: 116COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ed1c11c7d70767d1dd8653726262400b29b07c4bf9c24cc33b9e6069b465aaf5
                                                  • Instruction ID: 98c214ceaecf47dac38d65d5d4ee1fa72aa0fed656c65af2ed50c64e8733b3e6
                                                  • Opcode Fuzzy Hash: ed1c11c7d70767d1dd8653726262400b29b07c4bf9c24cc33b9e6069b465aaf5
                                                  • Instruction Fuzzy Hash: 8B51C831522281CFCB09FF28F981B543F79BB993047089979D0519762EEB786D89DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05201138 Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 986807776181a7531034a3a8a8d1626b7618d9c61ff448e21a1212e7e5e136bd
                                                  • Instruction ID: 7ecd6060d896a0ef15a4bbef6e59b3671d1f3d7d826742275fb480a826e12bb0
                                                  • Opcode Fuzzy Hash: 986807776181a7531034a3a8a8d1626b7618d9c61ff448e21a1212e7e5e136bd
                                                  • Instruction Fuzzy Hash: 5851AA71522281CFCB09FF28F981A543F79FB953043089979D0419763EEB786D89DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0520F2B8 Relevance: .1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b260148bd98fa7c86f1965b340fa0a5a8656871cf239ea2bdbbb53568499daf6
                                                  • Instruction ID: 83ae20e842521a520215cc58473d836ccfdbc34e64f9ef13aa40b8c8a8ae62e7
                                                  • Opcode Fuzzy Hash: b260148bd98fa7c86f1965b340fa0a5a8656871cf239ea2bdbbb53568499daf6
                                                  • Instruction Fuzzy Hash: 7731B235E242168FCB18CF65D4946AEBBB2FF89310F108519E81AE7795DF70AC42CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052026DF Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 394f1138cfedf5ea1b34b764b8a13d5a5509a14674dd532cdc52ee9089dbcd58
                                                  • Instruction ID: cd2ec4e1b11815bce127c60940f03564c5af441b57c158dc1c22d34ec2da7a4b
                                                  • Opcode Fuzzy Hash: 394f1138cfedf5ea1b34b764b8a13d5a5509a14674dd532cdc52ee9089dbcd58
                                                  • Instruction Fuzzy Hash: 3E4101B4D11349DFDB14DFA9C584ADEBBF5FF48300F14842AE409AB254DB749945CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0520F2C8 Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7e1a71a01eed0e59f84d72aa401056d3162dcdeeaccfe9521026c9a35cadcf3f
                                                  • Instruction ID: 7e92227a533c8396d3dd09046cae009f4c849612f99c38ec36f0ada957c40d53
                                                  • Opcode Fuzzy Hash: 7e1a71a01eed0e59f84d72aa401056d3162dcdeeaccfe9521026c9a35cadcf3f
                                                  • Instruction Fuzzy Hash: E2319434E242169BCB29CF65D594AAEB7B2FF89310F10C519E81AE7395DF70AC42CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052026E8 Relevance: .1, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0cf5b65e15fd8f0f4c901179f75b68f8ae39813e51b1bdfcba26d605376a8d5d
                                                  • Instruction ID: 7dd662e0da6baff14decc1458e3971c43985ed21dae0753f38d493dcea4d67b5
                                                  • Opcode Fuzzy Hash: 0cf5b65e15fd8f0f4c901179f75b68f8ae39813e51b1bdfcba26d605376a8d5d
                                                  • Instruction Fuzzy Hash: C9410FB4D00349DFDB10DFA9C484ADEBFB5FF48310F20802AE809AB254DB75A949CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052050A8 Relevance: .1, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 800436158e1a5067af70e8cd0214b43828795cab54a71fe7bd2f380e56179f78
                                                  • Instruction ID: 6e3a7d68a1ea0e6821f21067a0c32645a54929ee863535a50f50005c9b333436
                                                  • Opcode Fuzzy Hash: 800436158e1a5067af70e8cd0214b43828795cab54a71fe7bd2f380e56179f78
                                                  • Instruction Fuzzy Hash: 39313A34B21216CFDB14EB74C9546AE77B6BF88244F100468D806EB7A6EF36DC41CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05205099 Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 10161c60dedbfd421ae9480b961a1340cb8dadfb7153150d1a9017fe2b8fd95e
                                                  • Instruction ID: fb7712338cd12e1d0edcd94c4bc793f17611657b44e17b795c9081f51f78a937
                                                  • Opcode Fuzzy Hash: 10161c60dedbfd421ae9480b961a1340cb8dadfb7153150d1a9017fe2b8fd95e
                                                  • Instruction Fuzzy Hash: 9C315A34B22216CFDB14EB74C9546AEB7B6BF48344F100468D806EB7A6EB36DC41CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05209247 Relevance: .1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6f0dabfe950ccbac48078b40846c7e05e7acf3e97c646cf77f8435fdce3c6845
                                                  • Instruction ID: 259cbdcda725fe8a0ebd8d0646b8901216ba0157cc92e678801d4b01839ba70e
                                                  • Opcode Fuzzy Hash: 6f0dabfe950ccbac48078b40846c7e05e7acf3e97c646cf77f8435fdce3c6845
                                                  • Instruction Fuzzy Hash: 0B318271E1520A9BDB09DFA4D49079EB7B2FF89300F54C515E406EB386DB709886CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05209258 Relevance: .1, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2622e98071854a18e4422b985e42cffe5af88f94855ca0098bf2fa595468073
                                                  • Instruction ID: 0322204fcf9294bdeded6ff05150c729288e66e904ca49f71794e1b4f08ce2a1
                                                  • Opcode Fuzzy Hash: a2622e98071854a18e4422b985e42cffe5af88f94855ca0098bf2fa595468073
                                                  • Instruction Fuzzy Hash: 0021A231E1420A9BDB09CFA4D480A9EF7B2FF85300F10C615E406EB286DB709886CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052016A3 Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: abaa8e447961b25286c958a25b6da15e013cab4aba37d14199557844819717d1
                                                  • Instruction ID: 17c851698380697897d99ca3469268a5e7cd09231e6951c106cc145ca0045671
                                                  • Opcode Fuzzy Hash: abaa8e447961b25286c958a25b6da15e013cab4aba37d14199557844819717d1
                                                  • Instruction Fuzzy Hash: 2C2130346211428BDB16FB28FC89B79376AFF45304F109625D009C72ABDB78DC55CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05209148 Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dbe4ec0177e58f5f5db103439814d886b173d7950ea83ccaf37de7c6ba988a2c
                                                  • Instruction ID: da386063479f68839b7d3b6eb1a19d08232fefd449fb8eac22fb94343a5dc8ae
                                                  • Opcode Fuzzy Hash: dbe4ec0177e58f5f5db103439814d886b173d7950ea83ccaf37de7c6ba988a2c
                                                  • Instruction Fuzzy Hash: 4F217431E152169BDB09CFA4C8546EDF7B2AF89300F10951AE816F7392DB709985CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0520137F Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5297a11a4f4b496b62c6cd4a93c825948f39e123cc6c8f19b9becb803e2550bf
                                                  • Instruction ID: 6de1f33359c767bb413ea725372bdc55ada4a185ac62c06155d3c2ce1d58f2ec
                                                  • Opcode Fuzzy Hash: 5297a11a4f4b496b62c6cd4a93c825948f39e123cc6c8f19b9becb803e2550bf
                                                  • Instruction Fuzzy Hash: 5421F370A322464BEB79A724E88EB3C3B66FF06311F541469E40AC72D6DA69CC94C742
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05204F8B Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 99a6c439ec4ecd8b0a7f8ed6eb665eb82bf482085759512597be2f986cbe7e74
                                                  • Instruction ID: a49c740db4dda293d5c7285c9bd5103f1bbb6f0e593b63b9a4e7aec80b25dc44
                                                  • Opcode Fuzzy Hash: 99a6c439ec4ecd8b0a7f8ed6eb665eb82bf482085759512597be2f986cbe7e74
                                                  • Instruction Fuzzy Hash: 33212835721209CFCB14EB68C958AAE77F2FF8D241B1044A8E406EB3A5DB729D00CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0115D030 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3229462490.000000000115D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0115D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_115d000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5c3493f8a23bf0a3fb5a76e7ac85d47205407326b985947498b8845e50f720b
                                                  • Instruction ID: 6e88c3a54ee9fc492c921e10e5a286983ad3cf6e6fde8ca81fc710c32e5fa19c
                                                  • Opcode Fuzzy Hash: f5c3493f8a23bf0a3fb5a76e7ac85d47205407326b985947498b8845e50f720b
                                                  • Instruction Fuzzy Hash: A1210071604204DFDF59DF98E980B26BBA5EB84314F20C569DD0A4A256C33AD447CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05201878 Relevance: .1, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 864d38406c79a797bf796077116e5c0ed201309347decefab3898a958041fc09
                                                  • Instruction ID: 8a13c8be9292176ff773750f23ab115895fb90a5dc733733abc86829b4bf1b0b
                                                  • Opcode Fuzzy Hash: 864d38406c79a797bf796077116e5c0ed201309347decefab3898a958041fc09
                                                  • Instruction Fuzzy Hash: C3217F30B25249CFEF14EB78C9597AE77B6BF49304F140469D406EB292EB358D10CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05209158 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fc939379649c197f47f004704b6c33dd60e7a43fe7089131c70001f7c31d6e76
                                                  • Instruction ID: 7aca94a8dcf493ab35e02140801aec7cc4121314816f7421f366ca1e115300f5
                                                  • Opcode Fuzzy Hash: fc939379649c197f47f004704b6c33dd60e7a43fe7089131c70001f7c31d6e76
                                                  • Instruction Fuzzy Hash: EE215031E1521A9BDB18CF64C8549DEF7B2BF89300F10D51AE816F7392DB709985CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05201888 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9ce46385492d64ea1b7dafd6da9e769395f922730b6623e8ad6ad1f33da7a280
                                                  • Instruction ID: dd1c4d473d9cfa4209637ed3bdcc11fa25ca38dbca2bee60838499337e5620e6
                                                  • Opcode Fuzzy Hash: 9ce46385492d64ea1b7dafd6da9e769395f922730b6623e8ad6ad1f33da7a280
                                                  • Instruction Fuzzy Hash: 94214C30B21209CFDF14EB68C9557AE77B6BF49344F100468D506EB795EB368D10CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0115D006 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3229462490.000000000115D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0115D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_115d000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9948bf1a6c34a601f974f0df8783deaaf499db9962dc31730ef0df05c18f6cf3
                                                  • Instruction ID: cba084de92e4be6cc27aa74470ea666c93e266b31f9c99a089e05a2f5d5f4b13
                                                  • Opcode Fuzzy Hash: 9948bf1a6c34a601f974f0df8783deaaf499db9962dc31730ef0df05c18f6cf3
                                                  • Instruction Fuzzy Hash: CF216B715093C0DFDB07CB64D990711BF71EB46214F29C5DBD8898B2A7C33A984ACB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052016B0 Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9dbf92e08bc9906f3d36e0c4aabcc685cce3750f5d9ea30142407a39f33cbacd
                                                  • Instruction ID: 7fc01ea561bde7c03429f330d8855effd7144d88334c29ea91f4c549cbf79c72
                                                  • Opcode Fuzzy Hash: 9dbf92e08bc9906f3d36e0c4aabcc685cce3750f5d9ea30142407a39f33cbacd
                                                  • Instruction Fuzzy Hash: 72212F346211424BDB26FB28FD88B79376AEF45304F109625D00AC72ABDB78DC55CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05204F98 Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4bb19256e35589810d36e06cfacf48d60e0749c766c26447a4fdb7b7963bcc0f
                                                  • Instruction ID: 3fec2ffccce208042f09446a185dca4dcfa5ac65785479aa89d50473343cd5da
                                                  • Opcode Fuzzy Hash: 4bb19256e35589810d36e06cfacf48d60e0749c766c26447a4fdb7b7963bcc0f
                                                  • Instruction Fuzzy Hash: 3A211634B11205CFCB18EB78C558AAE77F6BF8D341B1044A8E406EB3A5DB769D00CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05200848 Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ebc18b996a55de74bfca526e953420698fbb15355319d2de84d72b2fb5e2568
                                                  • Instruction ID: e8b6458dcbb8e1b7d4bd130cc64478e822f22852408a72ce257ea6965d8f963a
                                                  • Opcode Fuzzy Hash: 4ebc18b996a55de74bfca526e953420698fbb15355319d2de84d72b2fb5e2568
                                                  • Instruction Fuzzy Hash: 8A119030B322058BFF54AA79E44CB7E3696FF41214F90593AD00ACB2D2DA64CC858BC0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05201488 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e07299525d00e8a75ff13fcb672562b2f6c0c950c6092d9550f38d4917dbc8c
                                                  • Instruction ID: b16c663ecaf01e9a09c5d24a48d2238d8259d75862cbd771924ba1f0ea373a0e
                                                  • Opcode Fuzzy Hash: 2e07299525d00e8a75ff13fcb672562b2f6c0c950c6092d9550f38d4917dbc8c
                                                  • Instruction Fuzzy Hash: 5711CA31A222158FCF61EFB888582AD7BB1FF48310B141079D405E7382EB35C942C7D1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05200838 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9935e55a5ae054ba9a9b786b3ae7f1aa703669401db86ed7cb8f3c377b4ec98e
                                                  • Instruction ID: 1b3b57f03ea34b2cf8adbb9536fe5240c6024c86b30a86f878e4fb13bd2c0b98
                                                  • Opcode Fuzzy Hash: 9935e55a5ae054ba9a9b786b3ae7f1aa703669401db86ed7cb8f3c377b4ec98e
                                                  • Instruction Fuzzy Hash: CE11A731A322458BFF14A675E54CB7D3657FF41254F94553AD40ADB2C3DA64CC818BC1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052017C3 Relevance: .1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2620a8c481b06aa5141d4fa7b6866d8d173becc788812b06d21f7115ecd1654
                                                  • Instruction ID: a273ebbcee7cc9f8d86c2e203e903358614c33d42502b44ca45c5544de0a09d0
                                                  • Opcode Fuzzy Hash: a2620a8c481b06aa5141d4fa7b6866d8d173becc788812b06d21f7115ecd1654
                                                  • Instruction Fuzzy Hash: 9611C272B212159BDB10EB75AC4866E7EA5EF48620F140429E909D3381EA34C901C791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05201498 Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 21965307739a974627bd3c4851b2c7bdfa1aad884e5fab7d5b685c85d9d74314
                                                  • Instruction ID: 81a9dbaea7f57fa4cad07a0a3fb2eb09cd67ed88ca073f3c78d5129e1272fb54
                                                  • Opcode Fuzzy Hash: 21965307739a974627bd3c4851b2c7bdfa1aad884e5fab7d5b685c85d9d74314
                                                  • Instruction Fuzzy Hash: EF015E31A122158BCB21EFB888982AD7AB5BF48210B151479D80AEB282EB35D951CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052080E8 Relevance: .0, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e22d9fe90473f1a049b0818d7ab4b2f89e6616912e9819152d4b57991d27c06c
                                                  • Instruction ID: 4ef451d375b67de6e768cf71827ead29ae31ed9d3019c3451c0fe8f70a93faa6
                                                  • Opcode Fuzzy Hash: e22d9fe90473f1a049b0818d7ab4b2f89e6616912e9819152d4b57991d27c06c
                                                  • Instruction Fuzzy Hash: D9014F349202599FDB0AFBB4F984A9C7BB5EF40304F409279C408D7256EB356E09C791
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05201524 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bd2b6d5132848475ca818de622dfebff3c5528a84ed97a3c4ca118a322eab6a9
                                                  • Instruction ID: 848ac81e0b44b8d839d9b77b5b4a7c2b2daeabffdb0f9bcd2ddff8fcfd44873f
                                                  • Opcode Fuzzy Hash: bd2b6d5132848475ca818de622dfebff3c5528a84ed97a3c4ca118a322eab6a9
                                                  • Instruction Fuzzy Hash: 5DF0F632A261508BD722CBA48C982AC7FA1FE58321B5920D7C806DF2D2D765D512C751
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 05207088 Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1d8d0106ca1e29a929a852e7f138aa85452005ee82555da106a484c0936ce89c
                                                  • Instruction ID: 56b152eca5aa98377753342ba7e77a0ae89b664a96da5c0b378a0316b86ad944
                                                  • Opcode Fuzzy Hash: 1d8d0106ca1e29a929a852e7f138aa85452005ee82555da106a484c0936ce89c
                                                  • Instruction Fuzzy Hash: 69F01435B102088FCB14EB64E5A8B6C77B2FF88215F1440A8E50ADB3A0CF31AD42CB41
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 052080F8 Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.3232009327.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_5200000_Quotation - HDPE Fittings.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 920259e17250ef8f9b881e7faf3483fcb5be0a6d5239bf054e8ff5356ec304e0
                                                  • Instruction ID: 5766089d8c24333793d538a000a8d11613b4669b84823e1a51d2ba94922840a3
                                                  • Opcode Fuzzy Hash: 920259e17250ef8f9b881e7faf3483fcb5be0a6d5239bf054e8ff5356ec304e0
                                                  • Instruction Fuzzy Hash: 71F01D30A101199FCB09FFB4FA80A9D7BB9EF40208F508679C409DB259DB356E09CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%